Federated Identity Management

I was responsible for research in Federated Identity Management at IBM Research, a technology that facilitates authentication and attribute exchange across trust domains. This research involves the application of cryptography and formal methods to protocol standards such as the Security Assertion Markup Language (SAML), Liberty Alliance Project, and WS-Federation. I contributed significantly to the architecture and research prototype of the Tivoli Federated Identity Manager (TFIM). I continue this line of work with new Identity Management projects in Newcastle.

Selected Papers

Thomas Groß, Birgit Pfitzmann and Ahmad-Reza Sadeghi. Proving a WS-Federation Passive Requestor Profile with a browser model. In ACM Secure Web Services Workshop (SWS) 2005, pages 54-64. ACM Press, November 2005.

Thomas Groß, Birgit Pfitzmann and Ahmad-Reza Sadeghi. Browser Model for Security Analysis of Browser-Based Protocols. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS), volume 3679 of Lecture Notes in Computer Science, pages 489-508. Springer-Verlag, Berlin Germany, September 2005.

Thomas Groß. Security analysis of the SAML single sign-on browser/artifact profile. In 19th Annual Computer Security Applications Conference (ACSAC 2003). IEEE Computer Society Press, 2003. copyright IEEE, 2003