Skip to main content
SpringerLink
Log in

Achieving Privacy in a Federated Identity Management System

  • Conference paper
Financial Cryptography and Data Security (FC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5628))

Included in the following conference series:

Abstract

Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated identity- management systems. The protections include minimal disclosure and providing PII only on a “need-to-know” basis. We then look at the Liberty Alliance system and analyze previous privacy critiques of that system. We show how law and policy provide privacy protections in federated identity-management systems, and that privacy threats are best handled using a combination of technology and law/policy tools.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Acquisti, A.: Identity Management, Privacy, and Price Discrimination. IEEE Security and Privacy 6(2), 46–50 (2008)

    Article  Google Scholar 

  2. Alsaleh, M., Adams, C.: Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 59–77. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  3. Bhargav-Spantzel, A., Squicciarini, A., Bertino, E.: Establishing and Protecting Digital Identity in Federation Systems. CERIAS Tech Report 2007-18

    Google Scholar 

  4. Gevers, S., Verslype, K., De Decker, B.: Enhancing Privacy in Identity Management Systems. In: Workshop on Privacy in the Electronic Society, pp. 60–63 (2007)

    Google Scholar 

  5. Hardt, D.: Identity 2.0 Keynote, http://youtube.com/watch?v=RrpajcAgR1E

  6. idemix for Internet anonymity, http://www.zurich.ibm.com/security/idemix/ptext.html (last viewed April 29, 2008)

  7. inCommon Federation, http://www.incommonfederation.org/

  8. Jøsang, A., AlZomai, M., Suriadi, S.: Usability and Privacy in Identity Managements Systems. In: Australasian Information Security Workshop: Privacy Enhancing Technologies 2007 (2007)

    Google Scholar 

  9. Wason, T. (ed.): Liberty Alliance Project, Liberty ID-FF Architecture Overview, Version 1.2 (2005)

    Google Scholar 

  10. Landau, S. (ed.): Liberty Alliance Project, Liberty ID-WSF Security and Privacy Overview, Version 1.0 (2003)

    Google Scholar 

  11. Varney, C. (ed.): Liberty Alliance Project, Privacy and Security Best Practices, Version 2.0, November 12 (2003)

    Google Scholar 

  12. Varney, C., Sheckler, V. (eds.): Liberty Alliance Project, Deployment Guidelines for Policy Decision Makers, Version 2.9, September 21 (2005)

    Google Scholar 

  13. Liberty Alliance Project, An Overview of the Id Governance Framework, ed (July 2007), http://projectliberty.org/liberty/content/download/3500/23156/file/overview-id-governance-framework-v1.0.pdf

  14. Hodges, J., Kemp, J., Aarts, R., Whitehead, G., Madsen, P. (eds.): Liberty Alliance Project, Liberty ID-WSF SOAP Binding Specification, Version 2.0 July 7 (2007), http://www.projectliberty.org/liberty/content/download/897/6267/file/liberty-idwsf-soap-binding-v2.0.pdf

  15. Liberty Alliance Papers, http://projectliberty.org/liberty/resource_center/papers (last viewed March 27, 2008)

  16. Maler, E., Reed, D.: The Venn of Identity: Options and Issues in Federated Identity Management. IEEE Security and Privacy 6(2), 16–23 (2008)

    Article  Google Scholar 

  17. McKenzie, R., Crompton, M., Wallis, C.: Use Cases for Identity Management in E-Government. IEEE Security and Privacy 6(2), 51–57 (March/April)

    Google Scholar 

  18. Office of the Chief Information and Privacy Officer, Province of Ontario, Privacy Impact Assessment Guidelines (December 1999) (updated June 2001)

    Google Scholar 

  19. Pfitzmann, B.: Privacy in Enterprise Identity Federation –Policies for Liberty 2 Single Signon. Elsevier Information Security Technical Report (ISTR), 9/1, pp. 45–58 (2004); preliminary version appeared as Pfitzmann, B.: Privacy in enterprise identity federation. In: Dingledine, R. (ed.) PET 2003, LNCS. vol. 2760, pp. 189–204. Springer, Heidelberg (2003)

    Google Scholar 

  20. Pfitzmann, B., Waidner, M.: Analysis of Liberty Single-Sign-on with Enabled Clients. IEEE Internet Computing, 38–44 (November/December 2003)

    Google Scholar 

  21. Ranger, S.: NHS e-record opt-out offered. IT Management News, December 19 (2006), http://news.zdnet.co.uk/itmanagement/0,1000000308,39285203,00.htm (last viewed January 18, 2009)

  22. Shamir, A.: Secureclick: A web payment system with disposable credit card numbers. In: Syverson, P.F. (ed.) FC 2001. LNCS, vol. 2339, pp. 232–242. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  23. Stubblebine, S.G., Syverson, P.F.: Authentic Attributes with Fine-Grained Anonymity Protection. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 276–294. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  24. U-Prove SDK Overview, April 16 (2007), http://www.credentica.com/ (last viewed May 3, 2008)

  25. Wilson, Y.: Personal communication

    Google Scholar 

  26. Winn, J.: Information Technology Standards as a Form of Consumer Protection Law. In: Winn, J. (ed.) Consumer Protection in the Age of the Information Economy, Ashgate (2006)

    Google Scholar 

  27. Web Services Policy 1.5 Framework (October 2007), http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/

Download references

Author information

Authors and Affiliations

  1. Sun Microsystems, USA

    Susan Landau & Hubert Le Van Gong

  2. Future Identity, USA

    Robin Wilton

Authors
  1. Susan Landau
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hubert Le Van Gong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Robin Wilton
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The Tor Project, Dedham, MA, USA

    Roger Dingledine

  2. Palo Alto Research Center, 3333 Coyote Hill Rd, 94304, Palo Alto, CA, USA

    Philippe Golle

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Landau, S., Le Van Gong, H., Wilton, R. (2009). Achieving Privacy in a Federated Identity Management System. In: Dingledine, R., Golle, P. (eds) Financial Cryptography and Data Security. FC 2009. Lecture Notes in Computer Science, vol 5628. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03549-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03549-4_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03548-7

  • Online ISBN: 978-3-642-03549-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation