Threat Modeling an Identity Management System for Mobile Internet
The advent of Mobile Internet and Web 2.0 raised the need for identity-oriented and user-centric services. In recent years, many Identity Management Systems (IdMS) have been developed to allow users to safely control and reuse their identity attributes. Service providers and users rely on the trust that the mechanisms provided by the IdMS are secure. However, if an attacker succeeds in exploiting some vulnerability of an IdMS, all the services that rely on it will be compromised. Therefore, it is crucial to perform an extensive threat analysis to ensure a deep understanding of the security issues when designing, implementing and operating such systems.