OFELIA - A Secure Mobile Attribute Aggregation Infrastructure for User-Centric Identity Management

Personal mobile devices with real practical computational power and Internet connectivity are currently widespread throughout all levels of society. This is so much so that the most popular of these devices, the smart phone, in all its varied ubiquitous manifestations is nowadays the de facto personal mobile computing platform, be it for civil or even military applications. In parallel with these developments, Internet application providers like Google and Facebook are developing and deploying an ever increasing set of personal services that are being aggregated and structured over personal user accounts were an ever increasing set of personal private sensitive attributes is being massively aggregated. In this paper we describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a framework for user centric identity management that provides an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users identity attributes to offer a versatile set of identity services. In OFELIA personal attributes are distributed among and protected by several otherwise unrelated AAs (Attribute Authorities). Only the user mobile device knows how to aggregate these scattered AAs identity attributes back into some useful identifiable entity identity. Moreover by recurring to an IdB (Identity Broker), acting as a privacy enhancing blind caching-proxy, in OFELIA the identity attributes location in the Internet is hidden from the RP/SP (Relying Party, Service Provider) that wants to have temporary access to the users personal data. The mobile device thus becomes the means by which the user can asynchronously exercise discretionary access control over their most sensitive dynamic identity attributes in a simple but highly transparent way.