Skip to main content
SpringerLink
Log in

Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks

  • Conference paper
Privacy Enhancing Technologies (PET 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4258))

Included in the following conference series:

Abstract

Internet usage has been growing significantly, and the issue of online privacy has become a correspondingly greater concern. Several recent surveys show that users’ concern about the privacy of their personal information reduces their use of electronic businesses and Internet services; furthermore, many users choose to provide false data in order to protect their real identities. Identity federation aims to assemble an identity virtually from a user’s personal information stored across several distinct identity management systems. Liberty Alliance is one of the most recognized projects in developing an open standard for federated network identity. While one of the key objectives of the Liberty Alliance is to enable consumers to protect the privacy and security of their network identity information, this paper identifies and analyzes possible privacy breaches within the Liberty identity Federation Framework and Liberty identity Web Services Framework. Proposals for improvement in both these frameworks are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aarts, R., Björksten, M., Deadman, S., Duserick, B., Karhuluoma, N., et al.: Liberty architecture framework for supporting Privacy Preference Expression Languages (PPELs). Version 1.0, Liberty Alliance Project (November 2003), Available from: http://www.projectliberty.org/about/whitepapers.php

  2. Ahn, G.-J., Lam, J.: Managing privacy preferences for federated identity management. In: Proceedings of the 2005 workshop on Digital identity management, Fairfax, VA, USA, November 2005, ACM Press, New York (2005)

    Google Scholar 

  3. Ahn, G.-J., Shin, D., Hong, S.-P.: Information Assurance in Federated Identity Management: Experimentations and Issues. In: Zhou, X., Su, S., Papazoglou, M.P., Orlowska, M.E., Jeffery, K.G. (eds.) WISE 2004. LNCS, vol. 3306, pp. 78–89. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Bhargav-Spantzel, A., Squicciarini, A.C., Bertino, E.: Establishing and protecting digital identity in federation systems. In: Proceedings of the 2005 workshop on Digital identity management, Fairfax, VA, USA, November 2005, ACM Press, New York (2005)

    Google Scholar 

  5. Brown, K.: Security Briefs: Step-by-Step Guide to InfoCard. MSDN Magazine, Microsoft (April 2006) (accessed April 25, 2006), Available from: http://msdn.microsoft.com/msdnmag/issues/06/05/SecurityBriefs/default.aspx

  6. BusinessWeek online. “Business Week/Harris Poll: A Growing Threat”. (March 2000) (accessed January 16, 2006), Available from: http://businessweek.com/2000/00_12/b3673010.htm

  7. Ellison, G., Madsen, P.: Liberty ID-WSF Security Mechanisms, version 2.0-03, Liberty Alliance Project, Available from: http://www.projectliberty.org/resources/specifications.php

  8. Fox, S.: Trust and Privacy Online: Why Americans Want to Rewrite the Rules. Pew Internet & American Life Project (August 2000) (accessed February 17, 2006), Available from: http://www.pewinternet.org/pdfs/PIP_Trust_Privacy_Report.pdf

  9. Gartner Group. Industry watchdog Gartner Group (2003), Available from: (accessed October 21, 2005), http://www.gartner.com

  10. Groß, T.: Security analysis of the SAML Single Sign-on Browser/Artifact profile. In: Proceedings of the 19th Annual Computer Security Applications Conference, December 2003, IEEE, Los Alamitos (2003)

    Google Scholar 

  11. Hommel, W.: Using XACML for Privacy Control in SAML-Based Identity Federations. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds.) CMS 2005. LNCS, vol. 3677, pp. 160–169. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Johnston, S.J.: Pondering Passport: Do You Trust Microsoft With Your Data? PCWorld. com (September 2001) (accessed January 10, 2006), Available from: http://pcworld.about.com/news/Sep242001id63244.htm

  13. Kellomäki, S., Lockhart, R.: Liberty ID-SIS Personal Profile Service Specification. Version 1.1, Liberty Alliance Project (2003), Available from: http://www.projectliberty.org/resources/specifications.php

  14. Landau, S.: Liberty ID-WSF Security & Privacy Overview. Version 1.0, Liberty Alliance Project (2003), Available from: http://www.projectliberty.org/resources/specifications.php

  15. Liberty Alliance Project (accessed October 2005), Available from: http://www.projectliberty.org/

  16. Liberty Alliance Project. Liberty Alliance Whitepaper: Identity Theft Primer (December 2005) (accessed January 2006), Available from: http://www.projectliberty.org/resources/id_Theft_Primer_Final.pdf

  17. Madsen, P., Takahashi, Y.K.K.: Federated identity management for protecting users from ID theft. In: Proceedings of the 2005 workshop on Digital identity management, Fairfax, VA, USA, November 2005, ACM Press, New York (2005)

    Google Scholar 

  18. OASIS Security Services (SAML) TC. Security Assertion Markup Language (SAML). OASIS Standards (accessed December 2005), Available from: http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security

  19. Pfitzmann, B.: Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon. In: Dingledine, R. (ed.) PET 2003. LNCS, vol. 2760, pp. 189–204. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  20. Pfitzmann, B., Waidner, M.: Federated Identity-Management Protocols — Where User Authentication Protocols Go. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 153–174. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  21. Pfitzmann, B., Waidner, M.: Privacy in browser-based attribute exchange. In: Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, Washington, ACM Press, New York (2002)

    Google Scholar 

  22. SourceID. Digital Identity Basics (accessed December 2005), Available from: http://www.sourceid.org/content/primer

  23. Taylor, K., Murty, J.: Implementing role based access control for federated information systems on the web. In: Proceedings of the Australasian information security workshop conference on ACSW frontiers, Adelaide, Australia, 2003, vol. 21, ACM Press, New York (2003)

    Google Scholar 

  24. Varney, C., Hartson, H.: Privacy and Security Best Practices. Version 2.0, Liberty Alliance Project (November 2003), Available from: http://www.projectliberty.org/resources/specifications.php

  25. Varney, C., Sheckler, V.: Deployment Guidelines for Policy Decision Makers. Version 2.9, Liberty Alliance Project (September 2005), Available from: http://www.projectliberty.org/about/whitepapers.php.

  26. Wason, T.: Liberty ID-FF Architecture Overview. Version: 1.2-errata-v1.0, Liberty Alliance Project (2004), Available from: http://www.projectliberty.org/resources/specifications.php

Download references

Author information

Authors and Affiliations

  1. School of Information Technology and Engineering (SITE), University of Ottawa,  

    Mansour Alsaleh & Carlisle Adams

Authors
  1. Mansour Alsaleh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carlisle Adams
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Microsoft Research, Cambridge, UK

    George Danezis

  2. Palo Alto Research Center, 3333 Coyote Hill Rd, 94304, Palo Alto, CA, USA

    Philippe Golle

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alsaleh, M., Adams, C. (2006). Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks. In: Danezis, G., Golle, P. (eds) Privacy Enhancing Technologies. PET 2006. Lecture Notes in Computer Science, vol 4258. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11957454_4

Download citation

  • DOI: https://doi.org/10.1007/11957454_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68790-0

  • Online ISBN: 978-3-540-68793-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation