Abstract
Privacy in business processes with proxies is not possible. Users need to share attributes with their proxies which leads to “Big Brothers”. This is the reason why identity management systems such as Liberty Alliance and Microsoft .NET Passport are not successful. We propose a generic privacy-preserving protocol for sharing identifying attributes as credentials with others. This delegation protocol extends current identity management systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Müller, G., Eymann, T., Kreutzer, M.: Telematik- und Kommunikationssysteme in der vernetzten Wirtschaft. Oldenbourg (2003)
Sackmann, S., Strüker, J.: Electronic Commerce Enquête 2005 - 10 Jahre Electronic Commerce: Eine stille Revolution in deutschen Unternehmen. Institut für Informatik und Gesellschaft, Telematik, Freiburg i.Br., Germany (2005)
Huhns, M., Singh, M.: Service-Oriented Computing: Key Concepts and Principles. IEEE Internet Computing 49(1), 75–81 (2005)
Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. In: Communications of the ACM, vol. 24(3), pp. 84–88. ACM Press, New York (1981)
Clauß, S., Köhntopp, M.: Identity management and its support of multilateral security. Computer Networks 37(2), 205–219 (2001)
Kohl, J., Neumann, C.: The Kerberos Network Authentication Service V5. Request for Comments 1510. Network Working Group (1993)
Jendricke, U., Gerd tom Markotten, D.: Identitätsmanagement: Einheiten und Systemarchitektur. In: Fox, D., Köhntopp, M., Pfitzmann, A. (eds.) Verlässliche IT-Systeme – Sicherheit in komplexen Infrastrukturen, Vieweg, Wiesbaden, Germany, pp. 77–85 (2001)
Camenisch, J., Van Herreweghen, E.: Design and Implementation of the idemix Anonymous Credential System. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 21–30. ACM Press, Washington (2002)
Westin, A.: Privacy and Freedom. Atheneum, New York (1967)
Bundesverfassungsgericht: Volkszählungsurteil. In: Entscheidungen des Bundesverfassungsgerichts, Urteil vom 15.12.1983; Az.: 1 BvR 209/83; NJW 84, 419 (1983)
Chaum, D.: Security without Identification: Transaction Systems to make Big Brother Obsolete. In: Communications of the ACM, vol. 28(10), pp. 1030–1077 (1985)
Microsoft Corporation: Microsoft. NET Passport Review Guide (2003) (accessed December 2003), http://www.microsoft.com/net/services/passport/review_guide.asp
Erdos, M., Cantor, S.: Shibboleth-Architecture DRAFT v05 (accessed July 2004), http://shibboleth.internet2.edu/docs/draft-internet2-shibboleth-arch-v05.pdf
Wason, T. (ed.): Liberty ID-FF Architecture Overview Version: 1.2. Liberty Alliance Project (2004) (accessed at July 2004), http://www.projectliberty.org/specs/liberty-idff-arch-overview-v1.2.pdf
Ford, W., Baum, M.: Secure Electronic Commerce. Prentice-Hall, New Jersey (1997)
Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)
Pfitzmann, B., Waidner, M.: Federated Identity-Management Protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 153–174. Springer, Heidelberg (2005)
Ellison, G. (ed.): Liberty ID-WSF Security Mechanisms Version: 1.2. Liberty Alliance Project (2005) (accessed at August 2005), http://www.projectliberty.org/specs/liberty-idwsf-security-mechanisms-v1.2.pdf
Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: EUROCRYPT 2001. LNCS, vol. 2045, pp. 91–118. Springer, Heidelberg (2001)
Neuman, C.: Proxy-Based Authorization and Accounting for Distributed Systems. In: 13th International Conference on Distributed Computing Systems, Pittsburgh, pp. 283–291 (1993)
Aura, T.: Distributed Access-Rights Managements with Delegations Certificates. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 211–235. Springer, Heidelberg (1999)
Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. Request for Comments 3281. Network Working Group (2002)
Camenisch, J.L., Lysyanskaya, A.: Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)
Ellison, E., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. Request for Comments 2963. Network Working Group (1999)
Welch, V., Foster, I., Kesselmann, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 Proxy Certificates for Dynamic Delegation. In: 3rd Annual PKI R&D Workshop (2004) (accessed June 2004), http://www.globus.org/Security/papers/pki04-welch-proxy-cert-final.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wohlgemuth, S., Müller, G. (2006). Privacy with Delegation of Rights by Identity Management. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_13
Download citation
DOI: https://doi.org/10.1007/11766155_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34640-1
Online ISBN: 978-3-540-34642-5
eBook Packages: Computer ScienceComputer Science (R0)