An Attribute Assurance Framework to Define and Match Trust in Identity Attributes

Abstract

Identity federation denotes a concept for the controlled sharing of user authentication and user attributes between independent trust domains. Using WS-Federation, service providers and identity providers can set up a Circle of Trust, a so called federation, in which each member is willing to trust on assertions made by another partner. However, if a member has to rely on information received from a foreign source, the need for assurance that the information is correct is a natural requirement prior to using it. Identity assurance frameworks exist that can be used to assess the trustworthiness of identity providers. The result of this assessment is a level of trust, that can be assigned to an identity provider. However, existing approaches for evaluating identity assurance do not allow to define trust levels for individual attributes. In our trust model, we consider both: (a) trust in an identity provider as the issuer of assertions and (b) trust in single attributes that an identity provider manages. In this paper, we show how our approach that we implemented in a logic-based framework can be used in web service scenarios to provide trust information on the level of identity attributes, especially about the verification process, and to match trust requirements of attributes during request processing.