Enhanced entity authentication based on aggregated attributes |
|
Aggregating attributes from multiple attribute authorities may be needed in order to enable a relying party to enhance its trust in the identity of a party. The aggregation can be regarded as having to deal with a collection of globally unique identifiers, which is common across all attribute authorities. Practically, entities do not have a global identifier but have different entity identifiers and attributes assigned by their various identity service providers (IdSPs).
To address the attribute aggregating problem in this scenario, the concept of identity federation is used. For example, if an e-book store plans to have a sale for seniors, the store has to be given the aggregated set of attributes (credit card and age bracket) from two IdSPs, but without the IdSPs knowing about each other's involvement. In standard federated identity management, an entity can only provide attributes from one identity, but this transaction requires attributes from two. There are several identity federation methods such as security assertion markup language (SAML), Shibboleth [b-Shibboleth], open identity (OpenID), and open authentication (OAuth), etc.
Recommendation ITU-T X.1258 introduces the concept of attribute aggregation to allow an entity to aggregate attributes from multiple IdSPs. Attribute aggregation is the mechanism of collecting attributes of an entity retrieved from multiple identity service providers. Attribute aggregation is needed to aggregate the attributes dynamically on demand. IdSP can realize the aggregation request when an entity wants to get a service. Further on, an entity-centric attribute aggregation mechanism could also be applied to the authentication for mitigating privacy leakage.
|
|
Citation: |
https://handle.itu.int/11.1002/1000/12850 |
Series title: |
X series: Data networks, open system communications and security X.1200-X.1299: Cyberspace security X.1250-X.1299: Identity management (IdM) and Authentication |
Approval date: |
2016-09-07 |
Provisional name: | X.eaaa |
Approval process: | TAP |
Status: |
In force |
Maintenance responsibility: |
ITU-T Study Group 17 |
Further details: |
Patent statement(s)
Development history
|
|
|
Ed. |
ITU-T Recommendation |
Status |
Summary |
Table of Contents |
Download |
1
|
X.1258 (09/2016)
|
In force
|
here
|
here
|
here
|
|
ITU-T Supplement
|
Title
|
Status
|
Summary
|
Table of contents
|
Download
|
X Suppl. 7 (02/2009)
|
ITU-T X.1250 series – Supplement on overview of identity management in the context of cybersecurity
|
In force
|
here
|
here
|
here
|
Title |
Approved on |
Download |
Guidelines for identity-based cryptosystems used for cross-domain secure communications
|
2023
|
here
|
Overview of hybrid approaches for key exchange with quantum key distribution
|
2022
|
here
|
Guidelines for security management of using artificial intelligence technology
|
2022
|
here
|
Unified Security Model (USM) – A neutral integrated system approach to cybersecurity
|
2020
|
here
|
Successful use of security standards (2nd edition)
|
2020
|
here
|
Description of the incubation mechanism and ways to improve it
|
2020
|
here
|
Strategic approaches to the transformation of security studies
|
2020
|
here
|
|