A Privacy Protection Model in ID Management Using Access Control

  • Hyang-Chang Choi
  • Yong-Hoon Yi
  • Jae-Hyun Seo
  • Bong-Nam Noh
  • Hyung-Hyo Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3481)

Abstract

The problem of privacy of the Identity Management System (IMS) is the most pressing concern of ordinary users. Uncertainty about privacy keeps many users away from utilizing IMS. Most privacy-enhancing technologies such P3P, E-P3P and EPAL use purposes or policies to ensure privacy that is set by users. Access control is arguably the most fundamental and pervasive security mechanism in use. This paper proposes a privacy protection model using access control for IMS. The proposed model protects privacy using access control techniques with privacy policies in a single circle of trust. We address characteristics of components for the proposed model and describe access control procedures. After that, we show protection architecture and XML-based schema for privacy policies.

Keywords

Access Control Personal Information Privacy Policy Identity Management Access Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Identity Management Systems (IMS): Identification and Comparison Study. PRIME Project (2003), http://www.datenschutzzentrum.de/idmanage/study/ICPP_SNG_IMSStudy.pdf
  2. 2.
    Cranor, L.F.: Web Privacy with P3P. AT&T (2002)Google Scholar
  3. 3.
    Ashley, P., Hada, S., Karjoth, G., Schunter, M.: Privacy Policies and Privacy Authorization (E-P3P). WPES (2002)Google Scholar
  4. 4.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language. W3C (2003), http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/
  5. 5.
    RAPID: Roadmap for Advanced Research in Privacy and Identity Management. RAPID Project (2001), http://www.ra-pid.org
  6. 6.
    PRIME: Privacy and Identity Management for Europe Date of preparation. PRIME Project (2004), http://www.prime-project.eu.org/
  7. 7.
    Sourceid: Open Source Federated Identity Management. Ping Identity (2004), http://www.sourceid.org/
  8. 8.
    Warren, A.D., Brandeis, L.D.: The Right to Privacy. Harvard Law Review (1980)Google Scholar
  9. 9.
    Magnuson, G., Reid, P.: Privacy and Identity Management Survey. In: IAPP Conference (2004)Google Scholar
  10. 10.
    Microsoft.NET Passport: Microsoft (2004), http://www.microsoft.com/net/services/passport/
  11. 11.
    Liberty Alliance: Introduction to the Liberty Alliance Identity Architecture. Liberty Alliance Project (2003)Google Scholar
  12. 12.
    XML SPY. Altova (2004), http://www.xml.com/pub/p/15

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Hyang-Chang Choi
    • 1
  • Yong-Hoon Yi
    • 1
  • Jae-Hyun Seo
    • 2
  • Bong-Nam Noh
    • 1
  • Hyung-Hyo Lee
    • 3
  1. 1.Dept. of Information SecurityChonnam National UniversityGwangjuKorea
  2. 2.Div. of Information EngineeringMokpo National UniversityMokpoKorea
  3. 3.Div. of Information and ECWonkwang UniversityIksanKorea

Personalised recommendations