IDENTIA? - AN IDENTITY BRIDGE INTEGRATING OPENID AND SAML FOR ENHANCED IDENTITY TRUST AND USER ACCESS CONTROL

摘要

Many companies and government agencies are facingrnconstant challenges of protecting vast information assetsrnfrom malicious access while providing end users withrnconvenient mechanism to share information. The keyrnenabler in meeting these challenges is to establish a robustrnand scalable Identity and Access Management (IdAM)rnsystem based on open standards. While OpenID-basedrnstandards have been embraced by many online servicernproviders, many believe that these implementations lackrnthe necessary confidence level in user identity trust andrninteroperability. On the other hands, SAML has been thernde-facto IdAM solution in the enterprise world due to itsrnrobustness and trust framework. However, for the mostrnpart, SAML lacks the flexibility and convenience inrnsupporting RESTful applications.rnAs the result of a SBIR research project funded byrnthe Air Force, IDentia is an open-source based productrnthat provides an online IdAM solution. It implements anrnidentity bridge that integrates the flexibility of OpenIDrnwith the robustness of SAML, enabling PKI basedrnauthentication and ABAC-driven authorization in thernenterprise environment. This paper introduces thernfundamentals and standards of the IdAM technology,rnidentifies the security limitations in the currentrnimplementations, and describes architecture design andrnimplementation of IDentia as a solution for enterprisernIdAM.