Federated Identity Management (FIM) allows for securely provisioning certified user identities and attributes to relying parties. It establishes higher security and data quality compared to user-asserted attributes and provides for stronger user privacy protection than technologies based upon user-side attribute certificates. Therefore, industry pursues the deployment of FIM solutions as one cornerstone of the WS-Security framework. Current research proposes even more powerful methods for security and privacy protection in identity management with so called anonymous credential systems. Being based on new, yet well-researched, signature schemes and cryptographic zero-knowledge proofs, these systems have the potential to improve the capabilities of FIM by superior privacy protection, user control, and multiple use of single credentials. Unfortunately, anonymous credential systems and their semantics being based upon zero-knowledge proofs are incompatible with the XML Signature Standard which is the basis for the WS-Security and most FIM frameworks. We put forth a general construction for integrating anonymous credential systems with the XML Signature Standard and FIM protocols. We apply this method to the WS-Security protocol framework and thus obtain a very flexible WS-Federation Active Requestor Profile with strong user control and superior privacy protection.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Michael Backes , Jan Camenisch , Dieter Sommer, Anonymous yet accountable access control, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November 07-07, 2005, Alexandria, VA, USA  [doi>10.1145/1102199.1102208]
	2	BANGERTER, E., CAMENISCH, J., AND LYSYANSKAYA, A. A cryptographic framework for the controlled release of certified data. In Twelfth International Workshop on Security Protocols 2004 (2004), LNCS, Springer Verlag.
	3	BRANDS, S. Rethinking Public Key Infrastructure and Digital Certificates-Building in Privacy. PhD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands, 1999.
	4	CAMENISCH, J., GROSS, T., AND SOMMER, D. Enhancing privacy of federated identity management protocols -- anonymous credentials in ws-security. Tech. rep., Purdue University, 2006.
	5	Jan Camenisch , Susan Hohenberger , Markulf Kohlweiss , Anna Lysyanskaya , Mira Meyerovich, How to win the clonewars: efficient periodic n-times anonymous authentication, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1180405.1180431]
	6	Jan Camenisch , Anna Lysyanskaya, An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.93-118, May 06-10, 2001
	7	CAMENISCH, J., SOMMER, D., AND ZIMMERMANN, R. A general certification framework with applications to privacy-enhancing certificate infrastructures. In SEC 2006 (2006).
	8	Jan Camenisch , Markus Stadler, Efficient Group Signature Schemes for Large Groups (Extended Abstract), Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology, p.410-424, August 17-21, 1997
	9	DODIS, Y., AND YAMPOLSKIY, A. A verifiable random function with short proofs an keys. In Public Key Cryptography (2005), vol. 3386 of LNCS, pp. 416--431.
	10	EASTLAKE 3RD, D., REAGLE, J., AND SOLO, D. XML-Signature syntax and processing, Mar. 2002. http://www.w3.org/TR/xmldsig-core/.
	11	Amos Fiat , Adi Shamir, How to prove yourself: practical solutions to identification and signature problems, Proceedings on Advances in cryptology---CRYPTO '86, p.186-194, January 1987, Santa Barbara, California, United States
	12	KALER, C., AND NADALIN, A. Web services federation language (ws-federation), version 1, July 2003.
	13	KALER, C., AND NADALIN, A. Ws-federation active requestor profile, version 1, July 2003.
	14	OASIS. Ws-security standard, 2004.