International Business Machines Corporation
Identity attribute confidence scoring while certifying authorization claims

Abstract:

An identity management system is augmented to compute a time-varying confidence score for an asserted attribute value, typically a value that is received from a third party identity issuer. In this approach, an identity provider (IdP) computes a time-varying confidence score for an asserted attribute that the IdP includes in a security assertion returned to a service provider. The confidence score typically is "deteriorating" (i.e., diminishes over time) for an attribute value. The degree to which the score deteriorates, however, may be altered by one or more qualified attribute verification event(s). Preferably, the IdP maintains a profile of the service provider, and that profile may also include other information, such as a threshold for an attribute confidence score that the SP deems acceptable (to enable access to the service). Based on the SP profiling, the IdP also can recommend use of a given identity issuer for a specific attribute.