Fidelity: Federated Identity Management Security based on Liberty Alliance on European Ambit

• Published in: ISSE 2006 Securing Electronic Business Processes pp. 161 - 167
• Main Authors: Medina, Manel, Colomer, Miquel, Polo, Sandra Garcia, de Poorter, Antoine
• Format: Book Chapter
• Language: English
• Published: Germany Springer Vieweg. in Springer Fachmedien Wiesbaden GmbH 2006; Vieweg
• Subjects: Access Control Policy; Service Level Agreement; Smart Card; Telecom Operator; User Identification
• ISBN: 9783834802132; 3834802131
• DOI: 10.1007/978-3-8348-9195-2_17

On the Federated Digital Identity ambit, the Fidelity project will put in practice a system defined by Liberty Alliance specifications into a pan-European context, focusing on solving the problems that can be found in an international environment, and that can be subject to regulation(s) addressing the user data confidentiality. Currently, user identification and authentication are the key enablers for Internet business but until now the user’s personal information and authentication remain inside the organization’s boundaries. To solve this problem, the Liberty Alliance Project (LAP) has defined a Federated Identity Management environment that allow independent service/attribute providers, to hold user attributes relevant to the service they provide, to the end-user meeting always the personal data protection legal requirements. LAP proposes the creation of Circles of Trust (CoT), which associate identity and service providers, through the adequate service agreements, allowing them to share user information. The Fidelity Project implements an interoperability proof of concept in a pan-European context of the Liberty Alliance protocols and framework by setting up 4 CoT in four different EU countries. Each CoT is led by a telecom operator and has access to all the users’ attributes. This environment will allow testing the federation of identities and the sharing of the users’ attributes by different services with different authentication levels. This approach is opposite to the one proposed by other service providers that try to concentrate all the user information in a single server, which is not quite appropriate in Europe, where there will be thousands of potential service and identity providers, that should share user attributes, with explicit consent in some cases. The members of the Fidelity Project have strong liaisons with Liberty Alliance Project members, to allow the incorporation of the Fidelity results into new versions of the LAP protocols and framework implementation guidelines. The project will also define codes of practice for the security policies and service level agreements amongst the partners, as well as the testing methodology of the Liberty Alliance protocols implementations.