this paper describes a dynamic authentication (AuthN) and authorization (AuthZ) (DAA) scheme based upon a virtual identity concept, as defined in the EU IST integration project Daidalos, in order to protect users’ privacy and the integrity of their personal information. For multiple inter-domains, the federation concept is introduced, which states the trust relationship among different domains at different levels. A common framework to coordinate AuthN, AuthZ and users’ personal information across different domains is established. The AuthN and AuthZ processes are clearly separated and implemented via SSO (Single Sign On). The Diameter protocol is used to exchange SAML assertions and AuthZ policy statements across domains and different AAA (AuthN, AuthZ and Accounting) solutions to realize service grouping management. A bootstrapping approach is used to ensure security of users’ personal information
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
ETSI TS 282004: TISPAN, NGN functional architecture: Network attachment sub-system (NASS) Version: 1.1.1, 2006–06.
3GPP TS 33980, Interworking of Liberty Alliance Identity Federation Framework (ID-FF), Identity Web Services Framework (ID-WSF) and Generic Authentication Architecture (GAA), version: 7.2.0, 2006–09.
3GPP TS 33220, Generic Bootstrapping Architecture (GBA), version: 7.5.0, 2006–09.
Daidalos IST Project: http://www.ist-daidalos.org.
Daidalos deliverable, D341, “Architecture and design: A4C, security and privacy framework”, 2006–12.
Marco Carugi, Identification requirements in NGN, Identity workshop of ITU, 2006–12.
Zhikui Chen, “A Scenario for Identity Management in Daidalos”, IEEE CNSR 2007, Canada.
Olivereau, A.; Gomez Skarmeta, A.F.; Marin Lopez, R.; Weyl, B.; Brandao, P.; Mishra, P.; Ziemek, H.; Hauser, C., “An Advanced Authorization Framework for IP-based B3G Systems”. Proceedings of the 14th IST Mobile & Wireless Communications.
Aguiar, R.L.; Jaehnert, J.; Gomez Skarmeta, A.F.; Hauser, C., “Identity Management in Federated Telecommunications Systems”. Proceedings of the Workshop on Standards for Privacy in User-Centric Identity Management 2006, Zurich, 2006.
Fitzgerald, W.; Doolin, K.; Mahon, F.; Gomez Skarmeta, A.F.; Butler, S.; Schlosser, P.; Weyl, B.; Hauser, C.: “Daidalos Security Framework for Mobile Services”. Proceedings of eChallanges 2005, Ljubljana, 2005.
Daidalos deliverable, D321, “Architecture and Design: Interdomain and federation concepts”, 2006–12.
B. Weyl, P. Brandao, A. F. Gomez Skarmeta, R. M. Lopez, P. Mishra, C. Hauser, H. Ziemek, “Protecting Privacy. of Identities in Federated Operator Environments”, IST-4th Wireless Mobile Summit 2005.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer
About this chapter
Cite this chapter
Chen, Z. (2007). Federated Dynamic Authentication and Authorization in Daidalos. In: Labiod, H., Badra, M. (eds) New Technologies, Mobility and Security. Springer, Dordrecht. https://doi.org/10.1007/978-1-4020-6270-4_28
Download citation
DOI: https://doi.org/10.1007/978-1-4020-6270-4_28
Publisher Name: Springer, Dordrecht
Print ISBN: 978-1-4020-6269-8
Online ISBN: 978-1-4020-6270-4
eBook Packages: EngineeringEngineering (R0)