Federation solutions for inter- and intradomain security in next-generation mobile service platforms

A federation approach for security in future distributed service delivery platforms for mobile users offers some key advantages over an integrated solution relying on a common choice of a standardized authentication technology. By agreeing on an exchange protocol for security assertions rather than on the detailed security mechanisms, Service Aggregators and Access Network Operators will be able to federate their customer offerings flexibly and jointly offer services. The consumer will find formerly separate offerings combined, and Service Operators will enjoy open interfaces towards the network's service delivery platform. Through the use of Security Assertion Markup Language (SAML), standardized assertion statements can be made not only for the user's identity, but also on attributes and authorizations associated with it. This will allow a seamless personalized service experience offering single sign-on across separate operational domains. An example from automobile telematics is used to illustrate the concepts.