The Identity Management (IdM) system follows a claim-based approach with attribute-based credentials (ABC). The IdM relies on IBM’s Idemix cryptographic library , providing additional means to deal with IoT scenarios where consumers and providers can be not only traditional computers, but also smart objects (e.g. smartphones). The IdM endows users and smart objects with the means to control and manage the private data in their smartphone, defining partial identities over their whole identity, which is derived from the credential obtained from de Issuer. The usage of partial identities ensures a privacy-preserving solution with minimal disclosure of personal information. Unlike in traditional IdMs, the subject smart object is not redirected to its online Identity Provider (IdP) during the transaction, so that the IdP is not involved when the target device verifies the smart object’s attributes.

SocIoTal IdM has been recently integrated with FIWARE Keyrock IdM to support traditional and basic, but necessary, identity management operations in scenarios where claim-based access is not needed. Keyrock IdM provides mechanisms such as secure and private authentication from users to devices, networks and services, authorization and trust management, user profile management, privacy-preserving disposition of personal data, single sign-on (SSO) to service domains and identity federation towards applications.

The SocIoTal IdM is composed of five main components:

SocIoTal IdM Android Client: An android application that allows obtaining Idemix credentials from the Issuer server. It also allows interact with the Verifier server which can validate the partial identity derived from the credential.

SocIoTal Issuer Server: It is a web application implemented with Java servlets and XML-RPC which allows generating Idemix credentials for clients. Communications are done by https. The client must be authenticated against the Issuer using a valid certificate. The Issuer also support the verification functionality.

SocIoTal Verifier Server: A web application, also implemented with Java servlets and XML-RPC, which is able to validate partial identities presented by the client application.

SocIoTal IdM-Enabled Capability Manager: A web application that allows users to obtain capability tokens using their partial identities. In other words, it allows authenticating and demonstrating their attributes by means of Idemix proofs of having a valid credential issued by the Issuer.

SocIoTal IdM KeyRock Client: The Java library provides a basic API for identity management by implementing a client to interact with the FIWARE KeyRock server. To carry out such communication, the SCIM 2.0 and Identity API v3 interfaces provided by this IdM are used.

  • Functionality:
  • Category: Identity Management
  • Type:
  • Availability: