Article

Free access

Usability and privacy in identity management architectures

Authors:

Muhammed Al Zomai,

Suriadi SuriadiAuthors Info & Claims

ACSW '07: Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68

Pages 143 - 152

Published: 30 January 2007 Publication History

Abstract

Digital identities represent who we are when engaging in online activities and transactions. The rapid growth in the number of online services leads to in an increasing number of different identities that each user needs to manage. As a result, many people feel overloaded with identities and suffer from password fatigue. This is a serious problem and makes people unable properly control and protect their digital identities against identity theft. This paper discusses the usability and privacy in online identity management solutions, and proposed a general approach for making users better able to control and manage their digital identities, as well as for creating more secure identity management solutions. More specifically, we propose a user-centric approach based on hardware and software technology on the user-side with the aim of assisting users when accessing online services.

References

[1]

A. Jøsang and S. Pope. User-Centric Identity Management. In Andrew Clark., editor, Proceedings of AusCERT 2005, Brisbane, Australia, May 2005.

[2]

A. Whitten and J. D. Tygar. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. In Proceedings of the 8th USENIX Security Symposium, Washington, D.C., August 1999.

Digital Library

[3]

A. Jøsang, P. M. Møllerud, and E. Cheung. Web Security: The Emperors New Armour. In Proceedings of the European Conference on Information Systems (ECIS2001), Bled, Slovenia, June 2001.

[4]

A. Cavoukian and M. Crompton. Web Seals: A Review of Online Privacy Programs. A Joint Project of The Office of the Information and Privacy Commissioner/Ontario and The Office of the Federal Privacy Commissioner of Australia, http://www.ipc.on.ca/english/pubpres/papers/seals.pdf, Venice, September 2000.

[5]

L. A. Bygrave. Privacy Protection in a Global Context - A Comparative Overview. Scandinavian Studies in Law, 47:319--348, 2004.

[6]

L. Cranor et al. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation 16 April 2002, http://www.w3.org/TR/P3P/, 2002.

[7]

David Chappel. Introducing Windows CardSpace. http://msdn.microsoft.com/library/en-us/dnlong/html/IntroInfoCard.asp, April 2006.

[8]

Kim Cameron. Interview with Kim Cameron about the Identity Laws. Webcast available from: http://channel9.msdn.com/, June 2006.

[9]

Liberty-Alliance. Liberty ID-FF Architecture Overview. Version: 1.2-errata-v1.0. http://www.projectliberty.org/specs/liberty-idff-arch-overview-v1.2.pdf, 2003.

[10]

OASIS. Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0, Committee Draft. Organization for the Advancement of Structured Information Standards, 15 January 2005.

[11]

Mobile Electronic Transactions Ltd. Personal Transaction Protocol Version 1.0, Draft Specification 01-11-2002. MeT, 2002.

[12]

A. Jøsang and G. Sanderud. Security in Mobile Communications: Challenges and Opportunities. In The Proceedings of the Australasian Information Security Workshop, Adelaide, February 2003.

Digital Library

[13]

Jim Krane. As mobile devices get 'smarter', they become prone to viruses.SiliconValley.com - Mercury News, URL: http://www.siliconvalley.com/mld/sili-convalley/2833740.htm, 10 March 2002.

[14]

National Research Council. Signposts in Cyberspace - The Domain Name System and Internet Navigation. The National Academic Press, Washington, D.C., 2005.

Digital Library

[15]

Amir Herzberg and Ahmed Gbara. Protecting (even Naïve) Web Users from Spoofing and Phishing Attacks. Technical Report 2004/155, Cryptology ePrint Archive, 2004.

Cited By

Ribeiro CLeitold HEsposito SMitzam D(2018)STORKInternational Journal of Information Security10.1007/s10207-017-0385-x17:5(569-585)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10207-017-0385-x
Chen BTan CZou X(2017)Cloud service platform of electronic identity in cyberspaceCluster Computing10.1007/s10586-017-0731-920:1(413-425)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1007/s10586-017-0731-9
Herzberg ALeibowitz HLenzini GBella GBenenson ZGates C(2016)Can Johnny finally encrypt?Proceedings of the 6th Workshop on Socio-Technical Aspects in Security and Trust10.1145/3046055.3046059(17-28)Online publication date: 5-Dec-2016
https://dl.acm.org/doi/10.1145/3046055.3046059
Show More Cited By

Index Terms

Usability and privacy in identity management architectures

Index terms have been assigned to the content through auto-classification.

Recommendations

Privacy requirements in identity management solutions
Proceedings of the 2007 conference on Human interface: Part II

In this paper we highlight the need for privacy of user data used in digital identity management systems. We investigate the issues from the individual, business, and government perspectives. We provide surveys related to the growing problem of identity ...
A user-centric federated single sign-on system

Current identity management systems are not concerned with user privacy. Users must assume that identity providers and service providers will ensure their privacy, which is not always the case. This paper proposes an extension of the existing federated ...
Criteria for Evaluating the Privacy Protection Level of Identity Management Services
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies

Identity Management is the one of web services that manages the digital identity and the personally identifiable information of the user who subscribed for various web services in Internet. It was developed to provide user with an easy way to use and ...

Comments

Information & Contributors

Information

Published In

cover image DL Hosted proceedings

ACSW '07: Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68

January 2007

189 pages

ISBN:192068285X

Publisher

Australian Computer Society, Inc.

Australia

Publication History

Published: 30 January 2007

Author Tags

Qualifiers

Article

Conference

ACSW '07

ACSW '07: ACSW frontiers

January 30 - February 2, 2007

Ballarat, Australia

Acceptance Rates

Overall Acceptance Rate 204 of 424 submissions, 48%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
1,737
Total Downloads

Downloads (Last 12 months)29
Downloads (Last 6 weeks)6

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ribeiro CLeitold HEsposito SMitzam D(2018)STORKInternational Journal of Information Security10.1007/s10207-017-0385-x17:5(569-585)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10207-017-0385-x
Chen BTan CZou X(2017)Cloud service platform of electronic identity in cyberspaceCluster Computing10.1007/s10586-017-0731-920:1(413-425)Online publication date: 1-Mar-2017
https://dl.acm.org/doi/10.1007/s10586-017-0731-9
Herzberg ALeibowitz HLenzini GBella GBenenson ZGates C(2016)Can Johnny finally encrypt?Proceedings of the 6th Workshop on Socio-Technical Aspects in Security and Trust10.1145/3046055.3046059(17-28)Online publication date: 5-Dec-2016
https://dl.acm.org/doi/10.1145/3046055.3046059
Komorowski MCoppens PVan den Broeck WBraet O(2016)Lowering the barriers for online cross-media usageTelematics and Informatics10.1016/j.tele.2016.02.00533:4(916-924)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1016/j.tele.2016.02.005
Ferdous MPoet R(2015)Managing dynamic identity federations using security assertion markup languageJournal of Theoretical and Applied Electronic Commerce Research10.4067/S0718-1876201500020000510:2(53-76)Online publication date: 1-May-2015
https://dl.acm.org/doi/10.4067/S0718-18762015000200005
Ferdous MNorman GPoet RPoet RMuttukrishnan R(2014)Mathematical Modelling of Identity, Identity Management and Other Related TopicsProceedings of the 7th International Conference on Security of Information and Networks10.1145/2659651.2659729(9-16)Online publication date: 9-Sep-2014
https://dl.acm.org/doi/10.1145/2659651.2659729
Slamanig DStranacher KZwattendorfer BOsborn STripunitara MMolloy I(2014)User-centric identity as a service-architecture for eIDs with selective attribute disclosureProceedings of the 19th ACM symposium on Access control models and technologies10.1145/2613087.2613093(153-164)Online publication date: 25-Jun-2014
https://dl.acm.org/doi/10.1145/2613087.2613093
Angulo JWästlund E(2013)Identity Management through "Profiles"Proceedings, Part III, of the 15th International Conference on Human-Computer Interaction. Users and Contexts of Use - Volume 800610.5555/2959924.2959927(10-19)Online publication date: 21-Jul-2013
https://dl.acm.org/doi/10.5555/2959924.2959927
Wild SAst MGaedke MWeippl EIndrawan-Santiago MSteinbauer MKotsis GKhalil I(2013)Towards a Context-Aware WebID Certificate Creation Taking Individual Conditions and Trust Needs into AccountProceedings of International Conference on Information Integration and Web-based Applications & Services10.1145/2539150.2539185(532-541)Online publication date: 2-Dec-2013
https://dl.acm.org/doi/10.1145/2539150.2539185
Brostoff SJennett CMalheiros MSasse MGroß THansen M(2013)Federated identity to access e-government servicesProceedings of the 2013 ACM workshop on Digital identity management10.1145/2517881.2517893(97-108)Online publication date: 8-Nov-2013
https://dl.acm.org/doi/10.1145/2517881.2517893
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents