Skip to main content
SpringerLink
Log in

Integration of Data-Minimising Authentication into Authorisation Systems

  • Conference paper
Trust and Trustworthy Computing (Trust 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8564))

Included in the following conference series:

Abstract

Authentication and authorisation are essential ingredients for effective protection of data in distributed information systems. Currently, they are being treated as separate components with specified input and output relations. Traditional authorisation components require all of the users’ information that is possibly relevant to an authorisation decision and consequently the authentication components need to fully identify the users and collect all available information about them. This destroys all the potential privacy and security benefits of data-minimising authentication technologies such as private credential systems. In this paper, we discuss different ways to address this problem. More precisely, we sketch two possibilities of integrating data-minimising authentication into a traditional authorisation system such that the overall system becomes data-minimising.

This work has been supported by the EU FP7 project AU2EU (#611659).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ardagna, C.A., De Capitani di Vimercati, S., Neven, G., Paraboschi, S., Preiss, F.S., Samarati, P., Verdicchio, M.: Enabling privacy-preserving credential-based access control with XACML and SAML. In: IEEE CIT 2010, pp. 1090–1095. IEEE Computer Society Press (2010)

    Google Scholar 

  2. Bichsel, P., Binding, C., Camenisch, J., Groß, T., Heydt-Benjamin, T., Sommer, D., Zaverucha, G.(Contributors): Cryptographic protocols of the Identity Mixer library. IBM Technical Report RZ 3730 (# 99740) (2009)

    Google Scholar 

  3. Bichsel, P., Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Krontiris, I., Lehmann, A., Neven, G., Nielsen, J.D., Paquin, C., Preiss, F.S., Rannenberg, K., Stausholm, M., Zwingelberg, H.: H2.2 – ABC4Trust architecture for developers. In: ABC4Trust Heartbeat H2.2 (2013)

    Google Scholar 

  4. Bichsel, P., Camenisch, J., Preiss, F.S.: A comprehensive framework enabling data-minimizing authentication. In: Proc. of the 7th ACM DIM, pp. 13–22. ACM Press (2011)

    Google Scholar 

  5. Bichsel, P., Camenisch, J., Preiss, F.S., Sommer, D.: Dynamically-changing interface for interactive selection of information cards satisfying policy requirements. IBM Technical Report RZ 3756 (# 99766) (2009)

    Google Scholar 

  6. Böhm, K., Etalle, S., den Hartog, J.I., Hütter, C., Trabelsi, S., Trivellato, D., Zannone, N.: A flexible architecture for privacy-aware trust management. Journal of Theoretical and Applied Electronic Commerce Research 5(2), 77–96 (2010)

    Article  Google Scholar 

  7. Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)

    Google Scholar 

  8. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Camenisch, J., Mödersheim, S., Neven, G., Preiss, F.S., Sommer, D.: A card requirements language enabling privacy-preserving access control. In: SACMAT, pp. 119–128 (2010)

    Google Scholar 

  10. Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  11. OASIS: Assertions and protocols for the OASIS Security Assertion Markup Language (SAML) v2.0 (2005) OASIS Standard, http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

  12. OASIS: eXtensible Access Control Markup Language (XACML) V2.0 (2005) OASIS Standard, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

  13. Samarati, P., di Vimercati, S.d.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  14. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Thales, France

    Dhouha Ayed

  2. IBM Research – Zurich, Switzerland

    Patrik Bichsel & Jan Camenisch

  3. TU Eindhoven, The Netherlands

    Jerry den Hartog

Authors
  1. Dhouha Ayed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Patrik Bichsel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jan Camenisch
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jerry den Hartog
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Chair for Systems Security, Ruhr-University Bochum, Universitätsstr. 150, ID 2/439, 44780, Bochum, Germany

    Thorsten Holz

  2. Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH), Greece

    Sotiris Ioannidis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Ayed, D., Bichsel, P., Camenisch, J., den Hartog, J. (2014). Integration of Data-Minimising Authentication into Authorisation Systems. In: Holz, T., Ioannidis, S. (eds) Trust and Trustworthy Computing. Trust 2014. Lecture Notes in Computer Science, vol 8564. Springer, Cham. https://doi.org/10.1007/978-3-319-08593-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08593-7_12

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08592-0

  • Online ISBN: 978-3-319-08593-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation