IdentityTrust

 

IdentityTrust is a Java-based library that allows you to express trust criteria for identity providers and the attributes that they can assert in a fine granular and customizable way.

IdentityTrust is part of my PhD project at the Hasso-Plattner-Institute.


Project Home  I Download

Latest News

  1. 9th August 2011: Version 0.2

  2. We added a default verification classes ontology to describe the verification of attributes. An overview of this ontology can be found here.

  3. 1st August 2011: initial release, Version 0.1.
    Be aware, that working with rules has not been sufficiently tested, yet.


Description

Assuming that there is a list of trusted identity providers a relying party accepts tokens from, using the IdentityTrust library one can express not only which IPs are trusted, but also for what and why. An identity provider provided by the university and managing all registered students can for example assert in a reliable way, that a particular person is a student, because this information is hold inside the university’s records. An online shop might also have the same information, but maybe it was entered by the user and has therefore never been verified. Or the bank might have the same information, because the user showed his student card. IdentityTrust allows you to state these different trust information about the verification of attributes. Furthermore, it allows you to state further properties of identity providers. For example, a service provider might hold business relations to other business partners and therefore find it important to prefer to use for confidential transactions only those identity providers it has signed contracts with. In IdentityTrust, custom properties can  be defined, such as isABusinessPartner and used to describe identity providers.

All this knowledge is stored as knowledge base that can be queried and reasoned over. For example, if a transactions requires a verified credit card number from an identity provider that is part of the same federation, IdentityTrust will find suitable candidates.


Usage Example

Define known identity providers

   

Store knowledge about known identity providers as fact in a knowledge base

  

Add relations between identity providers, the attributes they can assert and the verification of these attributes

  

  

Customize  predicates to express your own assessment criteria

   

Query the knowledge base, e.g. find all identity providers that verified the attribute isStudent during registration of a user

   


Contact

       ivonne.thomas at hpi.uni-potsdam.de




 

Last update: 9th August 2011