research-article

Identity federation and privacy: one step beyond

Authors:

Sébastien Canard,

Eric Malville,

Jacques TraoréAuthors Info & Claims

DIM '08: Proceedings of the 4th ACM workshop on Digital identity management

Pages 25 - 32

https://doi.org/10.1145/1456424.1456430

Published: 31 October 2008 Publication History

Get Access

Abstract

Providing Single Sign-On (SSO) between SPs and enabling SPs to share user personal attributes are critical for both users to benefit from a seamless access to their services, and SPs to realize new business opportunities. Today, however, the users have several independent, partial identities spread over different SPs. Providing SSO and attribute sharing requires that links (federations) are established between (partial) identities. In Liberty and SAML, the links between identities are stored and managed at the network side by the IdPs (network-side identity federation). This model prevents the SPs from mass-correlating the partial identities they have, but the users must fully trust the IdPs. In this paper, we propose a complementary approach where the users have a full control of the links between the partial identities. This client-side identity federation approach relies on the introduction of a new cryptographic tool, called invariable partially blind signature scheme, that may be of independent interest.

References

[1]

Masayuki Abe. A secure three-move blind signature scheme for polynomially many signatures. In EUROCRYPT '01, volume 2045 of Lecture Notes in Computer Science, pages 136-151. Springer-Verlag, 2001.

Digital Library

Google Scholar

[2]

Liberty Alliance. http://www.projectliberty.org/.

Google Scholar

[3]

Stefan A. Brands. An efficient off-line electronic cash system based on the representation problem. Technical report, Amsterdam, The Netherlands, The Netherlands, 1993.

Digital Library

Google Scholar

[4]

Jan Camenisch, Jean-Marc Piveteau, and Markus Stadler. Blind signatures based on the discrete logarithm problem. In EUROCRYPT'94, pages 428--432, 1994.

Google Scholar

[5]

CardSpace. http://netfx3.com/content/windowscardspacehome.aspx.

Google Scholar

[6]

David Chaum. Blind signatures for untraceable payments. In CRYPTO, pages 199-203, 1982.

Google Scholar

[7]

David Chaum. Blind signature system. In CRYPTO, page 153, 1983.

Google Scholar

[8]

David Chaum and Torben P. Pedersen. Wallet databases with observers. In CRYPTO'92, volume 740 of Lecture Notes in Computer Science, pages 89--105. Springer, 1992.

Digital Library

Google Scholar

[9]

Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In CRYPTO, pages 186--194, 1986.

Digital Library

Google Scholar

[10]

E. Maler, P. Mishra, and R. Philpott. Assertions and protocol for the oasis security assertion markup language (saml). OASIS Standard, September 2003.

Google Scholar

[11]

OpenID. http://openid.net/.

Google Scholar

[12]

Claus-Peter Schnorr. Efficient identification and signatures for smart cards. In CRYPTO, pages 239--252, 1989.

Digital Library

Google Scholar

Cited By

View all

Birrell ESchneider F(2013)Federated Identity Management SystemsIEEE Security and Privacy10.1109/MSP.2013.11411:5(36-48)Online publication date: 1-Sep-2013
https://dl.acm.org/doi/10.1109/MSP.2013.114
Mashima DBauer DAhamad MBlough D(2012)User-Centric Identity Management Architecture Using Credential-Holding Identity AgentsDigital Identity and Access Management10.4018/978-1-61350-498-7.ch005(78-96)Online publication date: 2012
https://doi.org/10.4018/978-1-61350-498-7.ch005
Gupta A(undefined)Doctrinal Mutilation: The Board of Immigration Appeals' Flawed Analysis of the 'Continuing Persecution' Doctrine in Claims Based on Past Female Genital MutilationSSRN Electronic Journal10.2139/ssrn.1984965
https://doi.org/10.2139/ssrn.1984965

Index Terms

Identity federation and privacy: one step beyond
1. Information systems
  1. World Wide Web
    1. Web applications
      1. Internet communications tools
2. Security and privacy
  1. Security services
    1. Authentication

Recommendations

Establishing and protecting digital identity in federation systems
DIM '05: Proceedings of the 2005 workshop on Digital identity management

We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information ...
Identity Federation for VoIP systems
Digital Identity Management (DIM 2007)

Identity Federation enables Users to effectively manage their multiple Identities spread across different administrative domains. It leverages trust between the Identity Providers to allow Users to federate and share their Identity information to ...
Symmetric identity federation for fixed-mobile convergence
DIM '08: Proceedings of the 4th ACM workshop on Digital identity management

This paper discusses issues with identity federation for fixed-mobile convergence to enable single sign-on to applications across networks, leveraging both fixed and mobile terminals. Standardized in OASIS SAML v2.0 specifications, identity federation ...

Comments

Information & Contributors

Information

Published In

DIM '08: Proceedings of the 4th ACM workshop on Digital identity management

October 2008

112 pages

ISBN:9781605582948

DOI:10.1145/1456424

Program Chairs:
Elisa Bertino
CERIAS, Purdue University, USA
,
Kenji Takahashi
NTT, Japan

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS08

Sponsor:

CCS08: 15th ACM Conference on Computer and Communications Security 2008

October 31, 2008

Virginia, Alexandria, USA

Acceptance Rates

Overall Acceptance Rate 16 of 34 submissions, 47%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
587
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)2

Reflects downloads up to 18 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Birrell ESchneider F(2013)Federated Identity Management SystemsIEEE Security and Privacy10.1109/MSP.2013.11411:5(36-48)Online publication date: 1-Sep-2013
https://dl.acm.org/doi/10.1109/MSP.2013.114
Mashima DBauer DAhamad MBlough D(2012)User-Centric Identity Management Architecture Using Credential-Holding Identity AgentsDigital Identity and Access Management10.4018/978-1-61350-498-7.ch005(78-96)Online publication date: 2012
https://doi.org/10.4018/978-1-61350-498-7.ch005
Gupta A(undefined)Doctrinal Mutilation: The Board of Immigration Appeals' Flawed Analysis of the 'Continuing Persecution' Doctrine in Claims Based on Past Female Genital MutilationSSRN Electronic Journal10.2139/ssrn.1984965
https://doi.org/10.2139/ssrn.1984965

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Establishing and protecting digital identity in federation systems

Identity Federation for VoIP systems

Symmetric identity federation for fixed-mobile convergence

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations