Towards a formal framework for distributed identity management

Abstract

In this paper, we propose a framework for identity management in a distributed environment. In addition to achieving convenience, which is the primary objective for identity management in most related work, we believe that user privacy and controlled information disclosure are equally important. Therefore, we look beyond the so-called single-sign-on (SSO) suitable mainly for a federated environment because the requirement that a trust relationship be established between network applications and services so that a central authority can act on behalf of the applications and services in identity management and access authorization is not practical in the Internet where distributed control and management is the mainstream. We show how convenience can be achieved without the requirement for such a central authority in our framework. We also show how multiple identities can be managed for users to access network applications and services and how users can control the disclosure of identity information and hence ensure their privacy. Consequently, the framework can serve as the foundation for the development of the next generation of network identity management systems that are both practical and flexible. © Springer-Verlag Berlin Heidelberg 2005.