Skip to main content
SpringerLink
Log in

Policy-Based Integration of User and Provider-Sided Identity Management

  • Conference paper
Book cover Emerging Trends in Information and Communication Security (ETRICS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3995))

Abstract

Depending on whether the users or the providers are performing it, Identity Management (IM) traditionally has different meanings. For users, IM means to choose between one’s own identities and roles, in order to make selected personal information available to providers under privacy aspects. For providers, IM typically consists of centralized identity data repositories and their use by the offered services. Methods and tools for both aspects of IM have developed almost orthogonally, failing to consider their interoperability and complementary purposes. We analyze the similarities between both IM aspects and demonstrate how both sides can benefit from the use of a common policy language for personal information release and service provisioning. We derive criteria for this common policy language, demonstrate XACML’s suitability and discuss our prototype for the Shibboleth IM system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology. In: Federrath, H. (ed.) Designing Privacy Enhancing Technologies. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Bonatti, P.A., Samarati, P.: Regulating Service Access and Information Release on the Web. In: Proceedings of CCS 2000. ACM Press, Athens (2000)

    Google Scholar 

  3. Camenisch, J., Shelat, A., Sommer, D., Fischer-Hübner, S., Hansen, M., Krasemann, H., Lacoste, G., Leenes, R., Tseng, J.: Privacy and identity management for everyone. In: 1st conference on Digital Identity Management. ACM Press, New York (2005)

    Google Scholar 

  4. Bhargav-Spantzel, A., Squicciarini, A., Bertino, E.: Establishing and protecting digital identity in federation systems. TR 2005-48, Purdue University (2005)

    Google Scholar 

  5. Powers, C., Schunter, M.: Enterprise Privacy Authorization Language, W3C submission (2003), http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/

  6. Karjoth, G., Schunter, M., Waidner, M.: The Platform for Enterprise Privacy Practices — Privacy-enabled Management of Customer Data. In: Proceedings of the Workshop on Privacy Enhancing Technologies, Springer, Heidelberg (2002)

    Google Scholar 

  7. Mont, M.: Dealing with privacy obligations in enterprises. Technical Report HPL-2004-109, HP Laboratories Bristol (2004)

    Google Scholar 

  8. Reagle, J., Cranor, L.F.: The Platform for Privacy Preferences. In: Communications of the ACM, vol. 42, pp. 48–55. ACM Press, New York (1999)

    Google Scholar 

  9. Langheinrich, M. (ed.): A P3P Preference Exchange Language — APPEL 1.0 (2002), http://www.w3.org/TR/P3P-preferences/

  10. Damiani, E., di Vimercati, S.D.C., Fugazza, C., Samarati, P.: Semantics-aware privacy and access control: Motivation and preliminary results. In: Proceedings of 1st Italian Semantic Web Workshop (2004)

    Google Scholar 

  11. Baker, M., Apon, A., Ferner, C., Brown, J.: Emerging grid standards. IEEE Computer Journal, 43–50 (2005)

    Google Scholar 

  12. Allison, C., et al.: Integrated user management in the european learning grid (2005), http://www.hlrs.de/publications/

  13. Hommel, W., Reiser, H.: Federated Identity Management in B2B Outsourcing. In: Proceedings of the 12th Annual Workshop of the HP OpenView University Association (HPOVUA 2005), Porto, Portugal (2005) ISBN 972-9171-48-3

    Google Scholar 

  14. Linn, J. (ed.): Liberty Trust Models Guidelines (2003)

    Google Scholar 

  15. Cantor, S.: Shibboleth v1.2 Attribute Release Policies (2004), http://shibboleth.internet2.edu/guides/deploy-guide-origin1.2.html#2.e

  16. Goldberg, I.: A Pseudonymous Communications Infrastructure for the Internet. PhD thesis, University of California, Berkeley (2000)

    Google Scholar 

  17. Koch, M.: Global identity management to boost personalization. In: 9th Research Symposium on Emerging Electronic Markets, pp. 137–147 (2002)

    Google Scholar 

  18. Pashalidis, A., Mitchell, C.: A taxonomy of single sign-on systems. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. Pfitzmann, B.: Privacy in browser-based attribute exchange. In: ACM Workshop on Privacy in Electronic Society (WPES 2002), pp. 52–62. ACM Press, New York (2002)

    Google Scholar 

  20. Josang, A., Pope, S.: User Centric Identity Management. In: Proceedings of AusCERT (2005)

    Google Scholar 

  21. Hommel, W.: An Architecture for Privacy-Aware Inter-domain Identity Management. In: Schönwälder, J., Serrat, J. (eds.) DSOM 2005. LNCS, vol. 3775, pp. 48–59. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  22. Aarts, R., et al.: Liberty architecture framework for supporting Privacy Preference Expression Languages (PPELs). Liberty Alliance White Paper (2003)

    Google Scholar 

  23. Ahn, G.J., Lam, J.: Managing Privacy Preferences for Federated Identity Management. In: 1st Workshop on Digital Identity Management. ACM Press, New York (2005)

    Google Scholar 

  24. Koch, M., Möslein, K.: Identities management for e-commerce and collaboration applications. International Journal of Electronic Commerce (IJEC) (2005)

    Google Scholar 

  25. Nazareth, S., Smith, S.: Using SPKI/SDSI for Distributed Maintenance of Attribute Release Policies in Shibboleth. Technical Report TR2004-485, Department of Computer Science, Dartmouth College, Hanover, HN 03744 USA (2004)

    Google Scholar 

  26. Hommel, W.: Using XACML for Privacy Control in SAML-Based Identity Federations. In: Dittmann, J., Katzenbeisser, S., Uhl, A. (eds.) CMS 2005. LNCS, vol. 3677, pp. 160–169. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  27. Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement with HP Select Access for Regulatory Compliance. Technical Report HPL-2005-10, HP Bristol (2005)

    Google Scholar 

  28. Cantor, S., Carmody, S., Erdos, M., Hazelton, K., Hoehn, W., Morgan, B.: Shibboleth Architecture, working draft 09 (2005), http://shibboleth.internet2.edu/

  29. Pfitzmann, B., Waidner, M.: BBAE — a general protocol for browser-based attribute exchange. Technical Report RZ 3455, IBM Research, Zürich (2002)

    Google Scholar 

  30. Aarts, R (ed.): Liberty ID-WSF Interaction Service Specification (2004)

    Google Scholar 

  31. Choi, H.-C., Yi, Y.-H., Seo, J.-H., Noh, B.-N., Lee, H.-H.: A Privacy Protection Model in ID Management Using Access Control. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 82–91. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  32. Hommel, W., Reiser, H.: Federated Identity Management: Shortcomings of existing standards. In: Proceedings of the 9th IFIP/IEEE International Symposium on Integrated Management (IM 2005), Nice, France. IEEE Press, Los Alamitos (2005)

    Google Scholar 

  33. Chadwick, D., Otenko, A.: The PERMIS X.509 Role Based Privilege Management Infrastructure. In: 7th ACM SACMAT. ACM Press, New York (2002)

    Google Scholar 

  34. Damianou, N., Dulay, N., Lupu, E.C., Sloman, M.: The Ponder Policy Specification Language. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, p. 18. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  35. ContentGuard Holdings Inc.: XrML 2.0 Technical Overview (2002), http://www.xrml.org/reference/XrMLTechnicalOverviewV1.pdf

  36. Moses, T (ed.): OASIS eXtensible Access Control Markup Language 2.0, core specification. OASIS XACML Technical Committee Standard (2005)

    Google Scholar 

  37. Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First Experiences Using XACML for Access Control in Distributed Systems. In: Proceedings of the ACM Workshop on XML Security. ACM Press, New York (2003)

    Google Scholar 

  38. Lorch, M., Kafura, D., Shah, S.: An XACML-based Policy Management and Authorization Service for Globus Research Resources Work in Progress Draft Paper. Department of Computer Science, Virginia Tech (2004)

    Google Scholar 

  39. Wu, J., Periorellis, P.: Authorization-Authentication Using XACML and SAML. TR CS-TR-907, University of Newcastle, UK (2005)

    Google Scholar 

  40. Vullings, E., Buchhorn, M., Dalziel, J.: Secure Federated Access to GRID applications using SAML/XACML. Tr, Macquarie University, Sydney (2005)

    Google Scholar 

  41. Lopez, G., Gomez, A., Marin, R., Canovas, O.: A Network Access Control Approach Based on the AAA Architecture and Authorization Attributes. In: 19th IEEE Int. Parallel and Distributed Processing Symposium. IEEE Press, Los Alamitos (2005)

    Google Scholar 

  42. Proctor, S.: Sun’s XACML implementation (2004), http://sunxacml.sf.net/

  43. Crane, S., Mont, M., Pearson, S.: On helping individuals to manage privacy and trust. Technical Report HPL-2005-53, HP Laboratories Bristol (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Munich Network Management Team, Leibniz Supercomputing Center Munich, Germany

    Wolfgang Hommel

Authors
  1. Wolfgang Hommel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institut für Informatik und Gesellschaft, Abt. Telematik, Albert-Ludwigs-Universität Freiburg, Friedrichstr. 50, 79098, Freiburg, Germany

    Günter Müller

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hommel, W. (2006). Policy-Based Integration of User and Provider-Sided Identity Management. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_12

Download citation

  • DOI: https://doi.org/10.1007/11766155_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34640-1

  • Online ISBN: 978-3-540-34642-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation