User centricity

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

User centricity: a taxonomy and open issues

Full text

Pdf (129 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the second ACM workshop on Digital identity management table of contents

Alexandria, Virginia, USA

SESSION: User-centric identity management frameworks table of contents

Pages: 1 - 10

Year of Publication: 2006

ISBN:1-59593-547-9

Authors

Abhilasha Bhargav-Spantzel	Purdue University
Jan Camenisch	IBM Zurich Research Laboratory
Thomas Gross	IBM Zurich Research Laboratory
Dieter Sommer	IBM Zurich Research Laboratory

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 20, Downloads (12 Months): 133, Citation Count: 3

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1179529.1179531 What is a DOI?

ABSTRACT

User centricity is a significant concept in federated identity management (FIM), as it provides for stronger user control and privacy. However, several notions of user-centricity in the FIM community render its semantics unclear and hamper future research in this area. Therefore, we consider user-centricity abstractly and establish a comprehensive taxonomy encompassing user-control, architecture, and usability aspects of user-centric FIM. On the systems layer, we discuss user-centric FIM systems and classify them into two predominant variants with significant feature sets. We distinguish credential-focused systems, which advocate offline identity providers and long-term credentials at a user's client, and relationship-focused systems, which rely on the relationships between users and online identity providers that create short-term credentials during transactions. Note that these two notions of credentials are quite different. The further one encompasses cryptographic credentials as defined by Lysyanskaya et al. [30], the latter one federation tokens as used in today's FIM protocols like Liberty.We raise the question where user-centric FIM systems may go--within the limitations of the user-centricity paradigm as well as beyond them. Firstly, we investigate the existence of a universal user-centric FIM system that can achieve a superset of security and privacy properties as well as the characteristic features of both pre-dominant classes. Secondly, we explore the feasibility of reaching beyond user-centricity, that is, allowing a user of a user-centric FIM system to again give away user-control by means of an explicit act of delegation. We do neither claim a solution for universal user-centric systems nor for the extension beyond the boundaries ventures by leveraging the properties of a credential-focused FIM system.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Introduction to usability, 2005. http://www.usabilityfirst.com/intro/index.txl.
	2	Martín Abadi , Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, v.22 n.1, p.6-15, January 1996 [doi>10.1109/32.481513]
	3	ASHLEY, P., HADA, S., KARJOTH, G., POWERS, C., AND SCHUNTER, M. Enterprise Privacy Authorization Language (EPAL 1.1), 2003.
	4	Claudio Bettini , Sushil Jajodia , X. Sean Wang , Duminda Wijesekera, Provisions and Obligations in Policy Rule Management, Journal of Network and Systems Management, v.11 n.3, p.351-372, September 2003 [doi>10.1023/A:1025711105609]
	5	Matt Blaze , Joan Feigenbaum , Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.59-63, April 15-17, 1998
	6	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Certer for Discrete Mathematics & Theoretical Computer Science, 1996
	7	BRANDS, S. Rethinking Public Key Infrastructure and Digital Certificates--Building in Privacy. PhD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands, 1999.
	8	Ernie Brickell , Jan Camenisch , Liqun Chen, Direct anonymous attestation, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA [doi>10.1145/1030083.1030103]
	9	CAMENISCH, J. Protecting (anonymous) credentials with the trusted computing group's trusted platform modules v1.2. In Proceedings of the 21st IFIP International Information Security Conference (SEC 2006) (2006).
	10	Jan Camenisch , Anna Lysyanskaya, An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.93-118, May 06-10, 2001
	11	Jan Camenisch , Anna Lysyanskaya, Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials, Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology, p.61-76, August 18-22, 2002
	12	CAMENISCH, J., AND LYSYANSKAYA, A. Signature schemes and anonymous credentials from bilinear maps. In Advances in Cryptology -- CRYPTO 2004 (2004), LNCS, Springer Verlag.
	13	CAMENISCH, J., AND SHOUP, V. Practical verifiable encryption and decryption of discrete logarithms. In Advances in Cryptology -- CRYPTO 2003 (2003), D. Boneh, Ed., LNCS.
	14	CAMENISCH, J., SOMMER, D., AND ZIMMERMANN, R. A general certification framework with applications to privacy-enhancing certificate infrastructures. In Proceedings of the 21st IFIP International Information Security Conference (2006).
	15	CAMERON, K. Laws of identity, 5/12/2005.
	16	CHASE, M., AND LYSYANSKAYA, A. On signatures of knowledge. Cryptology ePrint Archive, Report 2006/184, 2006.
	17	CRANOR, L., LANGHEINRICH, M., MARCHIORI, M., PRESLER-MARSHALL, M., AND REAGLE, J. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification.
	18	EUROPEAN PARLIAMENT. Directive 95/46/ec of the european parliament and the council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities (1995).
	19	Richard S. Hall , Dennis Heimbigner , Alexander L. Wolf, A cooperative approach to support software deployment using the software dock, Proceedings of the 21st international conference on Software engineering, p.174-183, May 16-22, 1999, Los Angeles, California, United States [doi>10.1145/302405.302463]
	20	Higgins Trust Framework, 2006. http://www.eclipse.org/higgins/.
	21	R. Housley , W. Polk , W. Ford , D. Solo, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC Editor, 2002
	22	IDENTITY-MANAGEMENT. Liberty alliance project. http://www.projectliberty.org.
	23	INTERNET2. Shibboleth. http://shibboleth.internet2.edu.
	24	J. MERRELS, SXIP IDENTITY. DIX: Digital Identity Exchange Protocol. Internet Draft, March 2006.
	25	KALER, C., AND NADALIN, A. Web services federation language, 2003.
	26	KALER, C., AND NADALIN, A. Ws-federation: Passive requestor profile, 2003. Available from: ftp://www6.software.ibm.com/software/developer/library/ws-fedpass.pdf.
	27	Ninghui Li , William H. Winsborough , John C. Mitchell, Distributed credential chain discovery in trust management: extended abstract, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.502005]
	28	LIBERTY ALLIANCE. Liberty alliance id-ff 1.2 specifications. Available at http://www.projectliberty.org.
	29	LÜER, C., AND VAN DER HOEK, A. Jploy: User-centric deployment support in a component platform.
	30	Anna Lysyanskaya , Ronald L. Rivest , Amit Sahai , Stefan Wolf, Pseudonym Systems, Proceedings of the 6th Annual International Workshop on Selected Areas in Cryptography, p.184-199, August 09-10, 1999
	31	MICROSOFT. A technical reference for InfoCard v1.0 in windows, 2005.
	32	NATIONAL INSTITUTE FOR STANDARDS AND TECHNOLOGY (NIST). Digital signature standard (dss), 2000.
	33	OASIS STANDARD. Security assertion markup language (SAML) V2.0, 2005.
	34	OECD. OECD guidelines on the protection of privacy and transborder flows of personal data, 1980.
	35	PRIME CONSORTIUM. Privacy and Identity Management for Europe (PRIME). Web site at www.prime-project.eu.
	36	R. L. Rivest , A. Shamir , L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, v.21 n.2, p.120-126, Feb. 1978 [doi>10.1145/359340.359342]

CITED BY 3

	Abhilasha Bhargav-Spantzel , Anna C. Squicciarini , Shimon Modi , Matthew Young , Elisa Bertino , Stephen J. Elliott, Privacy preserving multi-factor authentication with biometrics, Journal of Computer Security, v.15 n.5, p.529-560, October 2007
	Anna C. Squicciarini , Alberto Trombetta , Elisa Bertino , Stefano Braghin, Identity-based long running negotiations, Proceedings of the 4th ACM workshop on Digital identity management, October 31-31, 2008, Alexandria, Virginia, USA
	Suriadi Suriadi , Ernest Foo , Audun Jøsang, A user-centric federated single sign-on system, Journal of Network and Computer Applications, v.32 n.2, p.388-401, March, 2009