|
The use of semantic technology in the identity management metasystem can facilitate information integration and inference, and application interoperability.
Information integration
In line with a user-centric focus, the architecture of the identity management metasystem makes it possible for the identity providers to work on a single view of each entity's digital identity, which is built by adding the different digital identities that the entity has in different repositories. To achieve this, the use of semantic technologies (ontologies) is seen as essential for representing identity because its capacity to express relations between data resources provides greater information integration (and therefore use) than by just defining a syntactically-abstract structure of the global view (e.g., XML or XSD).
Safelayer's interest in this area centers around the recommendation and definition of the ontologies for expressing identity and the security and trust concepts; principally, those related to authentication processes and certification policies. Additionally, with the aim of exploiting in a portable and extendible manner the integration capabilities that come with having a global and semantic view of user identities (for example, via the Security Token Service), Safelayer is studying, experimenting with, evaluating and defining an identity-attribute access service that is represented using these views.
Information inference
Thanks to the ontologies (OWL) and the definition of rules in semantic languages (SWRL), the functions of the reasoning tools can be exploited and queries can be launched (SPARQL) for getting information that is explicitly contained in a database or that can be deduced from the information in one. Safelayer believes that semantic technologies can be of great use in getting identity attributes that are not explicitly registered in any repository, discovering implicit trust relations between entities and making authorization decisions based on identity attributes (Attribute Based Access Control).
As well as experimenting with different knowledge representation technologies (RDF, OWL, SPARQL, SWRL), Safelayer has evaluated reasoners for inferring information (Jena, Pellet, Racer, FaCT++, Kaon2) to determine the possible practical applications for identity management, access control and trust development.
Global interoperability
So any two systems can discover each other's security policies and agree on the identity attributes to be exchanged, the type of Security Token that they must contain, how (or via which intermediaries) to establish the trust relation, etc., ontologies must be used that model the information in this domain so all the available information can be used (identities, policies): not just that attained through explicit data requests, but also data inferred by reasoning.
Safelayer is experimenting with different semantic technologies for describing Web services (OWL-S) and their security policies (KAoS, REI). |
