One of the main reasons is the problem of establishing trust relationships between independent parties—a problem inherent to open environments with multiple trust domains. In open environments, participants often do not know each other, but nevertheless require an existing trust relationship to perform critical transactions. Governments, commercial organizations, and academia alike have addressed this issue by providing better assurance guidelines for identity management. The outcome is a number of identity assurance frameworks that identify and cluster certain security criteria into levels of trust or levels of assurance (LoA). These approaches are described, compared, and assessed with regard to their role towards a reliable identity management across the Internet. Limitations are identified and trust levels for attributes are proposed as potential fields for further research.
TopIntroduction
Looking at the current online world, performing transactions as online banking, online shopping or communicating in social networks has become an inherent part of life. Hereby, personal, identity-related data plays a major role, since for many activities a service provider requires details about the identity of a user. Traditional approaches for identity management, like the application-centric or isolated model (cf. (Audun Jøsang, 2005)), require users to register with every single service and to re-authenticate each time they use a service in another trust domain. Over the time users register with several applications on the Internet and collect many digital identities together with their corresponding authentication credentials. This leads to a number of well-known problems. To name a few, users have for example difficulties to remember their passwords, and also bear a great burden to keep their account information up-to-date (cf. (Bertino, Martino, Paci, & Squicciarini, 2009), (Gail-Joon Ahn, Moo Nam Ko, & Mohamed Shehab, 2008)).
To overcome the limitations of the closed domain, open identity management models emerged as a way of sharing identity information across several trust domains in a controlled manner. The basic principle behind these new identity models is to manage and keep identity data in multiple trust domains, at so called identity providers, and to share this information with applications and services that are willing to rely on it. Hence, these applications and services are also called relying parties. Open protocols and standards as OpenID (The OpenId Foundation, 2007), Information Cards (OASIS, 2009) or WS-Federation (Lockhart, et al., 2006) already exist and form the backbone of the new models.
Nevertheless, the adoption of open identity management models has not set off tangibly, yet. The acceptance of the new models mainly depends on the willingness of services and applications to rely on information that they retrieve from foreign sources that are outside their own trust domain. Up to today, this willingness is very low. Each service provider usually forms an isolated identity domain. Looking at the reason, this development is little surprising. Organizations often have strict legal requirements and policies for the management and storage of user data. Moreover, a company’s user database constitutes often one of the most valuable assets of a company. Therefore, it is not surprising that organizations find it hard to give up this control and to rely on user information from a partner.
However, especially, with regard to the Internet, we can find many use cases that do not require a strong trust relationship to rely on identity attributes from someone else. Often the user can enter information into his account that does not require any verification. It really depends on what a digital identity is used for. If the user logs on to a site to prove on repeat visits that it is the same user, it does not matter whether his digital identity matches with his ”real- life identity” as long as it is always the same digital identity he uses to log on. Only if critical transactions are performed, as ordering an item or paying for a service, the integrity of provided user data is required to hold the user liable in case anything bad happens. Taking all these considerations into account, it becomes obvious that the willingness to believe in identity data from a foreign source is closely related to the trust level that is required by the transaction a user wants to perform. The more critical a transaction is, the more assurance into the identity of a user will be required by the relying party to accept identity data.
In order for relying parties to match the transaction requirements with those of their partners, proper assessment mechanisms for identity assurance are needed. In order to ease the process, identity assurance frameworks have been proposed and developed as a mean to define a global trust level that allows an immediate comparison between participants even though they might not know each other.