Paper Info
Title
A Role-Based Architecture for Seamless Identity Management and Effective Task Separation
Abstract
Today's on-line end user experience is compromised by the need for managing multiple redundant identities for access to various services - such as email accounts, in order to ensure a clear separation of tasks that users perform in different capacities. Approaches based on Single Sign On (SSO) have focused on the provision of interoperability and trust management solutions required to allow users to log in once and use multiple on-line services. In this paper, we argue that Single Sign On provides neither adequate privacy preservation nor sufficient fine-grained separation of tasks, as it requires that a user performs all tasks - whether e.g. personal or professional - using the same identity. We propose Identity and Role Management (IRM), a new approach to identity management, combining the benefits of SSO and user-centric frameworks: it allows a user to be authenticated as conveniently as with SSO, to still achieve an effective separation of tasks she performs in different capacities through the use of different roles, and to retain full control of her private and sensitive data. Additionally, it facilitates fine-grained service customisation, supporting a personalised on-line experience. Our experiments with real users demonstrate the effectiveness, transparency, and user acceptance of our solution.
Year
DOI
Venue
2007
10.1007/978-0-387-72367-9_25
International Federation for Information Processing
Keywords
Field
DocType
user experience,identity management
Single sign-on,World Wide Web,Authentication,End user,Interoperability,Computer science,Login,Identity management,Identity provider,Access control
Conference
Volume
ISSN
Citations 
232
1571-5736
0
PageRank 
References 
Authors
0.34
9
4
Name
Order
Citations
PageRank
Evangelos Kotsovinos136122.80
Ingo Friese200.34
Martin Kurze36411.30
Jörg Heuer48716.24