论文信息 - Achieving Privacy in a Federated Identity Management System

Achieving Privacy in a Federated Identity Management System

Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated identity- management systems. The protections include minimal disclosure and providing PII only on a "need-to-know" basis. We then look at the Liberty Alliance system and analyze previous privacy critiques of that system. We show how law and policy provide privacy protections in federated identity-management systems, and that privacy threats are best handled using a combination of technology and law/policy tools.

Susan Landau | Hubert Lê Van Gông | Robin Wilton

[1] Alessandro Acquisti,et al. Identity Management, Privacy, and Price Discrimination , 2008, IEEE Security & Privacy.

[2] Birgit Pfitzmann,et al. Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon , 2003, Privacy Enhancing Technologies.

[3] Paul F. Syverson,et al. Authentic Attributes with Fine-Grained Anonymity Protection , 2000, Financial Cryptography.

[4] Elisa Bertino,et al. Establishing and protecting digital identity in federation systems , 2005, DIM '05.

[5] J. Winn. Consumer protection in the age of the 'information economy' , 2006 .

[6] Birgit Pfitzmann. Privacy in enterprise identity federation - policies for Liberty 2 single sign on , 2004, Inf. Secur. Tech. Rep..

[7] Bart De Decker,et al. Enhancing privacy in identity management systems , 2007, WPES '07.

[8] Adi Shamir. SecureClick: A Web Payment System with Disposable Credit Card Numbers , 2001, Financial Cryptography.

[9] Eve Maler,et al. The Venn of Identity: Options and Issues in Federated Identity Management , 2008, IEEE Security & Privacy.

[10] Robin McKenzie,et al. Use Cases for Identity Management in E-Government , 2008, IEEE Security & Privacy.

[11] Mansour Alsaleh,et al. Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks , 2006, Privacy Enhancing Technologies.

[12] Birgit Pfitzmann,et al. Analysis of Liberty Single-Sign-on with Enabled Clients , 2003, IEEE Internet Comput..