Desired Properties of a Federated Identity Management System

4. Desired Properties of a Federated Identity Management System

1. Privacy. Authentication methods should preserve individuals privacy, and enforce a “need to know principle” when requiring identifiers, so that only the identifiers actually required to access a service should be submitted to the SP.

2. Efficiency. The authentication methods should be efficient and require a limited number of message rounds between the SP and the user.

3. Robustness. The federation protocols should be robust, in the sense that even if an adversary is able to get the value of the strong identifiers, it should not be able to impersonate the victim in the federation.

4. Usability. As usability is one of the main aims of federations, the increased security features should not require individuals to be overloaded with computational expensive operations or require them to be involved in the authentication operations more complex or longer than in the traditional federated identity systems. Any solution disrupting such simple mechanism would not be adopted.

5. Accountability. Accountability of an individual’s actions must be ensured. It must be possible to correlate individuals with actions or events. The system itself should be accountable with respect to the use of identity attributes; individuals should be able to determine how their information has been used within the federation.

6. Validity of identity information. Although identity certificates can only be validated by checking with actual issuers that can be outside the federation, the system should be able to detect identity theft based on the information available within the federation.