Many service providers want to control access to their services and offerpersonalized services. This implies that the service provider requests andstores personal attributes. However, many service providers are not sure aboutthe correctness of attributes that are disclosed by the user duringregistration. Federated identity management systems aim at increasing theuser-friendliness of authentication procedures, while at the same time ensuringstrong authentication to service providers. This paper presents a new flexibleapproach for user-centric identity management, using trusted modules. Ourapproach combines several privacy features available in current federatedidentity management systems and offers extra functionality. For instance,attribute aggregation is supported and the problem of user impersonization byidentity providers is tacked.
展开▼