SPARTA: A survival performance degradation framework for identity federations

Identity federations simplify user's access control across different networks, domains or systems. These federations allow users to seamlessly access data from another domain and they avoid the need of a completely redundant user administration. Federations rely on Identity Providers (IdPs) to manage user's identities. However, IdPs are prone to Distributed Denial-of-Service (DDoS) attacks and flash crowd events. Those attacks and events can severely compromise the performance of IdPs, affecting legitimate users. Existing solutions either ignore such events, statically improving the performance of only specific IdP operations, or tolerate a predetermined number of failures, employing extra hardware resources purchased to replicate IdPs services. This article presents SPARTA, a Survival Performance degrAdation fRamework for idenTity federAtions. SPARTA offers identity federation survivability employing the collective intelligence principles. We showcase the framework over a real identity management system. Results from the experiments show the improvements of the system under attacks. We measure improvements by identity authentication latency (i.e., the time interval between the authentication request and its response) and throughput. As future works, we intend to evaluate our solution using large-scale identity federations.