Abstract
The problem of federated identity, the ability to sign-in across multiple services, has not been solved in a privacy-respecting or secure manner. We briefly analyze the design of OpenID Connect, as implemented by Google and Microsoft, and BrowserID as implemented by Mozilla Personae. Then we consider a capabilities-based approach to federated identity that posits identity to be a set of capabilities that a user can prove to a service that they possess, such as possession of the capability to check a particular email address. Then we show how we can extend existing federated identity approaches can be re-designed using capabilities verified by the use of key material.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Adida, B.: BrowserID (Mozilla Personae) (2012), https://browserid.org/
Bradley, J., Recordon, D., Jones, M., Sakimura, N.: OpenID Connect (2012), http://openid.net/connect/
Camenisch, J., Lysyanskaya, A.: Signature Schemes and Anonymous Credentials from Bilinear Maps. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–72. Springer, Heidelberg (2004)
Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
Camenisch, J., Van Herreweghen, E.: Design and implementation of the Idemix anonymous credential system. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 21–30. ACM, New York (2002)
Chander, A., Mitchell, J., Dean, D.: A State-Transition Model of Trust Management and Access Control. In: Proceedings of the 14th IEEE Workshop on Computer Security Foundations (CSFW 2001). IEEE Computer Society, Washington, DC (2001)
Dey, A., Weis, S.: PseudoID: Enhancing Privacy for Federated Login. In: Hot Topics in Privacy Enhancing Technologies, pp. 95–107 (2010), http://research.google.com/pubs/pub36553.html
Fiege, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. In: Aho, A.V. (ed.) Proceedings of the ACM Symposium on Theory of Computing (STOC 1987), pp. 210–217. ACM, New York (1987)
Hardt, D.: OpenID Authentication 2.0 (2007), https://openid.net/specs/openid-authentication-2_0.html
Hardt, D.: OAuth 2.0 Authorization Protocol. IETF RFC (2012), https://tools.ietf.org/html/draft-ietf-oauth-v2-31
Laurie, B.: Access Control (2008), http://www.links.org/files/capabilities.pdf
McCallister, E., Grance, T., Scarfone, K.: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII). P 800-122. Technical Report. NIST, Gaithersburg, MD, United States (2010)
Shepard, L.: Facebook Connect (2012), http://www.facebook.com/help/?page=229348490415842
Story, H.: WebID (2012), http://webid.info
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Halpin, H., Cook, B. (2014). Federated Identity as Capabilities. In: Preneel, B., Ikonomou, D. (eds) Privacy Technologies and Policy. APF 2012. Lecture Notes in Computer Science, vol 8319. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54069-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-54069-1_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54068-4
Online ISBN: 978-3-642-54069-1
eBook Packages: Computer ScienceComputer Science (R0)