Distributed Identity Management for Semantic Entities Based on Graph Signatures and owl:sameAs

Abstract

Distributed Identity Management (DIM) refers to the ability of defining distributed identities of agents and roles, i.e. a single agent is represented using multiple unique identifiers managed in different namespaces and may have various roles across those namespaces. We propose semDIM, a novel approach for Semantic DIM based on a Semantic Web architecture. For the first time, semDIM provides a framework for a distributed definition and management of entities such as persons being part of an organization, groups, and roles across namespaces. It is suitable for informal, i.e. social networks, as well as for professional networks such as cross-organizational collaborations. In addition, the framework ensures authenticity, authorization and integrity for such distributed identities by featuring certificate-based graph signatures. Beyond the capabilities of existing Identity Management solutions, we allow distributed identifiers and management of groups (consisting of agents and sub-groups) and roles as “first-class entities”. semDIM uses owl:sameAs relations to represent and verify distributed identities via formal reasoning. This concept enables novel functionalities for DIM, as these entities can be identified, related to one another, as well as be managed across namespaces. Our semDIM approach consists of a modular software architecture, a process model using a novel approach for pattern-based concurrency control, as well as a set of state-of-the-art formal OWL ontology patterns. The use of formal patterns ensures semantic interoperability, and extensibility for future requirements. Thereby, our approach can be combined with other applications based on the same or related patterns. We evaluate semDIM in the context of a real-world scenario of securely exchanging DIM information across organizations.