%P V6317-V6321 %C Chengdu %T User requirement model for federated identities threats %A Z. Ahmad %A J.-L. Ab Manan %A S. Sulaiman %V 6 %D 2010 %R 10.1109/ICACTE.2010.5579819 %O cited By 5; Conference of 2010 3rd International Conference on Advanced Computer Theory and Engineering, ICACTE 2010 ; Conference Date: 20 August 2010 Through 22 August 2010; Conference Code:82180 %J ICACTE 2010 - 2010 3rd International Conference on Advanced Computer Theory and Engineering, Proceedings %L scholars1026 %X Federated identity management system interconnects distributed island of identity management systems with federated identity standards with single sign-on facility. In an open environment, such as those of a federated identity management system a user single sign-on credentials, can easily fall prey to identity theft, or unlawful information gathering. It may use either existing account or new account fraud. In this paper, we present scenarios related to identity theft, unlawful information gathering and tracking. We show the main issue of lack of platform trust in platforms involve in federated systems and discussed the consequences of respective threats on them. In an effort to present a holistic approach to handle security, trust and privacy, we propose a user requirement model involving these core issues for federated identities. These requirements include system trustworthiness, hardware protected key generations, usability, efficiency, identity information validity, privacy, accountability and system robustness. In our proposed model, Trusted Platform Module (TPM), is the fundamental component which ties and binds all communicating platforms together in authentication, verification and trustworthiness of the platform. © 2010 IEEE.