Abstract
The problem of privacy of the Identity Management System (IMS) is the most pressing concern of ordinary users. Uncertainty about privacy keeps many users away from utilizing IMS. Most privacy-enhancing technologies such P3P, E-P3P and EPAL use purposes or policies to ensure privacy that is set by users. Access control is arguably the most fundamental and pervasive security mechanism in use. This paper proposes a privacy protection model using access control for IMS. The proposed model protects privacy using access control techniques with privacy policies in a single circle of trust. We address characteristics of components for the proposed model and describe access control procedures. After that, we show protection architecture and XML-based schema for privacy policies.
This research was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Assessment).
*Correspondent author.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Identity Management Systems (IMS): Identification and Comparison Study. PRIME Project (2003), http://www.datenschutzzentrum.de/idmanage/study/ICPP_SNG_IMSStudy.pdf
Cranor, L.F.: Web Privacy with P3P. AT&T (2002)
Ashley, P., Hada, S., Karjoth, G., Schunter, M.: Privacy Policies and Privacy Authorization (E-P3P). WPES (2002)
Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language. W3C (2003), http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/
RAPID: Roadmap for Advanced Research in Privacy and Identity Management. RAPID Project (2001), http://www.ra-pid.org
PRIME: Privacy and Identity Management for Europe Date of preparation. PRIME Project (2004), http://www.prime-project.eu.org/
Sourceid: Open Source Federated Identity Management. Ping Identity (2004), http://www.sourceid.org/
Warren, A.D., Brandeis, L.D.: The Right to Privacy. Harvard Law Review (1980)
Magnuson, G., Reid, P.: Privacy and Identity Management Survey. In: IAPP Conference (2004)
Microsoft.NET Passport: Microsoft (2004), http://www.microsoft.com/net/services/passport/
Liberty Alliance: Introduction to the Liberty Alliance Identity Architecture. Liberty Alliance Project (2003)
XML SPY. Altova (2004), http://www.xml.com/pub/p/15
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Choi, HC., Yi, YH., Seo, JH., Noh, BN., Lee, HH. (2005). A Privacy Protection Model in ID Management Using Access Control. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2005. ICCSA 2005. Lecture Notes in Computer Science, vol 3481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11424826_9
Download citation
DOI: https://doi.org/10.1007/11424826_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25861-2
Online ISBN: 978-3-540-32044-9
eBook Packages: Computer ScienceComputer Science (R0)