KIT | KIT-Bibliothek | Impressum | Datenschutz

OCCASIO: an Operable Concept for Confidential and Secure Identity Outsourcing

Köhler, J.; Hartenstein, H.

While federated identity management separates service provisioning from identity provisioning, the identity provider is usually operated at the home organization of the identities. We address the challenge of outsourcing the entire identity provider with its user database to an untrusted external provider in a secure and privacy-preserving way. With this type of outsourcing, the home organization is no longer required to operate high availability infrastructure for access management. Instead, the home organization only needs to frequently attest that the identity data in the outsourced database is still up to date, a task that is much less demanding than providing access decisions whenever a user wants to make use of a service. In this paper we present Occasio, a concept that permits secure outsourcing of identity and access management to untrusted external providers. Occasio builds on concepts of outsourcing databases and particularly on Merkle Hash Trees. We show that Occasio matches all security requirements for operation in an untrusted environment. Furthermore, we demonstrate that Occasio can be easily integrated into the SAML standard. ... mehr

Zitationen: 1
Zugehörige Institution(en) am KIT Institut für Telematik (TM)
Steinbuch Centre for Computing (SCC)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2013
Sprache Englisch
Identifikator ISBN: 978-390188251-7
KITopen-ID: 1000034367
Erschienen in 2013 IFIP/IEEE International Symposium on Integrated Network Management, IM 2013; Ghent; Belgium; 27 May 2013 through 31 May 2013
Verlag Institute of Electrical and Electronics Engineers (IEEE)
Seiten 235-243
Nachgewiesen in Scopus
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page