Hasso-Plattner-Institut
  
    • de
 

HPI Identity Provider

What is an identity provider?

An identity provider manages digital identities of registered users for the purpose of provisioning them to a party who is willing to rely on this information (the relying party).

Do we need identity provider?

Identity Provider are quite useful to decouple the places where a digital identity is stored from the places where this identity is required.  This way, a service or application does not need to care about the management of users itself, but allows users to authenticate at a trusted identity provider and relies on the assertion issued by the Identity Provider upon successful authentication. Since the same identity provider can be used for several relying parties, the number of digital identities is reduced and the management of a user’s digital identities is eased. Identity provider for the Internet and SOA form the equivalent to our id card and more and more serve as the trust basis for business transaction as well as private communication.

Talking different languages

Identity Provider exist based on different technologies and protocols.  In order to requests the authentication of a user at the identity provider, a relying party formulates a request based on the protocol(s) the identity provider supports. In recent years, mainly two technologies, OpenID and InformationCards, have gained reasonable attention in the web service and Internet world.

The HPI Identity Provider is a identity provider which allows students and employees from HPI to use their HPI identity with services and web applications inside and outside the HPI. Each user is assigned an OpenID, which s/he can use right away to authenticate with several Web Sites that support  OpenID (as e.g. www.tele-task.de). Furthermore each user can download a “digital passport” representing its identity, a so-called InformationCard, and use it to authenticate with web services or web sites supporting the InformationCard technology.

Features and Future Work

  • Manage your attributes and compose them to digital identities
  • Use your digital identities to authenticate at relying parties
  • Federate your account with other identity providers (coming soon)
  • Import and share your attributes between identity providers (coming soon)
  • Distinguish between different sources of your identity (entered by the user, verified, imported from a Third-Party IP) (coming soon)

Further Activities

We are active in the following working groups in the field of "Digital Identity Management”:

     

    • The HPI/Our chair is co-founder of a german chapter of the global Information Card Initiative. See Information Card Foundation DACH Initiative
    • In the TeleTrust SOA Security working group, we are working on a catalogue for authentication and identity management patterns to support the usage and development of standardized frameworks for service-oriented architectures.
    • identityprovider(at)hpi.uni-potsdam.de

    Other Links

    ... to our Research
                  Security Engineering - Learning & Knowledge Tech - Design Thinking - former
    ... to our Teaching
                  Tele-Lectures - MOOCs - Labs - Systems 
    ... to our Publications
                  Books - Journals - Conference-Papers - Patents
    ... and to our Annual Reports.