ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Privacy policies compliance across digital identity management systems
Full text PdfPdf (509 KB)
Source
Geographic Information Systems archive
Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS table of contents
Irvine, California
SESSION: Policies table of contents
Pages 72-81  
Year of Publication: 2008
ISBN:978-1-60558-324-2
Authors
Anna C. Squicciarini  The Pennsylvania State University, University Park, PA
Alexei Czeskis  University of Washington, Seattle, WA
Abhilasha Bhargav-Spantzel  Intel Corporation, Santa Clara, CA
Sponsors
SIGSPATIAL : ACM Special Interest Group on Spatial Information
CERIAS : The Center for Education and Research in Information Assurance and Security
OCR : IBM Open Collaboartive Research Initiative
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 25,   Downloads (12 Months): 157,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1503402.1503416
What is a DOI?

ABSTRACT

An emerging approach for protecting identities of individuals, while at the same time enhancing user convenience, is represented by federated identity management systems. In this paper we develop an approach to support privacy controlled sharing of identity attributes in federated environments. We present a wide range of strategies that enable users to trace their personal information across the federation and verify whether it has been managed according to their privacy preferences. Users can employ one or more of these strategies according to their goals and priorities. Additionally, we analyze the challenging issue of data, privacy policy, and preference updates in a federated system. Our algorithm allows users and federated service providers to control whether new versions of data and users' privacy references have been used, and detect possible inconsistencies.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Gail-Joon Ahn , John Lam, Managing privacy preferences for federated identity management, Proceedings of the 2005 workshop on Digital identity management, November 11-11, 2005, Fairfax, VA, USA  [doi>10.1145/1102486.1102492]
2
Gail-Joon Ahn , John Lam, Managing privacy preferences for federated identity management, Proceedings of the 2005 workshop on Digital identity management, November 11-11, 2005, Fairfax, VA, USA  [doi>10.1145/1102486.1102492]
 
3
Franz Baader and Bernhard Hollunder. Embedding defaults into terminological knowledge representation formalisms. J. Autom. Reasoning, 14(1):149--180, 1995.
 
4
Abhilasha Bhargav-Spantzel , Jan Camenisch , Thomas Gross , Dieter Sommer, User centricity: A taxonomy and open issues, Journal of Computer Security, v.15 n.5, p.493-527, October 2007
 
5
Jan Camenisch, Thomas Gross, and Dieter Sommer. Enhancing privacy in identity federation anonymous credentials ensure unlinkability in ws-security. In IEEE Workshop on Web Services Security, 2006.
 
6
Lorrie Cranor, Marc Langheinrich, Massimo Marchiori, and J. Reagle.
 
7
Higgings. Open Source Initiative, http://www.eclipse.org/higgins, 2007.
 
8
http://www.zurich.ibm.com/security/enterpriseprivacy/epal/. EPAL 1.0 Specification.
 
9
IBM Tivoli Software. http://www-306.ibm.com/software/tivoli/, 2007.
 
10
Internet2. Shibboleth. http://shibboleth.internet2.edu.
 
11
Liberty Alliance Project. http://www.projectliberty.org.
 
12
Security Breaches at UCLA Medical Center More Privacy. http://www.privacy.org/archives/002241.html (accessed may 2008).
 
13
N. Noy and M. Musen. Using non-local context for semantic matching. In IJCAI 2001 workshop on ontology and information sharing, Seattle (WA US), pages 63--70, 2001.
 
14
P3P Preference Exchange Language 1.0 (APPEL1.0). http://www.w3.org/tr/p3p-preferences/.
 
15
Gurieth Karjoth Paul Ashley, Satoshi Hada and Matthias Schunter. E-P3P Privacy Policies and Privacy Authorization. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES), 2001.
16
Samir Saklikar , Subir Saha, User privacy-preserving identity data dependencies, Proceedings of the second ACM workshop on Digital identity management, November 03-03, 2006, Alexandria, Virginia, USA  [doi>10.1145/1179529.1179537]
 
17
Farzad Salim, Nicholas Paul Sheppard, and Reihaneh Safavi-Naini. Enforcing P3P policies using a digital rights management system. In Privacy Enhancing Technologies, pages 200--217, 2007.
 
18
SourceID: Open Source Federated Identity Management. http://www.sourceid.org/resources/basics.html.
 
19
Anna C. Squicciarini, Marco Casassa Mont, Abhilasha Bhargav-Spantzel, and Elisa Bertino. Automatic compliance verification of privacy policies in federated digital identity management. 2008.
 
20
Anna Cinzia Squicciarini, Abhilasha Bhargav-Spantzel, Alexei Czeskis, and Elisa Bertino. Traceable and automatic compliance of privacy policies in federated digital identity management. In Privacy Enhancing Technologies, pages 78--98, 2006.
 
21
OASIS Standard. Security assertion markup language (saml) v2.0, 2005.
 
22
Philip Sutton , Charles D. Hansen, Isosurface extraction in time-varying fields using a temporal branch-on-need tree (T-BON), Proceedings of the conference on Visualization '99: celebrating ten years, p.147-153, October 1999, San Francisco, California, United States
 
23
Cheryl Vroom and Rossouw von Solms. Towards information security behavioural compliance. Computers and Security, 23(3):191--198, May 2004.
 
24
Web Services Standard Listings. http://en.wikipedia.org/wiki/list_of_web_service_specifications, 2007.
25
Daniel J. Weitzner , Harold Abelson , Tim Berners-Lee , Joan Feigenbaum , James Hendler , Gerald Jay Sussman, Information accountability, Communications of the ACM, v.51 n.6, p.82-87, June 2008  [doi>10.1145/1349026.1349043]
 
26
K. Zhang , D. Shasha, Simple fast algorithms for the editing distance between trees and related problems, SIAM Journal on Computing, v.18 n.6, p.1245-1262, Dec. 1989  [doi>10.1137/0218082]

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Security


Keywords:
digital identity, privacy, tracing

Collaborative Colleagues:
Anna C. Squicciarini: colleagues
Alexei Czeskis: colleagues
Abhilasha Bhargav-Spantzel: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player