Federated Identity Management in a Tactical Multi-Domain Network

Abstract

Identity Management maintains information regarding actors of an Information System, like users, equipment and services. One important service is to disseminate and validate credentials for the purpose of authentication and access control. Within the context of military tactical communication network the identity management services should, due to the disadvantaged nature of these networks, minimize their network demand and connectivity requirements. Security protocols for tactical network should be efficient, prudent and be based on well justified use cases. The contribution of this paper is the rationale and the prototype of an identity management system designed with these properties in mind, including services for authentication and access control. The discussion will suggest a set of architectural patterns for the development and deployment of an identity management system, as well as justifications for the simplified protocol operations.