Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks
نویسندگان
چکیده
Internet usage has been growing significantly, and the issue of online privacy has become a correspondingly greater concern. Several recent surveys show that users’ concern about the privacy of their personal information reduces their use of electronic businesses and Internet services; furthermore, many users choose to provide false data in order to protect their real identities. Identity federation aims to assemble an identity virtually from a user’s personal information stored across several distinct identity management systems. Liberty Alliance is one of the most recognized projects in developing an open standard for federated network identity. While one of the key objectives of the Liberty Alliance is to enable consumers to protect the privacy and security of their network identity information, this paper identifies and analyzes possible privacy breaches within the Liberty identity Federation Framework and Liberty identity Web Services Framework. Proposals for improvement in both these frameworks are discussed.
منابع مشابه
Privacy in enterprise identity federation - policies for Liberty 2 single sign on
Cross-domain identity management is gaining significant interest in industry. A wellknown example is the Liberty Alliance’s specifications for single signon of web users across different enterprises. The Liberty Alliance stresses that account linking is voluntary for the users and that privacy is an important consideration. We evaluate the privacy of these specifications in detail. We point out...
متن کاملPrivacy in Enterprise Identity Federation
Cross-domain identity management is gaining significant interest in industry. A recent example is the Liberty Alliance’s specifications for single signon of users across a federation of enterprises. These specifications stress that the federation process is voluntary for the users and that privacy is preserved, e.g., by using pseudonyms. We evaluate the privacy of these specifications in detail...
متن کاملSelf-service Privacy: User-Centric Privacy for Network-Centric Identity
User privacy has become a hot topic within the identity management arena. However, the field still lacks comprehensive frameworks even though most identity management solutions include built-in privacy features. This study explores how best to set up a single control point for users to manage privacy policies for their personal information, which may be distributed (scattered) across a set of n...
متن کاملA Brief Introduction to Liberty
For the man on the street, the businesswoman in her o ce, the shopper or investor at home, identity on the Internet is a straightforward idea with a complex solution. Using Amazon, there is one sign-on and password; using United Airlines, another; connecting to L.L. Bean, yet another, and with Fidelity Investments, a fourth. Within the enterprise, each service | on-line corporate travel, 401(k)...
متن کامل