IdentityTrust
IdentityTrust
IdentityTrust is a Java-based library that allows you to express trust criteria for identity providers and the attributes that they can assert in a fine granular and customizable way.
IdentityTrust is part of my PhD project at the Hasso-Plattner-Institute.
Latest News
✦9th August 2011: Version 0.2
We added a default verification classes ontology to describe the verification of attributes. An overview of this ontology can be found here.
✦1st August 2011: initial release, Version 0.1.
Be aware, that working with rules has not been sufficiently tested, yet.
Description
Assuming that there is a list of trusted identity providers a relying party accepts tokens from, using the IdentityTrust library one can express not only which IPs are trusted, but also for what and why. An identity provider provided by the university and managing all registered students can for example assert in a reliable way, that a particular person is a student, because this information is hold inside the university’s records. An online shop might also have the same information, but maybe it was entered by the user and has therefore never been verified. Or the bank might have the same information, because the user showed his student card. IdentityTrust allows you to state these different trust information about the verification of attributes. Furthermore, it allows you to state further properties of identity providers. For example, a service provider might hold business relations to other business partners and therefore find it important to prefer to use for confidential transactions only those identity providers it has signed contracts with. In IdentityTrust, custom properties can be defined, such as isABusinessPartner and used to describe identity providers.
All this knowledge is stored as knowledge base that can be queried and reasoned over. For example, if a transactions requires a verified credit card number from an identity provider that is part of the same federation, IdentityTrust will find suitable candidates.
Usage Example
Define known identity providers
Store knowledge about known identity providers as fact in a knowledge base
Add relations between identity providers, the attributes they can assert and the verification of these attributes
Customize predicates to express your own assessment criteria
Query the knowledge base, e.g. find all identity providers that verified the attribute isStudent during registration of a user
Contact
ivonne.thomas at hpi.uni-potsdam.de
Last update: 9th August 2011