Browse Prior Art Database

Method and System for Emergency Attribute Request in Federated Identity

IP.com Disclosure Number: IPCOM000130534D
Original Publication Date: 2005-Oct-25
Included in the Prior Art Database: 2005-Oct-25
Document File: 2 page(s) / 26K

Publishing Venue

IBM

Abstract

In federated identity, sharing identity attributes between service providers requires permission from the attribute owner. For example, a hospital cannot obtain a patient?s allergies without his/her consent. However, there could be emergency situations where the identity attributes ought to be released to enable the service, but the attribute owner is incapable of providing the permission (i.e. sharing allergy information with the hospital for an unconscious patient). Existing attribute service technologies do not address this use case. Both WS-Federation and Liberty Alliance ID-WSF define a generic permission-based attribute service, but they fail to define a workflow for handling emergency situations where the owner-permission may be temporarily overridden.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 2

Method and System for Emergency Attribute Request in Federated Identity

This article defines a method to temporarily access identity attributes without user permission. The method involves the following steps:

1. Classify identity attributes that may need to be shared in emergency situations without owner permission.
2. The requester of emergency attributes needs to express the intention of why the attributes are needed and how they will be used.
3. The handler of the emergency attribute requests needs to define mechanisms that evaluate the request intention based on defined policies.
4. An auditing mechanism should be deployed so that all attribute transactions based on emergency intention should be logged and can be later reviewed by the attribute owner at a later time.

The emergency attribute request depends heavily on the context of the scenario. One good example is in the healthcare industry, where sharing particular identity attributes such as allergies or medical history could mean life or death. A policy should be defined by the attribute service detailing the condition under which particular identity attributes may be shared without owner permission.

Requested Identity

Attribute

Intention Evidence

allergies make prescription, perform surgery

requester is an accredit healthcare provider, the attribute owner is unconscious

Figure 1. Emergency intention policy.

In order to sharing identity attributes without direct owner permission, the intention and evidences must be expressed in the attribute request.

For an identity attribute service that can handle attribute requests...