Controlled sharing of identity attributes for better privacy

In recent years user centricity has drawn a lot of attention as a promising component to advance federated identity management (FIM) systems. The basic notion is to give users a larger degree of control over their attribute data that comprises digital identities on a federated network, thus providing an ideal mechanism for upholding user privacy. One of the fundamental problems facing user centricity in this context is how a user can selectively share her identity attributes certified by an identity provider (IdP) to a service provider (SP). In this paper we present an approach to addressing the problem, which allows a user to share only selected attributes from a larger set of attributes that form his digital identity credential for better privacy. Our approach enables such sharing to occur without IdPpsilas intervention in every transaction.

[1]  K. Cameron,et al.  The Laws of Identity , 2005 .

[2]  M. Goodrich,et al.  Efficient Authenticated Dictionaries with Skip Lists and Commutative Hashing , 2000 .

[3]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[4]  Gail-Joon Ahn,et al.  Managing privacy preferences for federated identity management , 2005, DIM '05.

[5]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[6]  Abhilasha Bhargav-Spantzel,et al.  User centricity: a taxonomy and open issues , 2006, DIM '06.

[7]  Elisa Bertino,et al.  Establishing and protecting digital identity in federation systems , 2005, DIM '05.

[8]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[9]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[10]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[11]  Michael Koch,et al.  Global Identity Management to Boost Personalization , 2002 .

[12]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[13]  Gail-Joon Ahn,et al.  Ensuring information assurance in federated identity management , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[14]  Wolfgang Wörndl,et al.  Community support and identity management , 2001, ECSCW.

[15]  Jan Camenisch,et al.  Design and implementation of theidemixanonymous credential system , 2002, CCS 2002.

[16]  A. Jøsang,et al.  User Centric Identity Management , 2005 .