Article

Enhancing privacy of federated identity management protocols: anonymous credentials in WS-security

Authors:

Jan Camenisch,

Thomas Gross,

Dieter SommerAuthors Info & Claims

WPES '06: Proceedings of the 5th ACM workshop on Privacy in electronic society

Pages 67 - 72

https://doi.org/10.1145/1179601.1179613

Published: 30 October 2006 Publication History

Get Access

Abstract

Federated Identity Management (FIM) allows for securely provisioning certified user identities and attributes to relying parties. It establishes higher security and data quality compared to user-asserted attributes and provides for stronger user privacy protection than technologies based upon user-side attribute certificates. Therefore, industry pursues the deployment of FIM solutions as one cornerstone of the WS-Security framework. Current research proposes even more powerful methods for security and privacy protection in identity management with so called anonymous credential systems. Being based on new, yet well-researched, signature schemes and cryptographic zero-knowledge proofs, these systems have the potential to improve the capabilities of FIM by superior privacy protection, user control, and multiple use of single credentials. Unfortunately, anonymous credential systems and their semantics being based upon zero-knowledge proofs are incompatible with the XML Signature Standard which is the basis for the WS-Security and most FIM frameworks. We put forth a general construction for integrating anonymous credential systems with the XML Signature Standard and FIM protocols. We apply this method to the WS-Security protocol framework and thus obtain a very flexible WS-Federation Active Requestor Profile with strong user control and superior privacy protection.

References

[1]

BACKES, M., CAMENISCH, J., AND SOMMER, D. Anonymous yet accountable access control. In Proceedings of the Workshop on Privacy in the Electronic Society 2005 (2005).]]

Digital Library

Google Scholar

[2]

BANGERTER, E., CAMENISCH, J., AND LYSYANSKAYA, A. A cryptographic framework for the controlled release of certified data. In Twelfth International Workshop on Security Protocols 2004 (2004), LNCS, Springer Verlag.]]

Google Scholar

[3]

BRANDS, S. Rethinking Public Key Infrastructure and Digital Certificates-Building in Privacy. PhD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands, 1999.]]

Google Scholar

[4]

CAMENISCH, J., GROSS, T., AND SOMMER, D. Enhancing privacy of federated identity management protocols -- anonymous credentials in ws-security. Tech. rep., Purdue University, 2006.]]

Google Scholar

[5]

CAMENISCH, J., HOHENBERGER, S., KOHLWEISS, M., LYSYANSKAYA, A., AND MEYEROVICH, M. How to win the clone wars: Efficient periodic n-times anonymous authentication. In ACM CCS (2006).]]

Digital Library

Google Scholar

[6]

CAMENISCH, J., AND LYSYANSKAYA, A. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In Advances in Cryptology -- EUROCRYPT 2001 (2001), B. Pfitzmann, Ed., vol. 2045 of LNCS, Springer Verlag, pp. 93--118.]]

Digital Library

Google Scholar

[7]

CAMENISCH, J., SOMMER, D., AND ZIMMERMANN, R. A general certification framework with applications to privacy-enhancing certificate infrastructures. In SEC 2006 (2006).]]

Crossref

Google Scholar

[8]

CAMENISCH, J., AND STADLER, M. Efficient group signature schemes for large groups. In Advances in Cryptology -- CRYPTO '97 (1997), B. Kaliski, Ed., vol. 1296 of LNCS, Springer Verlag, pp. 410--424.]]

Digital Library

Google Scholar

[9]

DODIS, Y., AND YAMPOLSKIY, A. A verifiable random function with short proofs an keys. In Public Key Cryptography (2005), vol. 3386 of LNCS, pp. 416--431.]]

Digital Library

Google Scholar

[10]

EASTLAKE 3RD, D., REAGLE, J., AND SOLO, D. XML-Signature syntax and processing, Mar. 2002. http://www.w3.org/TR/xmldsig-core/.]]

Digital Library

Google Scholar

[11]

FIAT, A., AND SHAMIR, A. How to prove yourself: Practical solutions to identification and signature problems. In Advances in Cryptology -- CRYPTO '86 (1987), A. M. Odlyzko, Ed., vol. 263 of LNCS, Springer Verlag, pp. 186--194.]]

Digital Library

Google Scholar

[12]

KALER, C., AND NADALIN, A. Web services federation language (ws-federation), version 1, July 2003.]]

Google Scholar

[13]

KALER, C., AND NADALIN, A. Ws-federation active requestor profile, version 1, July 2003.]]

Google Scholar

[14]

OASIS. Ws-security standard, 2004.]]

Google Scholar

Cited By

View all

Hammann SSasse RBasin DSun HShieh SGu GAteniese G(2020)Privacy-Preserving OpenID ConnectProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3384724(277-289)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3384724
Delignat-Lavaud AFournet CKohlweiss MParno B(2016)Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation2016 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2016.22(235-254)Online publication date: May-2016
https://doi.org/10.1109/SP.2016.22
Zhang YChen J(2013)Universal Identity Management Based on Delegation in SOAAdvanced Web Services10.1007/978-1-4614-7535-4_3(51-74)Online publication date: 6-Aug-2013
https://doi.org/10.1007/978-1-4614-7535-4_3
Show More Cited By

Index Terms

Enhancing privacy of federated identity management protocols: anonymous credentials in WS-security
1. Information systems
  1. World Wide Web
    1. Web applications
      1. Internet communications tools

Recommendations

Achieving Privacy in a Federated Identity Management System
Financial Cryptography and Data Security

Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We ...
Privacy by Design in Federated Identity Management
SPW '15: Proceedings of the 2015 IEEE Security and Privacy Workshops

Federated Identity Management (FIM), while solving important scalability, security and privacy problems of remote entity authentication, introduces new privacy risks. By virtue of sharing identities with many systems, the improved data quality of ...
Enhancing privacy in identity management systems
WPES '07: Proceedings of the 2007 ACM workshop on Privacy in electronic society

User-privacy in existing identity management systems (IMS) can be improved.Indeed, private credential systems offer privacy enhancing capabilities not yet included in current IMS; e.g. proving claims such as age > 18, with age an attribute. This paper ...

Comments

Information & Contributors

Information

Published In

WPES '06: Proceedings of the 5th ACM workshop on Privacy in electronic society

October 2006

128 pages

ISBN:1595935568

DOI:10.1145/1179601

General Chair:
Ari Juels
RSA Laboratories
,
Program Chair:
Marianne Winslett
UIUC

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 30 October 2006

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS06

Sponsor:

CCS06: 13th ACM Conference on Computer and Communications Security 2006

October 30, 2006

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
730
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hammann SSasse RBasin DSun HShieh SGu GAteniese G(2020)Privacy-Preserving OpenID ConnectProceedings of the 15th ACM Asia Conference on Computer and Communications Security10.1145/3320269.3384724(277-289)Online publication date: 5-Oct-2020
https://dl.acm.org/doi/10.1145/3320269.3384724
Delignat-Lavaud AFournet CKohlweiss MParno B(2016)Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation2016 IEEE Symposium on Security and Privacy (SP)10.1109/SP.2016.22(235-254)Online publication date: May-2016
https://doi.org/10.1109/SP.2016.22
Zhang YChen J(2013)Universal Identity Management Based on Delegation in SOAAdvanced Web Services10.1007/978-1-4614-7535-4_3(51-74)Online publication date: 6-Aug-2013
https://doi.org/10.1007/978-1-4614-7535-4_3
Zhang YChen J(2011)A Delegation Solution for Universal Identity Management in SOAIEEE Transactions on Services Computing10.1109/TSC.2010.94:1(70-81)Online publication date: 1-Jan-2011
https://dl.acm.org/doi/10.1109/TSC.2010.9

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Achieving Privacy in a Federated Identity Management System

Privacy by Design in Federated Identity Management

Enhancing privacy in identity management systems

Comments

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Achieving Privacy in a Federated Identity Management System

Privacy by Design in Federated Identity Management

Enhancing privacy in identity management systems

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations