An architecture for privacy-aware inter-domain identity management

Abstract

The management of service oriented architectures demands an efficient control of service users and their authorizations. Similar to structured cabling in LANs, Identity & Access Management systems have proven to be important components of organizations' IT infrastructures. Yet, due to new management challenges such as virtual organizations, on-demand computing and the integration of third party services through composition, identity information has to be passed to external service providers; this decentralization inherently leads to interoperability and privacy issues, which existing management standards are not dealing with appropriately yet. We present an architecture, based on SAML, XACML and XSLT, which provides a tight integration of cross-organizational identity data transfer into the local provisioning business processes along with a policy-driven inter-domain privacy management system, and its implementation. © IFIP International Federation for Information Processing 2005.