ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Privilege federation between different user profiles for service federation
Full text PdfPdf (422 KB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 4th ACM workshop on Digital identity management table of contents
Alexandria, Virginia, USA
SESSION: Federation for services table of contents
Pages 41-50  
Year of Publication: 2008
ISBN:978-1-60558-294-8
Authors
Makoto Hatakeyama  NEC Corporation, Minato-Ku, Tokyo, Japan
Shigeyoshi Shima  NEC Corporation, Minato-Ku, Tokyo, Japan
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 18,   Downloads (12 Months): 105,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456424.1456432
What is a DOI?

ABSTRACT

Service providers often incorporate services other than the main ones they offer for user convenience. Such service providers need to exchange personal attributes with other providers they interact with and link user accounts. Some service providers, however, can not federate the accounts, because the subject of them is not always same; for instance, one subject of an account is a user of a personal profile, and the other of another account is the one of a family profile. Thus a mechanism is needed to federate user profiles. To address this issue, we propose a privilege federation framework for personal attribute exchange between different user profiles. This framework enables the providers to exchange attributes based on identity federation established by privilege exchange. With it, they can determine what attributes to be exchanged with the privilege assertion and protect privacy information against leakage.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Abhilasha Bhargav-Spantzel , Anna C. Squicciarini , Elisa Bertino, Trust Negotiation in Identity Management, IEEE Security and Privacy, v.5 n.2, p.55-63, March 2007  [doi>10.1109/MSP.2007.46]
 
2
M. Hatakeyama, and H. Gomi, "Privacy Policy Negotiation Framework for Attribute Exchange," In W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, 2006
 
3
Liberty Alliance Project, "Liberty ID-WSF People Service Specification," Version 1.0, 2005. Available on line at: http://www.projectliberty.org/liberty/specifications_1
 
4
specs@openid.net, "OpenID Authentication 2.0 -- Final," 2007. Available on line at: http://openid.net/developers/specs/
 
5
Brent N. Chun , Andy Bavier, Decentralized Trust Management and Accountability in Federated Systems, Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9, p.90279.1, January 05-08, 2004
6
Stefan Berthold , Sebastian Clauss, Linkability estimation between subjects and message contents using formal concepts, Proceedings of the 2007 ACM workshop on Digital identity management, November 02-02, 2007, Fairfax, Virginia, USA  [doi>10.1145/1314403.1314410]
7
Hidehito Gomi , Makoto Hatakeyama , Shigeru Hosono , Satoru Fujita, A delegation framework for federated identity management, Proceedings of the 2005 workshop on Digital identity management, November 11-11, 2005, Fairfax, VA, USA  [doi>10.1145/1102486.1102502]
 
8
M. Schunter, and M. Waidner, "Simplified Privacy Controls for Aggregated Services Suspend and Resume of Personal Data," LECTURE NOTES IN COMPUTER SCIENCE (LNCS), Vol. 4476, pp. 218--232, 2007.
 
9
D. Chappell, "Introducing Windows CardSpace," 2006. Available on line at: http://msdn.microsoft.com/en-us/library/aa480189.aspx
 
10
K. Seamons, M. Winslett, T. Yu, L. Yu and R. Jarvis, "Protecting Privacy during Online Trust Negotiation," In 2nd Workshop on Privacy Enhancing Technologies, 2002.
 
11
E. Barka and R. Sandhu, "A Role--Based Delegation Model and Some Extensions," 23rd National Information Systems Security Conference, 2000.
 
12
OASIS, "Web Services Security: WS-Security Core Specification 1.1," OASIS Standard, February 2006. Available online at: http://docs.oasis-open.org/wss/v1.1/
 
13
Liberty Alliance Project, "Liberty ID-WSF Web Services Framework Overview," Version 1.1, 2005. Available on line at: http://www.projectliberty.org/liberty/specifications_1
 
14
OECD, "OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data," 2004. Available online at: http://www.oecd.org/document/18/0,2340,en_2649_201185_1815186?1_1_1_1,00.html.
 
15
OAuth Core Workgroup, "OAuth," 2007. Available on line at: http://oauth.net/documentation/spec
 
16
OASIS, "WS-Trust 1.3," OASIS Standard, 2007. Available on line at: http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html
 
17
OASIS, "Assertions and Protocols for the OASIS Security Markup Language (SAML) V2.0," OASIS Standard, March 2005. Available online at: http://www.oasis--open.org/apps/org/workgroup/security/
18
Qun Ni , Alberto Trombetta , Elisa Bertino , Jorge Lobo, Privacy-aware role based access control, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France  [doi>10.1145/1266840.1266848]
19
Basit Shafiq , Elisa Bertino , Arif Ghafoor, Access control management in a distributed environment supporting dynamic collaboration, Proceedings of the 2005 workshop on Digital identity management, November 11-11, 2005, Fairfax, VA, USA  [doi>10.1145/1102486.1102503]
 
20
OASIS, "eXtensible Access Control Markup Language (XACML) Version 2.0," OASIS Standard, February 2005. Available online at: http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
 
21
W3C, "The Platform for Privacy Preferences 1.0 (P3P 1.0) Specification," W3C Recommendation, April 2002. Available online at: http://www.w3.org/TR/P3P/
 
22
Liberty Alliance Project, "Liberty ID-WSF Discovery Service Specification," Version 2.0, 2006. Available on line at: http://www.projectliberty.org/liberty/specifications_1
 
23
Liberty Alliance Project, "Liberty ID-WSF Data Service Template," Version 2.1, 2006. Available on line at: http://www.projectliberty.org/liberty/specifications_1

CITED BY
Deborah Bodeau, Safeguarding digital identity: the SPICI (Sharing Policy, Identity, and Control Information) approach to negotiating identity federation and sharing agreements, Proceedings of the 8th Symposium on Identity and Trust on the Internet, April 14-16, 2009, Gaithersburg, Maryland

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Unauthorized access (e.g., hacking, phreaking)


General Terms:
Management, Security


Keywords:
access control, identity federation, privilege management

Collaborative Colleagues:
Makoto Hatakeyama: colleagues
Shigeyoshi Shima: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player