FedWare: Middleware Services to Cope with Information Consistency in Federated Identity Management

Abstract

Collaborations by the use of inter-organizational business processes can help companies to achieve a competitive edge over competing businesses. Typically, these collaborations require an efficient identity management (IdM) that ensures the authorized access to services in different security domains. The successful implementation of an IdM in distributed systems requires to cope with a diversity of systems and to manage the challenges of integration. While integration should not introduce an unnecessary degree of dependence and complexity, various IdM goals should be achieved by integration: in particular, collaboration-wide consistency of identity information. Due to its decentralized and modular design, a federated identity management (FIM) approach is a promising strategy in distributed systems. Our thesis is that the distributed character and heterogeneity of involved systems requires appropriate information-consistency mechanisms that go beyond what is offered by current FIM protocols and software in order to avoid inconsistencies in identity information. In this paper we identify causes leading to inconsistencies in FIM. We present requirements necessary to cope with the consistency issue and analyze research, FIM standards and protocols w.r.t. the stated requirements. An analysis showed that FIM does not consider the consistency issuesufficiently. However, we point out which parts can be used as building blocks to achieve information consistency. Therefore, we design a system – called FedWare – that combines identity-related middleware services with existing FIM technologies. To provide an efficient integration of systems, we reduce development effort by providing reusable services. By decoupling systems, e.g., via a publish/subscribe mechanism, we reduce operation effort.