Many service providers want to control access to their services and offer personalized services. This implies that the service provider requests (and stores) personal attributes. However, many service providers are not sure about the correctness of attributes that are disclosed by the user during registration. Federated identity management systems aim at increasing the user-friendliness of authentication procedures, while at the same time ensuring strong authentication to service providers. This paper presents a new flexible approach for user-centric identity management, using trusted modules. Our approach combines several privacy features available in current federated identity management systems and offers extra functionality. For instance, attribute aggregation is supported and the problem of user impersonization by identity providers is tackled.

• 出版日期2013-4