ICCSA 2005: Computational Science and Its Applications – ICCSA 2005 pp 82-91 | Cite as
A Privacy Protection Model in ID Management Using Access Control
Abstract
The problem of privacy of the Identity Management System (IMS) is the most pressing concern of ordinary users. Uncertainty about privacy keeps many users away from utilizing IMS. Most privacy-enhancing technologies such P3P, E-P3P and EPAL use purposes or policies to ensure privacy that is set by users. Access control is arguably the most fundamental and pervasive security mechanism in use. This paper proposes a privacy protection model using access control for IMS. The proposed model protects privacy using access control techniques with privacy policies in a single circle of trust. We address characteristics of components for the proposed model and describe access control procedures. After that, we show protection architecture and XML-based schema for privacy policies.
Keywords
Access Control Personal Information Privacy Policy Identity Management Access RequestPreview
Unable to display preview. Download preview PDF.
References
- 1.Identity Management Systems (IMS): Identification and Comparison Study. PRIME Project (2003), http://www.datenschutzzentrum.de/idmanage/study/ICPP_SNG_IMSStudy.pdf
- 2.Cranor, L.F.: Web Privacy with P3P. AT&T (2002)Google Scholar
- 3.Ashley, P., Hada, S., Karjoth, G., Schunter, M.: Privacy Policies and Privacy Authorization (E-P3P). WPES (2002)Google Scholar
- 4.Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language. W3C (2003), http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/
- 5.RAPID: Roadmap for Advanced Research in Privacy and Identity Management. RAPID Project (2001), http://www.ra-pid.org
- 6.PRIME: Privacy and Identity Management for Europe Date of preparation. PRIME Project (2004), http://www.prime-project.eu.org/
- 7.Sourceid: Open Source Federated Identity Management. Ping Identity (2004), http://www.sourceid.org/
- 8.Warren, A.D., Brandeis, L.D.: The Right to Privacy. Harvard Law Review (1980)Google Scholar
- 9.Magnuson, G., Reid, P.: Privacy and Identity Management Survey. In: IAPP Conference (2004)Google Scholar
- 10.Microsoft.NET Passport: Microsoft (2004), http://www.microsoft.com/net/services/passport/
- 11.Liberty Alliance: Introduction to the Liberty Alliance Identity Architecture. Liberty Alliance Project (2003)Google Scholar
- 12.XML SPY. Altova (2004), http://www.xml.com/pub/p/15