Katholieke Universiteit Leuven
In this paper, the authors propose a hybrid approach that combines claim-based and network-based identity management. Partly by virtue of the principle of separation of concerns, better security and privacy properties are attained. Overall trust is diminished, while simultaneously reducing multiple actors' exposure and value as a target of attack. The proposed architecture also facilitates interoperability and pluralism of credential technologies, authentication protocols and operators. In addition, the user has more control over their personal data than with current network-based identity management systems.