Abstract
Internet usage has been growing significantly, and the issue of online privacy has become a correspondingly greater concern. Several recent surveys show that users’ concern about the privacy of their personal information reduces their use of electronic businesses and Internet services; furthermore, many users choose to provide false data in order to protect their real identities. Identity federation aims to assemble an identity virtually from a user’s personal information stored across several distinct identity management systems. Liberty Alliance is one of the most recognized projects in developing an open standard for federated network identity. While one of the key objectives of the Liberty Alliance is to enable consumers to protect the privacy and security of their network identity information, this paper identifies and analyzes possible privacy breaches within the Liberty identity Federation Framework and Liberty identity Web Services Framework. Proposals for improvement in both these frameworks are discussed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aarts, R., Björksten, M., Deadman, S., Duserick, B., Karhuluoma, N., et al.: Liberty architecture framework for supporting Privacy Preference Expression Languages (PPELs). Version 1.0, Liberty Alliance Project (November 2003), Available from: http://www.projectliberty.org/about/whitepapers.php
Ahn, G.-J., Lam, J.: Managing privacy preferences for federated identity management. In: Proceedings of the 2005 workshop on Digital identity management, Fairfax, VA, USA, November 2005, ACM Press, New York (2005)
Ahn, G.-J., Shin, D., Hong, S.-P.: Information Assurance in Federated Identity Management: Experimentations and Issues. In: Zhou, X., Su, S., Papazoglou, M.P., Orlowska, M.E., Jeffery, K.G. (eds.) WISE 2004. LNCS, vol. 3306, pp. 78–89. Springer, Heidelberg (2004)
Bhargav-Spantzel, A., Squicciarini, A.C., Bertino, E.: Establishing and protecting digital identity in federation systems. In: Proceedings of the 2005 workshop on Digital identity management, Fairfax, VA, USA, November 2005, ACM Press, New York (2005)
Brown, K.: Security Briefs: Step-by-Step Guide to InfoCard. MSDN Magazine, Microsoft (April 2006) (accessed April 25, 2006), Available from: http://msdn.microsoft.com/msdnmag/issues/06/05/SecurityBriefs/default.aspx
BusinessWeek online. “Business Week/Harris Poll: A Growing Threat”. (March 2000) (accessed January 16, 2006), Available from: http://businessweek.com/2000/00_12/b3673010.htm
Ellison, G., Madsen, P.: Liberty ID-WSF Security Mechanisms, version 2.0-03, Liberty Alliance Project, Available from: http://www.projectliberty.org/resources/specifications.php
Fox, S.: Trust and Privacy Online: Why Americans Want to Rewrite the Rules. Pew Internet & American Life Project (August 2000) (accessed February 17, 2006), Available from: http://www.pewinternet.org/pdfs/PIP_Trust_Privacy_Report.pdf
Gartner Group. Industry watchdog Gartner Group (2003), Available from: (accessed October 21, 2005), http://www.gartner.com
Groß, T.: Security analysis of the SAML Single Sign-on Browser/Artifact profile. In: Proceedings of the 19th Annual Computer Security Applications Conference, December 2003, IEEE, Los Alamitos (2003)
Hommel, W.: Using XACML for Privacy Control in SAML-Based Identity Federations. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds.) CMS 2005. LNCS, vol. 3677, pp. 160–169. Springer, Heidelberg (2005)
Johnston, S.J.: Pondering Passport: Do You Trust Microsoft With Your Data? PCWorld. com (September 2001) (accessed January 10, 2006), Available from: http://pcworld.about.com/news/Sep242001id63244.htm
Kellomäki, S., Lockhart, R.: Liberty ID-SIS Personal Profile Service Specification. Version 1.1, Liberty Alliance Project (2003), Available from: http://www.projectliberty.org/resources/specifications.php
Landau, S.: Liberty ID-WSF Security & Privacy Overview. Version 1.0, Liberty Alliance Project (2003), Available from: http://www.projectliberty.org/resources/specifications.php
Liberty Alliance Project (accessed October 2005), Available from: http://www.projectliberty.org/
Liberty Alliance Project. Liberty Alliance Whitepaper: Identity Theft Primer (December 2005) (accessed January 2006), Available from: http://www.projectliberty.org/resources/id_Theft_Primer_Final.pdf
Madsen, P., Takahashi, Y.K.K.: Federated identity management for protecting users from ID theft. In: Proceedings of the 2005 workshop on Digital identity management, Fairfax, VA, USA, November 2005, ACM Press, New York (2005)
OASIS Security Services (SAML) TC. Security Assertion Markup Language (SAML). OASIS Standards (accessed December 2005), Available from: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security
Pfitzmann, B.: Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 189–204. Springer, Heidelberg (2003)
Pfitzmann, B., Waidner, M.: Federated Identity-Management Protocols — Where User Authentication Protocols Go. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 153–174. Springer, Heidelberg (2005)
Pfitzmann, B., Waidner, M.: Privacy in browser-based attribute exchange. In: Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, Washington, ACM Press, New York (2002)
SourceID. Digital Identity Basics (accessed December 2005), Available from: http://www.sourceid.org/content/primer
Taylor, K., Murty, J.: Implementing role based access control for federated information systems on the web. In: Proceedings of the Australasian information security workshop conference on ACSW frontiers, Adelaide, Australia, 2003, vol. 21, ACM Press, New York (2003)
Varney, C., Hartson, H.: Privacy and Security Best Practices. Version 2.0, Liberty Alliance Project (November 2003), Available from: http://www.projectliberty.org/resources/specifications.php
Varney, C., Sheckler, V.: Deployment Guidelines for Policy Decision Makers. Version 2.9, Liberty Alliance Project (September 2005), Available from: http://www.projectliberty.org/about/whitepapers.php.
Wason, T.: Liberty ID-FF Architecture Overview. Version: 1.2-errata-v1.0, Liberty Alliance Project (2004), Available from: http://www.projectliberty.org/resources/specifications.php
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alsaleh, M., Adams, C. (2006). Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks. In: Danezis, G., Golle, P. (eds) Privacy Enhancing Technologies. PET 2006. Lecture Notes in Computer Science, vol 4258. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11957454_4
Download citation
DOI: https://doi.org/10.1007/11957454_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68790-0
Online ISBN: 978-3-540-68793-1
eBook Packages: Computer ScienceComputer Science (R0)