D-FOAF - Security Aspects in Distributed User Management System

Abstract

The contemporary Internet offers various services ranging from electronic newspapers to on- line social networks. To authorize themselves, users have to register to on-line services. However, most of the authentication and user management systems are incompatible with each other. Therefore the registration process must be repeated each time from the beginning, requiring multiple login-password-site triples with adequate security constraints. Very often, user management systems do not allow user to view or manipulate their profile information, and so users cannot determine the actual information gathered about them after registration. To overcome the problem with multiple registrations and sign-ons, a number of solutions like Microsoft Passport have been proposed. In this article we elaborate on potential security risks concerning single registration, single sign-on and access to profile data. We present how required security levels in a user management system can be provided without losing the accessibility of the service. We define how the potential user can benefit from this user management system based on open standards and open architectures. Finally, we present the D-FOAF, a distributed user management system based on FOAF metadata and a P2P architecture that implements presented solutions for se- cure distributed user management system.