Abstract

We present the concept and design of Dynamic Automated Metadata Exchange (DAME) in
Security Assertion Markup Language (SAML) based user authentication and authorization
infrastructures. This approach solves the real-world limitations in scalability of pre-exchanged
metadata in SAML-based federations and inter-federations. The user initiates the metadata
exchange on demand, therefore reducing the size of the exchanged metadata compared to
traditional metadata aggregation. In order to specify and discuss the necessary changes to
identity federation architectures, we apply the Munich Network Management (MNM) service
model to Federated Identity Management via a trusted third party (TTP); an overview of all
components and interactions is created. Based on this model, the management architecture of
the TTP with its basic management functionalities is designed. This management architecture
includes further functionality for automated management of entities and dynamic federations.

Links

• https://www.researchgate.net/publication/303564064_Management_Architecture_for_Dynamic_Federated_Identity_Management

Citation

Pöhn, D., Hommel, W., 2016. Management Architecture for Dynamic Federated Identity Management, Computer Science & Information Technology. https://doi.org/10.5121/csit.2016.60617