Abstract
Authentication and authorisation are essential ingredients for effective protection of data in distributed information systems. Currently, they are being treated as separate components with specified input and output relations. Traditional authorisation components require all of the users’ information that is possibly relevant to an authorisation decision and consequently the authentication components need to fully identify the users and collect all available information about them. This destroys all the potential privacy and security benefits of data-minimising authentication technologies such as private credential systems. In this paper, we discuss different ways to address this problem. More precisely, we sketch two possibilities of integrating data-minimising authentication into a traditional authorisation system such that the overall system becomes data-minimising.
This work has been supported by the EU FP7 project AU2EU (#611659).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ardagna, C.A., De Capitani di Vimercati, S., Neven, G., Paraboschi, S., Preiss, F.S., Samarati, P., Verdicchio, M.: Enabling privacy-preserving credential-based access control with XACML and SAML. In: IEEE CIT 2010, pp. 1090–1095. IEEE Computer Society Press (2010)
Bichsel, P., Binding, C., Camenisch, J., Groß, T., Heydt-Benjamin, T., Sommer, D., Zaverucha, G.(Contributors): Cryptographic protocols of the Identity Mixer library. IBM Technical Report RZ 3730 (# 99740) (2009)
Bichsel, P., Camenisch, J., Dubovitskaya, M., Enderlein, R.R., Krontiris, I., Lehmann, A., Neven, G., Nielsen, J.D., Paquin, C., Preiss, F.S., Rannenberg, K., Stausholm, M., Zwingelberg, H.: H2.2 – ABC4Trust architecture for developers. In: ABC4Trust Heartbeat H2.2 (2013)
Bichsel, P., Camenisch, J., Preiss, F.S.: A comprehensive framework enabling data-minimizing authentication. In: Proc. of the 7th ACM DIM, pp. 13–22. ACM Press (2011)
Bichsel, P., Camenisch, J., Preiss, F.S., Sommer, D.: Dynamically-changing interface for interactive selection of information cards satisfying policy requirements. IBM Technical Report RZ 3756 (# 99766) (2009)
Böhm, K., Etalle, S., den Hartog, J.I., Hütter, C., Trabelsi, S., Trivellato, D., Zannone, N.: A flexible architecture for privacy-aware trust management. Journal of Theoretical and Applied Electronic Commerce Research 5(2), 77–96 (2010)
Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)
Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Camenisch, J., Mödersheim, S., Neven, G., Preiss, F.S., Sommer, D.: A card requirements language enabling privacy-preserving access control. In: SACMAT, pp. 119–128 (2010)
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM 24(2), 84–88 (1981)
OASIS: Assertions and protocols for the OASIS Security Assertion Markup Language (SAML) v2.0 (2005) OASIS Standard, http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
OASIS: eXtensible Access Control Markup Language (XACML) V2.0 (2005) OASIS Standard, http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Samarati, P., di Vimercati, S.d.C.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Ayed, D., Bichsel, P., Camenisch, J., den Hartog, J. (2014). Integration of Data-Minimising Authentication into Authorisation Systems. In: Holz, T., Ioannidis, S. (eds) Trust and Trustworthy Computing. Trust 2014. Lecture Notes in Computer Science, vol 8564. Springer, Cham. https://doi.org/10.1007/978-3-319-08593-7_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-08593-7_12
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08592-0
Online ISBN: 978-3-319-08593-7
eBook Packages: Computer ScienceComputer Science (R0)