Facing the password dilemma

A digital identity comprises a limited set of attributes of a ”real-life identity” that characterizes a person or organization. Such an attribute can be a name, an affiliation or a credit card number. In decentralized environments such as service-oriented architectures or the Internet, a person often holds a multitude of digital identities, one with each system it interacts with.

As this number is increasing, the management of digital identities and associated authentication credentials is cumbersome for most computer users and bears significant security risks. Users do not only have difficulties to remember their passwords, they also bear a great burden to keep their account information up-to-date.

In our research, we are investigating on approaches for identity management that overcome these limitations. In particular, we are focussing on open identity management models, which can incorporate identity attributes not only from one source, as a local LDAP directory, but from many sources and even across domains.

Identity Management for SOA and the Internet

Open Identity Management Models as the federated or the user-centric model are based on the idea of having not only one central provider of identity information, but integrating several independent identity management systems. The basic principle is the controlled sharing of identity information among independent participants. Hereby the existence of trust between the provider of identity information (=identity provider) and the one requiring identity information (=relying party) is crucial.


  • Verified and Unverified Digital Idenities

In todays online world, a digital identity often holds data that the user entered himself. For many applications this is sufficient. However, in order to perform critical transactions, as ordering an item or paying for a service, strong and verified digital identities are required to hold the user liable in case anything bad happens. An identity management needs to deal with verified and trustworthy identity data beneath user-managed attributes.

  • A trust level for Identities

Depending on the registration of a digital identity and associated verification steps, identity attributes can have different qualities. In order for another party to rely on provided attributes, it needs to know the quality of an identity attribute. In our research, we aim at providing means to state and communicate a trust level between identity providers and relying parties.

  • Integrating Digital Idenities from different sources

In order to provide verified identity data for online transactions, different countries started initiatives to provide an electronic identity card such as the e-Pass, which is only issued by the government or selected certified organizations. How to facilitate such data with open identity technologies as OpenID and Information Cards is one of the research topics we investigate in our chair.


  • Ivonne Thomas, Robert Warschofsky and Christoph Meinel: Whom to trust? - Generating WS-Security Policies based on Assurance Information In Proceedings of the 2011 IEEE European Conference on Web Services, Lugano, Switzerland, Sept. 2011.
  • Ivonne Thomas and Christoph Meinel: An attribute assurance framework to define and match trust in identity attributes In Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011), Washington, USA, July 2011.
  • Ivonne Thomas, Christoph Meinel: Enhancing Claim-Based Identity Management by Adding a Credibility Level to the Notion of Claims. Proceedings of the IEEE Conference on Service Computing (SCC 2009), Bangalore, India, September 2009.
  • Uwe Kylau, Ivonne Thomas, Michael Menzel, and Christoph Meinel: Trust Requirements in Identity Federation TopologiesIn Proceedings of the 2009 IEEE International Conference on Advanced Information Networking and Applications (AINA-09)(Bradford, UK, May 26 - 29, 2009).
  • Ivonne Thomas, Michael Menzel, and Christoph Meinel: Using Quantified Trust Levels to describe Authentication Requirements in Federated Identity Management In Proceedings of the 2008 ACM Workshop on Secure Web Services (Alexandria, Virginia, USA, October 31 - 31, 2008). SWS '08. pp. 71 - 80,  ISBN:978-1-60558-292-4



  • Ivonne Thomas, Michael Menzel, Christoph Meinel: "SOA, aber sicher", In: "<kes> Die Zeitschrift für Informations-Sicherheit", 1/2009, S.38, ISSN 1611-440X. Download. (Mit freundlicher Genehmigung von www.kes.info) 
  • Ivonne Thomas, Michael Menzel, Christoph Meinel: "Ein Weg aus dem Passwortdilemma? Von domänen-basierten zu offenen Identitätsmanagementmodellen", FAZ Sonderteil vom 24.09.09.

Questions, Ideas, Feedback? Please contact:

  • identityprovider(at)hpi.uni-potsdam.de

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.