A Dynamic Federated Identity Management Using OpenID Connect

Abstract

Identity federation allows one to link a user’s digital identities across several identity management systems. Federated identity management (FIM) ensures that users have easy access to the available resources. However, scaling FIM to numerous partners is a challenging process due to the interoperability issue between different federation architectures. This study proposes a dynamic identity federation model to eliminate the manual configuration steps needed to establish an organizational identity federation by utilizing the OpenID Connect (OIDC) framework. The proposed model consists of three major steps to establish dynamic FIM: first, the discovery of the OpenID service provider, which indicates the location of the partner organization; second, the registration of the OpenID relying party, which allows the organization and its partner to negotiate information for establishing the federation; finally, establishing the dynamic trust federation. The proposed dynamic FIM model allows applications to provide services to end-users coming from various domains while maintaining a trust between clients and service providers. Through our proposed dynamic identity federation model, organizations can save hundreds of hours by achieving dynamic federation in runtime and serving a large number of end-users.