You are here: Resources > FIDIS Deliverables > HighTechID > D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management > 

D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management

Architecture  Title:
 Recommendations and Future work


Advantages and Disadvantages

The main advantage of the approach described in the previous section is that the changes to the original architecture of the IdM system are not overwhelming. The integration of a TPM as hardware ship in the Identity Provider’s system is practically possible. Still, the protocols to be developed should be able to produce a special identity credential with a specific format that could be parsed by the Service Providers. This Trusted Ticket should typically include an attribute statement for the status information. The latter requires the TPM’s PCR values, in addition to the AIK credential itself which is used to sign the status information. 

The integration of the Privacy-CA role is also possible since it has been specified by the TCG. This will avoid adding a PKI system to provide cross certifications between Identifier Domains. As the infrastructure is already specified by the TCG, the costs of cross certification are surely reduced, despite the need for developed algorithms for handling the special identity credentials both at the Identity and Service Providers sides. 

The issue of scalability of the trusted infrastructure remains a problem, since the Privacy-CA should be reachable by all Identity Providers in order for those to obtain AIK credentials. The singularity of the Privacy-CA is essential in order to establish the trust across Domains. 



Architecture  fidis-wp3-del3.9_Study_on_the_Impact_of_Trusted_Computing_on_Identity_and_Identity_Management_v1.1.sxw  Recommendations and Future work
33 / 38