Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management
Requirements Analysis
In the following, we list the general requirements for the scenario described above:
On a local domain level, the identity provider should be able to check the status (e.g. the trustworthiness) of the platform to which a new identity credential has to be granted. This would allow him to authenticate and authorize a new user based on the ability of his platform to preserve the granted identity credential from theft (voluntary handing over can also be considered, but it needs more sophisticated technologies such as support of biometric identification in the device).
The identity provider should be able to issue a trusted ticket that can be securely validated by service providers in the same domain. The service providers should be able to check if the identity provider is trustworthy, and if it is allowed to grant such credentials in this domain. This requires the credentials themselves to include information reflecting the status of the identity provider’s system at the time when the credential was issued. Typically, such information should be in the form of integrity measurements which could be compared with reference values.
For cross-domain validation of credentials, the identity provider should be able to issue credentials that would be valid in other identifier domains (i.e trusted by service providers outside their domains). For that, the service providers should be able to check the trustworthiness of the corresponding identity provider outside the domain, and whether this identity provider is allowed to grant credentials that are valid in the service provider’s domain.
31 / 38 |