Article

User privacy-preserving identity data dependencies

Authors:

Samir Saklikar,

Subir SahaAuthors Info & Claims

DIM '06: Proceedings of the second ACM workshop on Digital identity management

Pages 45 - 54

https://doi.org/10.1145/1179529.1179537

Published: 03 November 2006 Publication History

Abstract

Identity Federation technologies have enabled users to leverage their relationships with an Identity Provider (IdP) into a Service Provider's (SP) domain. They allow user-initiated and IdP-controlled sharing of authentication information, attributes and authorization policies, allowing users to get benefits like Single Sign On (SSO) and attribute linking across the different domains. Federation-based Identity Services have enabled a standardized mechanism of sharing a particular type of user identity information with interested SPs. Yet, with increasing focus on composite as well as personalized user experiences, different types of User Identity Data need to be used together. In this paper, we argue that there is a lack of standardized mechanisms for resolution and ownership, when it comes to data associations across different Identity Providers. Additionally, users have different privacy requirements for these different kinds of interacting identity information and need mechanisms to enforce them. We propose a solution which allows users to define privacy-preserving data dependencies between their different Identity information. Thus, a query for a particular user information, would honor and traverse its associated data dependencies, possibly triggering user-defined policies, to come up with a resultant set of identity information.

References

[1]

Laws of Identity. http://www.identityblog.com/.]]

[2]

Liberty Alliance. Framework for supporting Privacy Preference Expression Languages (PPELs). http://www.projectliberty.org.]]

[3]

Liberty Alliance ID-SIS 1.0 Specifications. http://www.projectliberty.org/resources/specifications.php.]]

[4]

Liberty Alliance ID-WSF 2.0 Specifications. http://www.projectliberty.org/resources/specifications.php.]]

[5]

Liberty Alliance. ID-WSF security and privacy best practices. http://www.projectliberty.org.]]

[6]

Liberty Alliance. ID-WSF security and privacy overview. http://www.projectliberty.org.]]

[7]

Liberty Alliance Project. http://www.projectliberty.org/.]]

[8]

OASIS Security Services (SAML) TC. http://www.oasis-open.org/committees/security/.]]

[9]

G.-J. Ahn and J. Lam. Managing privacy preferences for federated identity management. In Workshop on Digital Identity Management, 2005.]]

Digital Library

[10]

S. Cantor, J. Kemp, and D. Champagne. Liberty ID-FF Bindings and Profile specifications. Technical report, Liberty Alliance, 2003.]]

[11]

S. D. C. di Vimercati and P. Samarati. Access control in federated systems. In Proc. of the ACM SIGSAC New Security Paradigms Workshop, 1996.]]

Digital Library

[12]

J. Hughes and E. Maler. Security Assertion Markup Lanaguage (SAML) V2.0 Technical Overview. Technical report, OASIS, 2005.]]

[13]

A. Kobsa. Tailoring privacy to users' needs. In 8th International Conference on User Modeling, 2001.]]

Digital Library

[14]

R. S. Sandhu, E. Coyne, H. Feinstein, and C. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996.]]

Digital Library

[15]

R. S. Sandhu and P. Samarati. Access control: principle and practice. IEEE Communications Magazine, 32(9):40--48, 1994.]]

Digital Library

[16]

B. Shafiq, E. Bertino, and A. Ghafoor. Access control management in a distributed environment supporting dynamic collaboration. In Workshop on Digital Identity Management, 2005.]]

Digital Library

[17]

T. Wason. Liberty ID-FF Architecture Overview. Technical report, Liberty Alliance, 2003.]]

Cited By

Squicciarini ACzeskis ABhargav-Spantzel ABertino EDamiani M(2008)Privacy policies compliance across digital identity management systemsProceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS10.1145/1503402.1503416(72-81)Online publication date: 4-Nov-2008
https://dl.acm.org/doi/10.1145/1503402.1503416

Index Terms

User privacy-preserving identity data dependencies

Recommendations

Achieving Privacy in a Federated Identity Management System
Financial Cryptography and Data Security

Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We ...
The Venn of Identity: Options and Issues in Federated Identity Management

Digital identities can be associated with everything from people to software applications to entire companies, but human digital identities prove the most interesting and challenging. Human digital identities can simplify network usage and enable new ...
Privacy in Digital Identity Systems: Models, Assessment, and User Adoption
Electronic Government
Abstract
The use of privacy protection measures is of particular importance for existing and upcoming users’ digital identities. Thus, the recently adopted EU Regulation on Electronic identification and trust services (eIDAS) explicitly allows the use of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

DIM '06: Proceedings of the second ACM workshop on Digital identity management

November 2006

88 pages

ISBN:1595935479

DOI:10.1145/1179529

General Chair:
Ari Juels
RSA Laboratories
,
Program Chairs:
Marianne Winslett
UIUC
,
Atsuhiro Goto
NTT, Japan

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 November 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

November 3, 2006

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 16 of 34 submissions, 47%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
657
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Squicciarini ACzeskis ABhargav-Spantzel ABertino EDamiani M(2008)Privacy policies compliance across digital identity management systemsProceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS10.1145/1503402.1503416(72-81)Online publication date: 4-Nov-2008
https://dl.acm.org/doi/10.1145/1503402.1503416

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents