A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management

Alexandre B. Augusto (University of Porto, Portugal) and Manuel E. Correia (University of Porto, Portugal)
DOI: 10.4018/978-1-5225-0159-6.ch019
OnDemand PDF Download:


The massive growth of the Internet and its services is currently being sustained by the mercantilization of users' identities and private data. Traditional services on the Web require the user to disclose many unnecessary sensitive identity attributes like bankcards, geographic position, or even personal health records in order to provide a service. In essence, the services are presented as free and constitute a means by which the user is mercantilized, often without realizing the real value of its data to the market. In this chapter the auhors describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a digital identity architecture designed from the ground up to be user centric. OFELIA is an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users' identity attributes to offer a highly versatile set of identity services but relies instead on having those attributes distributed among and protected by several otherwise unrelated Attribute Authorities. Only the end user, with his smartphone, knows how to aggregate these scattered Attribute Authorities' identity attributes back into some useful identifiable and authenticated entity identity that can then be used by Internet services in a secure and interoperable way.
Chapter Preview

1. Introduction

The explosive growth of the Internet is accelerating the migration of essential real world and monetary infrastructures to the virtual world, with digital identity playing a central catalyzing role for this societal transformative process. Arguably, the digital world is radically different from the real world, but there are some essential concepts that are readily transposed. Very much like in the physical world, in the Internet we have people interacting with other people and non-human computerised entities, under highly diverse situations. In the real world, people behave rather differently when they are at work, in the grocery store or at the gym, where they assume different roles in the face of different contextual situations. This essential social ability to contextually change the way we relate with others is what must be transposed from the physical world to the Internet every time we try to dematerialise societal real world processes to the virtual world.

A digital Identity can thus be readily defined has the “set of characteristics that uniquely describes a digital subject or entity and its relations with other entities or digital subjects in a virtual world.” A digital subject, or entity, is therefore something, not necessarily human, that makes a request in order to access a particular resource (a Web page, an item from a database…) and is composed by a set of personal data attributes that in some sense characterizes that person or entity, usually referred to as a “user.” The subset of personal data attributes needed for a specific role (or “user”) depends on the situation and context at hand and is usually referred to as an identity persona (Baden, Bender, Spring, Bhattacharjee, & Starin, 2009). The association between an identity persona and a user is done by the means of an authentication process that can also be conducted by an Identity Management System (IdMS) (Hai-Binh & Bouzefrane, 2008).

Digital identity management systems, like their real world analogues, are essential in ensuring that a network infrastructure is capable to scale and meet the basic interoperable expectations and functionalities concerning security, privacy and reliability that emerge every time there is a need to plan and deploy a well engineered Internet service.

Complete Chapter List

Search this Book: