Mobile Networks and Applications

, Volume 16, Issue 4, pp 446–459 | Cite as

A Privacy-Considerate Framework for Identity Management in Mobile Services

  • José M. del Álamo
  • Antonio M. Fernández
  • Rubén Trapero
  • Juan C. Yelmo
  • Miguel A. Monjas
Article

Abstract

The subscribers’ personal information and services that mobile operators are able to provide to Web developers offer new and exciting possibilities in numerous domains. However, bringing mobile information services to the Web to enable a new generation of mobile Web services presents several research challenges on identity and privacy management. In this paper, we describe a framework for identity management in mobile services that empowers users to govern the use and release of their personal information. Our framework is based on a brokering approach that intermediates between the mobile operator’s information services and the Web service providers. By leveraging on Web services, identity management infrastructure and privacy enhancing technologies, our framework provides an effective, privacy-considerate delivery of services over the mobile Web environment. This paper describes the design principles and architecture of the framework as well as the feasibility, applicability and user-experience evaluation we have carried out.

Keywords

mobile web identity management privacy management service delivery information sharing user-centricity 

Notes

Acknowledgment

This work has been partially supported by CDTI Ministry of Science and Innovation of Spain, as part of the SEGUR@ project (https://www.cenitsegura.es/), under the CENIT program, CENIT-2007/2011.

References

  1. 1.
    3rd Generation Partnership Project (2004) 3GPP TR 23 941, Generic User Profile (GUP), version 6.0.0.. http://www.3gpp.org/ftp/specs/html-info/23941.htm. Accessed 25 May 2011.
  2. 2.
    3rd Generation Partnership Project (2004) 3GPP TR 33.919, Generic Authentication Architecture (GAA); System description. http://www.3gpp.org/ftp/Specs/html-info/33919.htm. Accessed 25 May 2011.
  3. 3.
    3rd Generation Partnership Project (2006) 3GPP TR 33.980, Liberty Alliance and 3GPP security interworking; Interworking of Liberty Alliance Identity Federation Framework (ID-FF), Identity Web Services Framework (ID-WSF) and Generic Authentication Architecture (GAA). http://www.3gpp.org/ftp/Specs/html-info/33980.htm. Accessed 25 May 2011.
  4. 4.
    3rd Generation Partnership Project (2004) 3GPP TS 33.220, Generic Authentication Architecture (GAA); Generic bootstrapping architecture. http://www.3gpp.org/ftp/Specs/html-info/33220.htm. Accessed 25 May 2011.
  5. 5.
    Aars R, et al. (Editors) (2003) Liberty architecture framework for supporting privacy preference expression languages (PPELs). Version 1.0, Liberty Alliance.Google Scholar
  6. 6.
    Ahn GJ, Ko M (2007) User-centric privacy management for federated identity management. International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp 187–195.Google Scholar
  7. 7.
    Working Party on Police and Justice (2009) Article 29 of the data protection working party, the future of privacy—joint contribution to the consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, 02356/09/ENGoogle Scholar
  8. 8.
    Bessler S, Jons O (2005) A privacy enhanced service architecture for mobile users. PerCom Workshops, pp 125–129Google Scholar
  9. 9.
    Bhargav-Spantzely A, Camenisch J, Gross T, Sommer D (2007) User centricity: a taxonomy and open issues. ACM Workshop on Digital Identity Management, IOS Press, pp 493–527Google Scholar
  10. 10.
    Cadenas A, Sanchez-Esguevillas A, Carro B (2010) Building context-aware telco operator services based on web services technologies. In: Sheng Q, Yu J, Dustdar S (eds) Enabling context-aware web services: methods, architectures, and technologies. Chapman and Hall/CRC, Boca Ratón, pp 139–169CrossRefGoogle Scholar
  11. 11.
    Camarillo G, García-Martín MA (2006) The 3G IP multimedia subsystem (IMS): Merging the internet and the cellular worlds, 2nd edn. Wiley, ChichesterGoogle Scholar
  12. 12.
    Cantor S, et al. (2005). Assertions and protocols for the OASIS Security Assertion Markup Language (SAML). Standard v2.0, OASIS Standard. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf. Accessed 25 May 2011
  13. 13.
    del Álamo JM, Monjas MA, Yelmo JC, San Miguel B, Trapero R, Fernández AM (2010) Self-service privacy: user-centric privacy for network-centric identity. International Conference on Trust Management (IFIPTM), pp 17–31Google Scholar
  14. 14.
    Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such dataGoogle Scholar
  15. 15.
    El Maliki T, Seigneur J-M (2007) User-centric mobile identity management services. SECURWARE International Conference, IARIA.Google Scholar
  16. 16.
    ETSI Standard ES 202 391-1, Open Service Access (OSA) (2006) Parlay X web services; Part 1: Common (Parlay X 2), version 1.2.1Google Scholar
  17. 17.
    Goix LW, Lamorte L, Falcarin P, Baladrón C, Yu J, Ordás I, Martínez A, Trapero R, JM Del Álamo, Stecca M (2010) Leveraging context-awareness for personalization in a user generated services platform. In: Sheng Q, Yu J, Dustdar S (eds) Enabling context-aware web services: methods, architectures, and technologies. Chapman and Hall/CRC, Boca RatónGoogle Scholar
  18. 18.
    GSMA’s OneAPI project portal. http://www.gsmworld.com/oneapi.Accessed November 2010.
  19. 19.
    Higgins Web Site: http://www.eclipse.org/higgins/. Accessed November 2010.
  20. 20.
    InfoCard Web Site: http://informationcard.net/. Accessed November 2010.
  21. 21.
    Jorstad I, Van Thuan D, Jonvik T, Van Thanh D (2007) Bridging cardspace and liberty alliance with SIM authentication. ICINGoogle Scholar
  22. 22.
    Jorstad, I., Van Thuan, D., Jonvik, T., Van Thanh, D. (2008). Utilising Emerging Identity Management Frameworks in IMS. ICIN.Google Scholar
  23. 23.
    Kantara Project Web Site: http://kantarainitiative.org/. Accessed November 2010
  24. 24.
    Liberty Alliance Web Site: http://projectliberty.org. Accessed November 2010
  25. 25.
  26. 26.
    Light-Weight Identity Web Site: http://lid.netmesh.org. Accessed November 2010
  27. 27.
    Madsen P, Cassasa M, Wilton R (2006) A privacy policy framework. W3C Workshop of Privacy Policy Negotiation.Google Scholar
  28. 28.
    Microsoft Cardspace Web Site: http://windows.microsoft.com/en-us/windows-vista/Windows-CardSpace. Accessed November 2010
  29. 29.
    Moses T (Ed.) (2005) Extensible Access Control Markup Language (XACML), Version 2.0. OASIS Standard, OASIS eXtensible Access Control Markup Language (XACML) TCGoogle Scholar
  30. 30.
    Nie P, et al. (2009) Flexible single sign-on for SIP: bridging the identity chasm. 2009 IEEE International Conference on CommunicationsGoogle Scholar
  31. 31.
    Nilsson M, et al. (2001) Privacy enhancements in the mobile internet. IFIP WG 9.6/11.7 Working Conf. on Security and Control of IT in Society.Google Scholar
  32. 32.
    Open Mobile Alliance Website. http://www.openmobilealliance.org/. Accessed November 2010
  33. 33.
    OpenID Web Site. http://openid.net/. Accessed November 2010.
  34. 34.
    Organisation for Economic Cooperation and Development—Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 23 September 1980.Google Scholar
  35. 35.
    Privacy 2.0: Give a little, take a little, The Economist. http://www.economist.com/node/15350984?story_id=15350984. Accessed 28 January 2010
  36. 36.
    Sheng QZ, Yu J, JM Del Álamo, Falcarin P (2009) Personalized service creation and provision for the mobile web. In: King I, Baeza-Yates R (eds) Weaving services, location, and people on the WWW. Springer, Berlin, pp 99–121CrossRefGoogle Scholar
  37. 37.
    Titkov L, Poslad S, Jim Tan J (2006) An integrated approach to user-centered privacy for mobile information services. Appl Artif Intell. doi: 10.1080/08839510500484181
  38. 38.
    The Friend Of a Friend (FOAF) Project Web Site. http://www.foaf-project.org/. Accessed November 2010
  39. 39.
    W3C: Composite Capability/Preference Profiles (CC/PP): Structure and Vocabularies 1.0: World Wide Web consortium site, http://www.w3.org/TR/CCPP-struct-vocab. Accessed 25 May 2011
  40. 40.
    Windley P (2005) Digital identity. O’Really Media, SebastopolGoogle Scholar
  41. 41.
    Wireless Application Forum (2008) Wireless application protocol user agent profile specification. http://www.openmobilealliance.org/tech/affiliates/wap/wap-248-uaprof-20011020-a.pdf. Accessed 25 May 2011.
  42. 42.
    Yavatkar R, Pendarakis D, Guerin R (2000) A framework for policy-based admission control, IETF RFC, p 2753Google Scholar
  43. 43.
    Yelmo JC, Trapero R, Del Álamo JM (2009) Identity management and web services as service ecosystem drivers in converged networks. IEEE Comm Mag 47(3):174–180CrossRefGoogle Scholar
  44. 44.
    Yum P (2010) LTE Update. IEEE Comm Mag 48(2):78CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2011

Authors and Affiliations

  • José M. del Álamo
    • 1
  • Antonio M. Fernández
    • 1
  • Rubén Trapero
    • 1
  • Juan C. Yelmo
    • 1
  • Miguel A. Monjas
    • 2
  1. 1.Universidad Politécnica de MadridMadridSpain
  2. 2.Ericsson Technology and Innovation Unit, Madrid R&D CenterMadridSpain

Personalised recommendations