OFELIA - A Secure Mobile Attribute Aggregation Infrastructure for User-Centric Identity Management

  title={OFELIA - A Secure Mobile Attribute Aggregation Infrastructure for User-Centric Identity Management},
  author={Alexandre B. Augusto and Manuel Eduardo Correia},
Personal mobile devices with real practical computational power and Internet connectivity are currently widespread throughout all levels of society. This is so much so that the most popular of these devices, the smart phone, in all its varied ubiquitous manifestations is nowadays the de facto personal mobile computing platform, be it for civil or even military applications. In parallel with these developments, Internet application providers like Google and Facebook are developing and deploying… 
A Mobile-Based Attribute Aggregation Architecture for User-Centric Identity Management
It is crucial to promote the development of standardised interoperable systems that enable the user-centric management of private information and help secure users basic right for privacy.
Personal mobile services
Performance evaluation results show that the publication and discovery through contact lists are efficient and that service announcements and discovery requests can reach a huge number of users in a few seconds, supporting a conclusion that resources-constrained devices can collaborate to carry out functionalities beyond the ability of their resources limitations.
Using Probabilistic Attribute Aggregation for Increasing Trust in Attribute Assurance
A novel attribute aggregation method to reduce the reliance on one identity provider and devise a service provider specific web of trust that constitutes an intermediate approach bridging a global hierarchical model and a locally decentralized peer to peer scheme.
A potpourri of authentication mechanisms the mobile device way
A survey on the current state of the art in alternative authentication mechanisms regarding access and authentication against the traditional login and password scheme by the usage of the mobile devices and their properties is performed.
A Mobile Based Authorization Mechanism for Patient Managed Role Based Access Control
A discretionary online access rights management mechanism based on the Role Based Access Control (RBAC) model is proposed that takes advantage on the personal/technical characteristics and data communications capabilities of the smartphone in order to provide patients with the means by which they can conveniently exercise safe discretionaryOnline access permissions to their own EHR.
Research on the Simulation of Face Terminal Identification under the Network Security of Mobile Devices
A face terminal recognition method based on face detection and recognition and a sample set placed in the memory of mobile device is selected and shows that the proposed authentication method can fully realize the recognition of mobile devices.
Can Transparency Enhancing Tools Support Patient's Accessing Electronic Health Records?
Patients that access their health records take more care of their health and, when in therapy, commit more seriously to improve their condition. This leads to a more effective and more efficient
Envisioning secure and usable access control for patients
The design of an access control visual application that offers patients a secure, controlled and easy access to their EHR is proposed and discussed.


OpenID 2.0: a platform for user-centric identity management
The OpenID framework is emerging as a viable solution for Internet-scale user-centric identity infrastructure that supports both URLs and XRIs as user identifiers, uses Yadis XRDS documents for identity service discovery, adds stronger security, and supports both public and private identifiers.
Persona: an online social network with user-defined privacy
This work presents Persona, an OSN where users dictate who may access their information, and describes an implementation of Persona that replicates Facebook applications and shows how Persona provides the functionality of existing online social networks with additional privacy benefits.
User Centric Identity Management
This paper takes a new look at identity management, and proposes solutions that are designed to be cost effective and scalabl e from the users’ perspective, while at the same time being compatible with traditional identity manag ement systems.
Cross‐domain authorization for federated virtual organizations using the myVocs collaboration environment
The experiences building and working with the reference implementation of myVocs (my Virtual Organization Collaboration System) are described, finding that a Shibboleth deployment supporting VOs requires the addition of a new VO service component allowing VOs to manage their own membership and control access to their distributed resources.
A conceptual model for attribute aggregation
Authorisation Using Attributes from Multiple Authorities
  • D. Chadwick
  • Computer Science
    15th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'06)
  • 2006
This paper provides a model and protocol elements for linking AAs, service providers and user attributes together, under the sole control of the user, thereby maintaining the user's privacy.
The OAuth 1.0 Protocol
OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end- user). It also provides a process for end-users to authorize third-
Extensible Messaging and Presence Protocol (XMPP): Core
This document defines XMPP's core protocol methods: setup and teardown of XML streams, channel encryption, authentication, error handling, and communication primitives for messaging, network availability ("presence"), and request-response interactions.
Business models for networked media services
A generic value network is derived for service offerings enabled by an enabling service platform for cross-domain networked services and it is found that different business configurations may arise, i.e. different mappings of actors on, as well as clusters of business roles.
Authorisation using Attribute from Multiple Authorities - A Study of Requirements
This paper presents the results of a survey of requirements for attribute aggregation in authorisation systems, gathered from an international community of security professionals. It then analyses