• de

An Identity Provider to manage Reliable Digital Identities for SOA and the Web

Looking at the current online world, performing transactions as online banking, online shopping or communicating in social networks has become an inherent part of life. Hereby, personal, identity-related data plays a major role, since for many activities a service provider requires details about the identity of a user.
However, does a service provider always require our true identity? Often a service provider just needs to recognize a user on repeated visits in order to offer personalized services. Only if critical transactions are involved as for example in online banking transactions a service provider has to be sure that a user’s identity matches with the real-life identity.
In her talk, Ivonne Thomas presents the HPI Identity Provider, which distinguishes between verified digital identities and user-created identities (anonymous identities). The identity provider is based on the Identity Metasystem and the notion of claims and has been extended to include trust-related identity meta information. In her talk, she shows how service providers can use this information to derive access control decisions according to the level of trust they require for a certain transaction.

Zur Person

Ivonne Thomas, MSc has been working in the area of identity and trust management since four years with a particular focus on web services technologies. During these years, she has been working with people at SAP Research in Brisbane, Australia as well as in the Security and Trust Group of SAP Research in Sophia Antipolis, France.
Since two years, she is working full-time on her PhD as a member of the Hasso-Plattner Institute Research School on “Service-oriented Systems Engineering”.  As part of her research, she is working on models and technologies towards a trustworthy and reliable management of digital identities in decentralized environments as SOA and the Internet.
Ivonne Thomas is also one of the faces behind the new SOA Security Kompendium published by the Bundesamt für IT Sicherheit (BSI), author of several articles in magazines as for example in “kes- Die Zeitschrift für Informationssicherheit” and a frequent speaker at events as e.g. Cebit 2009: “SOA Security and the World of Digital Identities” or the European Identity Conference 2010.