Extension for information card systems to achieve User-Controlled Automated Identity Delegation

Abstract

The growing number of IT services in distributed systems is directly related to the security and privacy of personal data. User-centric federated identity management (FIM) attends to the privacy issue by enabling users to approve each data dissemination between the providers of identity-related information, so-called identity providers (IdPs), and the consumers of this information, the service providers (SPs). Furthermore, user-centric FIM tries to improve security and usability by providing users with a consistent digital-identity experience using so-called information cards (InfoCards). The InfoCard-based approach can help to improve usability, privacy and security, however, the approach is limited to front-channel communication and requires that each data exchange is manually approved by the user. A back-channel communication might be required in scenarios, in which an IdP wants to notify SPs about e.g. a deactivation of a user. In [3] we proposed an approach, named User-Controlled Automated Identity Delegation, that allows a back-channel communication by automating user approval based on delegation. In this paper we demonstrate the practicality of the approach in a real-world scenario by providing a performance evaluation conducted on a prototypical implementation.