Abstract

The notion of identity metasystem has been introduced as the means to ensure inter-operability among different identity systems while providing a consistent user experience. Current identity metasystems provide limited support for secure roaming: by "roaming" we refer to the ability of a user to use the same set of identities and credentials across different terminals. We argue that in order to support different types of roaming, the identity metasystem client should be structured as a set of distributable components. We describe such distributed client-side software architecture and how that architecture is implemented by adapting Novell's Bandit project. We use our implementation to demonstrate how credentials are stored in a trusted device in the form of a mobile phone but can be used on less trusted terminals in the form of PCs.