Even though identity management solutions have existed for some time, the advent of social networks, content management system (CMS) platforms, and cloud computing has brought some much needed advances in this technology. Federated identity management has received a lot of attention in the last few years, and organizations are utilizing it to make it easier for their users to move across multiple Web sites without having to worry about creating separate user accounts for each one.

The authors of this paper noticed the increase in adoption rates of federated identity technology and raised questions about achieving assurance in those implementations. Needless to say, it is a nontrivial task to show assurance in the heterogeneous ecosystem that the World Wide Web has become; the authors propose a few techniques to do just that.

The paper outlines ways in which “model-based technology can be used to automate and improve the collection, analysis presentation, and sharing of the required information” to achieve assurance in a design utilizing federated identity management solutions.

The authors provide some background on audit methodologies, and discuss the overall identity management life cycle, citing the risks and controls that exist today. They go on to propose an assurance framework and show how it can be used in federated identity management environments. Privacy policy enforcement work and its effectiveness in improving assurance models are also discussed.

Overall, the authors have raised an important question regarding ways to provide assurance in federated identity environments. Furthermore, they propose some ways to utilize existing models and policies to improve assurance.