Daniela Pöhn and Wolfgang Hommel, Leibniz Supercomputing Centre, Germany

We present the concept and design of Dynamic Automated Metadata Exchange (DAME) in Security Assertion Markup Language (SAML) based user authentication and authorization infrastructures. This approach solves the real-world limitations in scalability of pre-exchanged metadata in SAML-based federations and inter-federations. The user initiates the metadata exchange on demand, therefore reducing the size of the exchanged metadata compared to traditional metadata aggregation. In order to specify and discuss the necessary changes to identity federation architectures, we apply the Munich Network Management (MNM) service model to Federated Identity Management via a trusted third party (TTP); an overview of all components and interactions is created. Based on this model, the management architecture of the TTP with its basic management functionalities is designed. This management architecture includes further functionality for automated management of entities and dynamic federations.

Federated Identity Management, SAML, Service Management, Management Architecture, Trust Management