Article Preview
TopIntroduction
Nowadays, digital identity domains' increase exponentially. Hospitals, Libraries, Universities, Companies, Banks... those all makes part of organisms, which considered as entities. Moreover, every entity has its' unique identity. The digital representation of an entity is a digital identity. There are many examples of identities in the real world, even in the virtual. Yet, it becomes more than more sophisticated to unconnected those identities. Here authors define identity with an illustration of an entity with one signification used everywhere. As far as individuals have their identity card, which used in all places, even identity is the unique representation of an organism everywhere.
The transmission of identity information within different domains creates new issues about identity management. In this research, the authors propose to mention the users' interaction on the net, studying the exchange between entities with the support of identity management and the spread of the identities cross-domain. The enlargement of web services brings together many challenges on users' identity management. Due to the need of using those services deployed over the different technical environment, many identities should be retained to one user for having access to every service requested. This situation needs a deep reflection against identity security issues.
Therefore, identity management models have surfaced, each with its strengths and weaknesses, authors present them as following: Isolated model, which consider the implementation of a service provider (SP) and identity provider (IdP) in the same entity. A centralized model which outsources the identity management in one IdP, as the example of directory services. The user-centric model which makes the user at the center of communication by providing the ability to control his own IdP. Finally, the federated model that allows access among different security domain (L’Amrani, Berroukech, El Bouzekri El Idrissi, & Ajhoun, 2017).
The federated solution had proofed its ability of identity management without introducing services functionality. It is more flexible about identity management tasks. The greatest positives of the federated solution are about the performing sharing of identity information across security domains thanks to the trust circle among all entities cooperating in the federated solution.
Several use cases of the federation can be applied (authentication request, attributes request, single logout, etc.) according to the profile of need. Many technologies have been proposed in the federated approach such as SAML, WS-Federation, Shibboleth, Oauth, OpenAM, etc. The operating mode of the federation systems experience conflicts in communication and federation data exchange among these systems using heterogeneous technology.
In this paper, authors focused on the study of the interoperability aspect between federated systems specifically SAML and WS-Federation, all that, by analyzing the degree of exchange and negotiation of federation parameters of each technology. The authors define the interoperability concepts by the ability of two systems or more to communicate in a flexible way without the existence of any problem of no-comprehension within those systems. In this research, the aim is to guarantee the interoperability between federated platforms, beginning by an analysis of the interactions' problems of those systems, and ending by proposing a new approach as a solution to those issues. Our research aim at achieving full interoperability among federation platforms.
The rest of the paper is structured as follows: In the second section, here a discussion of the existing works on this topic. Then, a presentation of basic concept and the operating mode of FIM systems in Section 3. Thereafter, a focus on the main conflicts existing in FIM systems with discussing the interruption of the communication process by the fourth section. In Section 5, a discussion about interoperability existent scenarios. The sixth section presents reserchers approach proposed to deal with the negotiation parameter and federation data exchange. In the last section, the researchers conclude the paper and introduce their future works.