An audit trail service to enhance privacy compliance in federated identity management

Federated identity management systems, such as the Liberty Alliance framework, are intended to protect identity and control access to personal information. An audit trail service has been proposed as an addition to the framework to address potential privacy breaches. A simple scenario is used to analyze what should be logged to an audit trail and how it should be logged in order to address privacy concerns and comply with privacy legislation. The implementation of an audit trail service conforming to the Liberty Alliance data service template is described. Our research to date has achieved results which show promise in terms of having a scalable solution that conforms to Liberty Alliance specifications and protects the user's identity while providing a consolidated view of the data sharing activities associated with their personal information.

[1]  Gail-Joon Ahn,et al.  Ensuring information assurance in federated identity management , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[2]  Matthew Alexander Webster,et al.  An aspect oriented performance analysis environment , 2003 .

[3]  Liam Peyton,et al.  A Generative Framework for Managed Services , 2004, GPCE.

[4]  Marco Casassa Mont,et al.  On Adaptive Identity Management: The Next Generation of Identity Management Technologies , 2003 .

[5]  Kathrin M. Möslein,et al.  Identities Management for E-Commerce and Collaboration Applications , 2005, Int. J. Electron. Commer..

[6]  Mansour Alsaleh,et al.  Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks , 2006, Privacy Enhancing Technologies.

[7]  Owen Rees,et al.  Identity Management: a Key e-Business Enabler , 2002 .

[8]  N. Paramesh,et al.  Enforcing Business Rules and Information Security Policies through Compliance Audits; XISSF - A Compliance Specification Mechanism , 2006, 2006 IEEE/IFIP Business Driven IT Management.

[9]  Mansour A Alsaleh Enhancing consumer privacy in identity federation architectures , 2006 .

[10]  Liam Peyton,et al.  Tracking privacy compliance in B2B networks , 2004, ICEC '04.

[11]  Jianguo Zhang,et al.  HIPPA's compliant Auditing System for Medical Imaging System , 2005, 2005 IEEE Engineering in Medicine and Biology 27th Annual Conference.

[12]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[13]  Jacob Slonim,et al.  Owner-controlled information , 2003, NSPW '03.