D-FOAF: Distributed Identity Management With Access Rights Delegation

Today's WWW consists of more than just information and there are now community portals, like Orkut, that require identification of their users. This has lead to the fact that today users have to maintain a large number of different credentials for different websites - distributed or shared identification systems are not widely deployed. This paper presents D-FOAF, a distributed identity management system which deploys social networks. It shows how information inherent in social networks can be utilized to provide community driven access rights delegation and analyze algorithms for managing distributed identity, authorization and access rights checking. The paper presents in detail how access rights are based on the structure of the social network and thus are very fine grained by the introduction of notion access rights delegation. Further on, it extends this solution to a distributed identity management system where only a single registration is required within the network of the user profile management systems. Also, it presents how the sensitive information can be protected, from the perspective of the user and access rights management. Finally, the paper presents the FOAFRealm system that implements presented solutions and utilizes FOAF metadata to allow exchange of the profile information with other systems.