User centricity: A taxonomy and open issues

Abstract

User centricity is a significant concept in federated identity management (FIM), as it provides for stronger user control and privacy. However, several notions of user-centricity in the FIM community render its semantics unclear and hamper future research in this area. Therefore, we consider user-centricity abstractly and establish a comprehensive taxonomy encompassing user-control, architecture, and usability aspects of user-centric FIM. On the systems layer, we discuss user-centric FIM systems and classify them into two predominant variants with significant feature sets. We distinguish credential-focused systems, which advocate offline identity providers and long-term credentials at a user's client, and relationship- focused systems, which rely on the relationships between users and online identity providers that create short-term credentials during transactions. Note that these two notions of credentials are quite different. The further one encompasses cryptographic credentials as defined by Lysyanskaya et al. [30], the latter one federation tokens as used in today's FIM protocols like Liberty. We raise the question where user-centric FIM systems may go within the limitations of the user-centricity paradigm as well as beyond them. Firstly, we investigate the existence of a universal user-centric FIM system that can achieve a superset of security and privacy properties as well as the characteristic features of both predominant classes. Secondly, we explore the feasibility of reaching beyond user-centricity, that is, allowing a user of a user-centric FIM system to again give away user-control by means of an explicit act of delegation. We do neither claim a solution for universal user-centric systems nor for the extension beyond the boundaries of user-centricity, however, we establish a starting point for both ventures by leveraging the properties of a credential-focused FIM system. Copyright 2006 ACM.