Skip to main content
SpringerLink
Log in

Personal Information Self-Management: A Survey of Technologies Supporting Administrative Services

  • Survey
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

This paper presents a survey of technologies for personal data self-management interfacing with administrative and territorial public service providers. It classifies a selection of scientific technologies into four categories of solutions: Personal Data Store (PDS), Identity Manager (IdM), Anonymous Certificate System and Access Control Delegation Architecture. Each category, along with its technological approach, is analyzed thanks to 18 identified functional criteria that encompass architectural and communication aspects, as well as user data lifecycle considerations. The originality of the survey is multifold. First, as far as we know, there is no such thorough survey covering such a panel of a dozen of existing solutions. Second, it is the first survey addressing Personally Identifiable Information (PII) management for both administrative and private service providers. Third, this paper achieves a functional comparison of solutions of very different technical natures. The outcome of this paper is the clear identification of functional gaps of each solution. As a result, this paper establishes the research directions to follow in order to fill these functional gaps.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Paverd A, Martin A, Brown I. Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Technical Report, University of Oxford, 2014. https://www.cs.ox.ac.uk/people/andrew.paverd/casper/casperprivacy-report.pdf, Nov. 2020.

  2. De Capitani di Vimercati S, Foresti S, Samarati P. Authorization and access control. In Security, Privacy, and Trust in Modern Data Management, Petković M, Jonker W (eds.), Springer Berlin Heidelberg, 2007, pp.39-53. DOI: https://doi.org/10.1007/978-3-540-69861-6_4.

    Chapter  Google Scholar 

  3. Grassi P A, Galluzzo R, Piccarreta B M, Nadeau E M, Lefkovitz N B, Dinh A T. Attribute metadata: A proposed schema for evaluating federated attributes. Technical Report, NIST Computer Security Resource Center, 2018. https://csrc.nist.gov/publications/detail/nistir/8112/nal,Nov. 2020.

  4. Nuñez D, Agudo I. BlindIdM: A privacy-preserving approach for identity management as a service. International Journal of Information Security, 2014. 13(2): 1615-5270. DOI: https://doi.org/10.1007/s10207-014-0230-4.

    Article  Google Scholar 

  5. De Montjoye Y A, Shmueli E, Wang S S, Pentland A S. openPDS: Protecting the privacy of metadata through SafeAnswers. PLoS ONE, 2014, 9(7): Article No. e98790. DOI: 10.1371/journal.pone.0098790.

  6. Papadopoulou E, Stobart A, Taylor N K, Williams H M. Enabling data subjects to remain data owners. In Proc. the 9th KES International Conference on Agent and Multi-Agent Systems: Technologies and Applications, June 2015, pp.239-248. DOI: 10.1007/978-3-319-19728-9_20.

  7. Mortier R, Zhao J, Crowcroft J, Wang L, Li Q, Haddadi H, Amar Y, Crabtree A, Colley J, Lodge T, Brown T, McAuley D, Greenhalgh C. Personal data management with the databox: What's inside the box? In Proc. the 2016 ACM Workshop on Cloud-Assisted Networking, December 2016, pp.49-54. DOI: 10.1145/3010079.3010082.

  8. Paquin C. U-prove technology overview V1.1 (revision 2). Technical Report, Microsoft, 2013. https://www.microsoft.com/en-us/research/publication/u-prove-technology-overview-v1-1-revision-2/, Nov. 2020.

  9. Camenisch J, Pftzmann B. Federated identity management. In Security, Privacy, and Trust in Modern Data Management, Petković M, Jonker W (eds.), Springer Berlin Heidelberg, 2007, pp.213-238. DOI: https://doi.org/10.1007/978-3-540-69861-6_15.

    Chapter  Google Scholar 

  10. Maler E, Machulak M, Richer J, Hardjono T. Usermanaged access (UMA) 2.0 grant for OAuth 2.0 authorization. Technical Report, Internet Engineering Task Force, 2019. https://datatracker.ietf.org/doc/html/draftmaler-oauthumagrant-00, Nov. 2020.

  11. Ceccanti A, Hardt M, Wegh B, Millar P A, Caberletti M, Vianello E, Licehammer S. The INDIGO-data cloud authentication and authorization infrastructure. Journal of Physics: Conference Series, 2017, 898(10): Article No. 102016. DOI: 10.1088/1742-6596/898/10/102016.

  12. Campbell B, Mortimore C, Jones M. RFC 7522: Security assertion markup language (SAML) 2.0 profile for OAuth 2.0 client authentication and authorization grants. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7522, Nov. 2020.

  13. Sakimura N, Bradley J, Jones M, De Medeiros B, Mortimore C. OpenID connect core 1.0 incorporating errata set 1. Technical Report, The OpenID Foundation, Nov. 2014. https://openid.net/specs/openid-connect-core-1 0.html, Nov. 2020.

  14. Hardt D. RFC 6749: The OAuth 2.0 authorization framework. Technical Report, Internet Engineering Task Force, 2012. https://tools.ietf.org/html/rfc6749, Nov. 2020.

  15. Richer J, Jones M, Bradley J, Machulak M, Hunt P. RFC 7591: OAuth 2.0 dynamic client registration protocol. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7591, Nov. 2020.

  16. Richer J, Jones M, Bradley J, Machulak M. RFC 7592: OAuth 2.0 dynamic client registration management protocol. Technical Report, Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7592, Nov. 2020.

  17. Campbell B, Mortimore C, Jones M, Goland Y Y. RFC 7521: Assertion framework for OAuth 2.0 client authentication and authorization grants. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7521, Nov. 2020.

  18. Jones M, Sakimura N, Bradley J. RFC 8414: OAuth 2.0 authorization server metadata. Technical Report, Internet Engineering Task Force, 2018. https://tools.ietf.org/html/rfc8414, Nov. 2020.

  19. Richer J. RFC 7662: OAuth 2.0 token introspection. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7662, Nov. 2020.

  20. Lodderstedt T, Dronia S, Scurtescu M. RFC 7009: OAuth 2.0 token revocation. Technical Report, Internet Engineering Task Force, 2013. https://tools.ietf.org/html/rfc7009, Nov. 2020.

  21. Fernandez G, Walter F, Nennker A, Tonge D, Campbell B. OpenID connect client initiated backchannel authentication ow—Core 1.0 draft-03. Technical Report, The OpenID Foundation, 2020. https://openid.net/specs/openid-clientinitiatedbackchannel-authentication-core-1 0.html, Nov. 2020.

  22. Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory, 1976, 22(6): 644-654. DOI: https://doi.org/10.1109/TIT.1976.1055638.

    Article  MathSciNet  MATH  Google Scholar 

  23. Shamir A. How to share a secret. Commun. ACM, 1979, 22(11): 612-613. DOI: https://doi.org/10.1145/359168.359176.

    Article  MathSciNet  MATH  Google Scholar 

  24. Schneier B. Applied Cryptography: Protocols, Algorithms, and Source Code in C (2nd edition). John Wiley & Sons, 1996.

  25. Blaze M, Strauss M. Atomic proxy cryptography. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.40.493-7&rep=rep1&type=pdf, Nov. 2020.

  26. Blum M, Feldman P, Micali S. Non-interactive zeroknowledge and its applications. In Proc. the 20th Annual ACM Symposium on Theory of Computing, January 1988, pp.103-112. DOI: 10.1145/62212.62222.

  27. Chaum D, Evertse J H, van de Graaf J. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Proc. the 1988 Workshop on the Theory and Application of Cryptographic Techniques, April 1988, pp.127-141. DOI: 10.1007/3-540-39118-5_13.

  28. Haddadi H, Howard H, Chaudhry A, Crowcroft J, Madhavapeddy A, Mortier R. Personal data: Thinking inside the box. arXiv:1501.04737, 2015. http://arxiv.org/abs/1501.04737, Jun. 2017.

  29. Osborn S L. Role-based access control. In Security, Privacy, and Trust in Modern Data Management, Petković M, Jonker W (eds.), Springer Berlin Heidelberg, 2007, pp.55-70. DOI: 10.1007/978-3-540-69861-6_5.

  30. Ferraiolo D F, Sandhu R, Gavrila S, Kuhn D R, Chandramouli R. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 2001, 4(3): 224-274. DOI: https://doi.org/10.1145/501978.501980.

    Article  Google Scholar 

  31. Birgisson A, Politz J G, Erlingsson Ú, Taly A, Vrable M, Lentczner M. Macaroons: Cookies with contextual caveats for decentralized authorization in the cloud. In Proc. the 2014 Network and Distributed System Security Symposium, February 2014. DOI: 10.14722/ndss.2014.23212.

  32. Henriksen-Bulmer J, Jeary S. Re-identification attacks| A systematic literature review. International Journal of Information Management, 2016, 36(6): 1184-1192. DOI: https://doi.org/10.1016/j.ijinfomgt.2016.08.002.

    Article  Google Scholar 

  33. Maler E. Controlling data usage with user-managed access (UMA). Technical Report, W3C Privacy and Data Usage Control Workshop, 2010. https://www.w3.org/2010/policy-ws/papers/18-Maler-Paypal.pdf, Nov. 2020.

  34. Machulak M, Richer J. Federated authorization for user-managed access (UMA) 2.0. Technical Report, Internet Engineering Task Force, 2018. https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html, Nov. 2020.

  35. Rackoff, Simon D R. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Proc. the 1991 Annual International Cryptology Conference, August 1991, pp.433-444. DOI: 10.1007/3-540-46766-1_35.

  36. Lizar M, Turner D. Consent receipt specification. Technical Report, Kantara Initiative, 2018. https://kantarainitiative.org/_le-downloads/consent-receipt-specification-v1-1-0/, Nov. 2020.

  37. Lizar M, Wunderlich J. Minimum viable consent receipt (MVCR) Specification. Technical Report, Kantara Initiative, Nov. 2014. https://kantarainitiative.org/conuence/display/archive/Minimum+Viable+Consent+Receipt+-%28MVCR%29+Speci_cation+v.05, Nov. 2020.

  38. Leech M D, Ganis M, Lee Y et al. RFC 1928: SOCKS protocol version 5. Technical Report, Internet Engineering Task Force, 1996. https://tools.ietf.org/html/rfc1928, Nov. 2020.

  39. Fielding R T. REST: Architectural styles and the design of network-based software architectures [Ph.D. Thesis]. Department of Information and Computer Science, University of California at Irvine, 2000.

  40. Turner M, Budgen D, Brereton P. Turning software into a service. Computer, 36(10): 38-44. DOI: 10.1109/MC.2003.1236470.

  41. Reschke J. RFC 7617: The ‘Basic’ HTTP authentication scheme. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7617, Nov. 2020.

  42. Jones M, Campbell B, Mortimore C. RFC 7523: JSON web token (JWT) profile for OAuth 2.0 client authentication and authorization grants. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7523, Nov. 2020.

  43. Andersdotter A, Jensen-Urstad A. Evaluating websites and their adherence to data protection principles: Tools and experiences. In Privacy and Identity Management. Facing up to Next Steps, Lehmann A, Whitehouse D, Fischer-Hübner S, Fritsch L, Raab C (eds.) Springer, 2016, pp.39-51. DOI: 10.1007/978-3-319-55783-0 4.

Download references

Author information

Authors and Affiliations

  1. Entr’ouvert, 75014, Paris, France

    Paul Marillonnet & Mikaël Ates

  2. SAMOVAR, Télécom SudParis, Institut Polytechnique de Paris, 91000, Évry, France

    Paul Marillonnet & Maryline Laurent

Authors
  1. Paul Marillonnet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maryline Laurent
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mikaël Ates
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paul Marillonnet.

Supplementary Information

ESM 1

(PDF 2069 kb)

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Marillonnet, P., Laurent, M. & Ates, M. Personal Information Self-Management: A Survey of Technologies Supporting Administrative Services. J. Comput. Sci. Technol. 36, 664–692 (2021). https://doi.org/10.1007/s11390-021-9673-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-021-9673-z

Keywords

Search

Navigation