Achieving Privacy in a Federated Identity Management System

14 years 6 months ago

Download labs.oracle.com

Federated identity management allows a user to eﬃciently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated identity-management systems. The protections include minimal disclosure and providing PII only on a “need-to-know” basis. We then look at the Liberty Alliance system and analyze previous privacy critiques of that system. We show how law and policy provide privacy protections in federated identitymanagement systems, and that privacy threats are best handled using a combination of technology and law/policy tools.

Susan Landau, Hubert Lê Van Gông, Robi

Real-time Traffic

Cryptography | FC 2009 | Privacy | Privacy Protections | Privacy Risks |

claim paper

Post Info
More Details (n/a)

Added	26 May 2010
Updated	26 May 2010
Type	Conference
Year	2009
Where	FC
Authors	Susan Landau, Hubert Lê Van Gông, Robin Wilton

Comments (0)

Sciweavers

Achieving Privacy in a Federated Identity Management System

Cryptography | FC 2009 | Privacy | Privacy Protections | Privacy Risks |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers