english deutsch

IDMAN - Identity Manager

Identitätsmanagement bedeutet, daß eine Person grundsätzlich wählen kann, wie anonym bzw. mit welchen persönlichen Informationen und wie zurechenbar sie gegenüber ihren Kommunikationspartnern in Erscheinung tritt.
[Marit Köhntopp, Andreas Pfitzmann: Informationelle Selbstbestimmung durch Identitätsmanagement; Kiel, 2001]

Identity management means, that a person basically can choose, how anonymously respectively with which personal information and how accountable he or she appears to his or her communication partner.

Requirements and Constraints

Identity management may be seen different points of view. At the end of this section is summarized, which of the presented points below are considered in the resulting realization, that is described in the next two sections.

Number of partners involved in the communication:
  • =1 (Instant-Message, IRC-DCC)
  • >1 (IRC-Channel)
  • >=1 (e-Mail)
Communicating with:
  • a peer (Peer-2-Peer)
  • a service provider (Business-2-Consumer, Business-2-Business)
  • a service user (Business-2-Consumer, Business-2-Business)
Direction of the communication:
  • unidirectional (e-Mail, Instant-Message)
  • bidirectional (IRC)
Time of receipt:
  • simultaneous (IRC, Instant-Message)
  • delayed (e-Mail)

We only take into account bidirectional communications with one partner based on the protocol TCP/IP. These are typical for client/server-based applications like e-Commerce and access to information in the WWW.

Architecture

Pseudonyms, by the means of the presented architecture, are pairs of cryptographic keys used for identification and digital signature. They are linked with usage constraints (onetime, always, depending on role or partner), related data and usage dates.
Each communication partner uses one pseudonym for a single communication with the other. Depending on the usage constraints and circumstances another pseudonym may be chosen for later communication to the same partner.

Parts:
  • Manager
  • Application
  • Network
Layers:
  1. Application
  2. Manager
  3. Security mechanisms
  4. Network
Duties of the Manager:
  • Data management
  • Configuration
  • Rule evaluation
  • Connection management
  • Pseudonym creation
  • Data authentication
  • Data logging

Prototype

Dependencies between packages
Dependencies between packages

Realizes:
  • Connection management
  • Data logging
  • Data authentication
  • Pseudonym creation
  • Configuration
Uses:
  • psman - for data management and persistence
  • ssonet - for connection security

Recent Version

Changes

  • GUI for Rule editing
  • Integration with PKI

System requirements

You may download libs.zip (ca. 6.4MB), which contains all libraries needed for the identity management tools.

Documentation

References

Current Developer

  • Thomas Kriegelstein

News

3. February 2004
DRIM has been presented at Dresden. [Presentation (german)]
17. July 2003
The diploma thesis which is the base for [IDMAN] has been awared the Innovationspreis 2002 of the Industrieclub Sachsen e.V. [Press Information (german)]
CeBIT 2003
We presented ourselves on CeBIT in Hannover, in hall 11/booth D31.