Federated identity management systems, such as the Liberty Alliance framework, are intended to protect identity and control access to personal information. An audit trail service has been proposed as an addition to the framework to address potential privacy breaches. A simple scenario is used to analyze what should be logged to an audit trail and how it should be logged in order to address privacy concerns and comply with privacy legislation. The implementation of an audit trail service conforming to the Liberty Alliance data service template is described. Our research to date has achieved results which show promise in terms of having a scalable solution that conforms to Liberty Alliance specifications and protects the user's identity while providing a consolidated view of the data sharing activities associated with their personal information.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Aarts R., Madsen P., eds., Liberty ID-WSF Interaction Service Specification, Ver. 2.0, Liberty Alliance Project, New Jersey, 2006. http://www.projectliberty.org/liberty/content/download/885/6231/file/liberty-idwsf-interaction-svc-v2.0.pdf, Accessed 2007/02
	2	Mark S. Ackerman , Lorrie Faith Cranor , Joseph Reagle, Privacy in e-commerce: examining user scenarios and privacy preferences, Proceedings of the 1st ACM conference on Electronic commerce, p.1-8, November 03-05, 1999, Denver, Colorado, United States  [doi>10.1145/336992.336995]
	3	M. Alsaleh, Enhancing Consumer Privacy in Identity Federation Architectures, Thesis, University of Ottawa, September 2006.
	4	M. Alsaleh, C. Adams, "Enhancing Consumer Privacy in the Liberty Alliance Identity Federation and Web Services Frameworks". In Proceedings of the 6th Workshop on Privacy Enhancing Technologies (PET 2006), Cambridge, United Kingdom, June 2006
	5	Chen X., Zhang J., Wu D., Han R., (2005) 'HIPPA's compliant Auditing System for Medical Imaging System', proceedings of the 2005 IEEE Engineering in Medicine and Biology 27th Annual Conference, Shanghai, China, Sept1--4.
	6	J. Davies, N. Huismans, R. Slaney, S. Whiting, M. Webster and R. Berry, An Aspect Oriented Performance Analysis Environment, International Conference on Aspect Oriented Software Development, 2003. http://aosd.net/archive/2003/program/davies. pdf Accessed 2007/02
	7	Ellison, G., ed., "Liberty ID-WSF Security Mechanisms"; version 1.0--17, Liberty Alliance, Project, July 2003, http://www.projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications Accessed 2007/02
	8	European Union Directive on Privacy and Electronic Communications. European Parliament, Brussels, Belgium, 2002. http://register.consilium.eu.int/pdf/en/02/st03/03636en2.pdf, Accessed 2007/02
	9	Carrie Gates , Jacob Slonim, Owner-controlled information, Proceedings of the 2003 workshop on New security paradigms, August 18-21, 2003, Ascona, Switzerland  [doi>10.1145/986655.986670]
	10	Health Insurance Portability and Accountability Act (HIPAA), United States Congress, United States, 1996. http://aspe.hhs.gov/admnsimp/p1104191.htm, Accessed February, 2007
	11	Hodges, J., Aarts R., Madsen P, Cantor, S., Eds., Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification Ver2.0, Liberty Alliance Project, New Jersey, 2006. http://www.projectliberty.org/liberty/content/download/871/6189/file/liberty-idwsf-authn-svo-v2.0.pdf, Accessed 2007/02
	12	Hodges, J., Cahill, C., Eds., Liberty ID-WSF Discovery Service Specification. Ver2.0, Liberty Alliance Project, New Jersey, 2006. http://www.projectliberty.org/liberty/content/download/875/6201/file/liberty-idwsf-disco-svc-v2.0.pdf, Accessed 2007/02
	13	Kellomäki, S., Kainulainen, J., eds., Liberty ID-WSF Data Services Template ver.2.1, Liberty Alliance Project, New Jersey, 2006. http://www.projectliberty.org/liberty/content/download/879/6213/file/liberty-idwsf-dst-v2.1.pdf, Accessed 2007/02
	14	Kemp, Y., eds., "Liberty ID-WSF Web Services Framework Overview", Liberty Alliance Project, 2004, http://www.projectliberty.org/liberty/resource_center/papers, Accessed 2007/02
	15	Michael Koch , Kathrin M. MöSlein, Identities Management for E-Commerce and Collaboration Applications, International Journal of Electronic Commerce, v.9 n.3, p.11-29, Number 3/Spring 2005
	16	Landau, S., eds., "Liberty ID-WSF Security & Privacy Overview"; version 1.0, Liberty Alliance Project, 2003, http://www.projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications. Accessed February 2007.
	17	The Personal Information Protection and Electronic Documents Act (PIPEDA), Department of Justice, Canada, 2000. http://laws.justice.gc.ca/en/P-8.6/text.html, Accessed 2007/02
	18	Liam Peyton , Max Nozin, Tracking privacy compliance in B2B networks, Proceedings of the 6th international conference on Electronic commerce, October 25-27, 2004, Delft, The Netherlands  [doi>10.1145/1052220.1052268]
	19	L. Peyton, A. Rajwani, "A Generative Framework for Managed Services", Third International Conference on Generative Programming and Component Engineering, Vancouver, October, 2004.
	20	D. Shin, G-J Ahn, P Shenoy. Ensuring Information Assurance in Federated Identity Management, IEEE Intl. Conference on Performance, Computing, and Communications, 2004, p. 821--826
	21	Wason, T., eds., "Liberty ID-FF Architecture Overview"; version 1.2Liberty Alliance Project, March 2003. http://www.projectliberty.org/liberty/resource_center/papers, Accessed 2007/02
	22	Yip, F. Ray, P. Paramesh, N. (2006) 'Enforcing Business Rules and Information Security Policies through Compliance Audits; XISSF - A Compliance Specification Mechanism', Business-Driven IT Management, BDIM '06, The First IEEE/IFIP International, ISBN: 1-4244-0176-3, pp. 81--90.
	23	B. Parr, R. Villars, "Digital Identities: The Coming Struggle for the Future of the net", IDC, 2001
	24	M. Casassa Mont, P. Bramhall, and J. Pato, "On Adaptive Identity Management: The Next Generation of Identity Management Technologies", Technical Report HPL-2003-149, HP Labs, 2003.
	25	M. Casassa Mont, P. Bramhall, M. Gittler, J. Pato, O. Rees, "Identity Management: a key e-business enabler", PL-2002-164, SSGRR2002s, L'Aquila, Italy, 2002
	26	Federation of Identities in a Web Services World: whitepaper by IBM and Microsoft, http://www-128.ibm.com/developerworks/webservices/library/specification/ws-fedworld/
	27	S Cantor et al, Oasis Security Services: "Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2. 0".