Skip to content
Licensed Unlicensed Requires Authentication Published by De Gruyter Oldenbourg May 31, 2014

The evolution of identity management using the example of web-based applications

Detlef Hühnlein, Tobias Wich, Johannes Schmölz and Hans-Martin Haase


The typical identity management (IdM) techniques used in web-based applications are about to change from application-specific means for identification, authentication and authorization towards the support of standardized, secure and privacy friendly mechanisms for Single Sign-On (SSO). In this paper we outline the different phases of this evolution, which started with the introduction of standardized interfaces for authentication and authorization and allowed to shift these sensitive tasks from the application towards the web application server. In a second phase the interfaces were extended to support authentication and authorization in distributed systems and feature SSO-techniques. The third phase adds identification and aims at providing more security for distributed authentication infrastructures and finally there is a trend towards providing more privacy friendly mechanisms for identity management in the future.

Received: 2013-10-7
Accepted: 2014-4-4
Published Online: 2014-5-31
Published in Print: 2014-6-28

©2014 Walter de Gruyter Berlin/Boston