User-Centric Identity Management Architecture Using Credential-Holding Identity Agents

Abstract

The pervasive use of digital identities in today’s cyberspace has led to an increasing interest in the area of identity management. Recently proposed user-centric identity management systems have accomplished higher-level of user control over online identity credentials. However, while the lack of a central authority that governs the entire system requires users to be responsible for their own digital identity credentials, the existing user-centric identity management systems still have problems in terms of security, privacy, and system availability. In this chapter, we present an identity management architecture that addresses these problems. Our scheme relies on user-controlled identity agents. Identity agents realize fine-grained control over online identity disclosure by using a minimal-disclosure identity credential scheme and also improve users’ awareness over their credential usage via an identity-usage monitoring system that includes a real-time risk scoring mechanism. A proof-of-concept implementation is shown and evaluated in terms of security, user-centricity, and performance.