School of Computing

A conceptual model for attribute aggregation

David W. Chadwick, George Inman, and Nate Klingenstein

pages 182-196, December 2009 To be published in paper in 2010 [doi].


Abstract This paper describes a conceptual model for attribute aggregation that allows a service provider (SP) to authorise a user�s access request based on attributes asserted by multiple identity providers (IdPs), when the user is known by different identities at each of the IdPs. The user only needs to authenticate to one of the IdPs and the SP is given an overall level of assurance (LoA) about the authenticity of the user and his/her attributes. The model employs a new component called a Linking Service (LS), which is a trusted third party under the control of the user, whose purpose is to link together the different IdP accounts that hold a user�s attributes, along with their respective LoAs. There are several possible interaction models for communications between the IdPs, the SP, LSs and the user, and each are described. The model is underpinned with a fully specified trust model, which also describes the implications when participants do not fully trust each other as required. Finally, the paper describes how the model has been implemented by mapping onto existing standard protocols based on SAMLv2.

Download publication 260 kbytes (PDF)

Bibtex Record

author = {David W. Chadwick and George Inman and Nate Klingenstein },
title = {A Conceptual Model for Attribute Aggregation},
month = {December},
year = {2009},
pages = {182-196},
keywords = {determinacy analysis, Craig interpolants},
note = {To be published in paper in 2010},
doi = {10.1016/j.future.2009.12.004},
url = {},
    publication_type = {article},
    submission_id = {22672_1280839322},

School of Computing, University of Kent, Canterbury, Kent, CT2 7NF

Enquiries: +44 (0)1227 824180 or contact us.

Last Updated: 21/03/2014