Advertisement

An Architecture for Privacy-ABCs

  • Patrik Bichsel
  • Jan Camenisch
  • Maria Dubovitskaya
  • Robert R. Enderlein
  • Stephan Krenn
  • Ioannis Krontiris
  • Anja Lehmann
  • Gregory Neven
  • Christian Paquin
  • Franz-Stefan Preiss
  • Kai Rannenberg
  • Ahmad Sabouri
Chapter

Abstract

One of the main objectives of the ABC4Trust project was to define a common, unified architecture for Privacy-ABC systems to allow comparing their respective features and combining them into common platforms. The chapter presents an overview of features and concepts of Privacy-ABCs and introduces the architecture proposed by ABC4Trust, describing the layers and components as well as the highlevel APIs. We also present the language framework of ABC4Trust through an example scenario. Furthermore, this chapter investigates integration of Privacy-ABCs with the existing Identity Management protocols and also analyses the required trust relationships in the ecosystem of Privacy-ABCs.

Keywords

Presentation Token Identity Provider Presentation Policy Security Assertion Markup Language Authorization Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [abc]
    ABC4Trust EU Project. https://www.abc4trust.eu.
  2. [ASN08]
    Abstract syntax notation one (ASN.1), 2008. International Telecommunication Union - ITU-T recommendation X.680.Google Scholar
  3. [Bar02]
    Bartel, Mark and Boyer, John and Fox, Barb and LaMacchia, Brian and Simon, Ed. XML-Signature Syntax and Processing. http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/, February 2002.
  4. [BBE+14]
    Thomas Baignères, Patrik Bichsel, Robert R Enderlein, Hans Knudsen, Kasper Damgård, Jonas Jensen, Gregory Neven, Janus Nielsen, Pascal Paillier, and Michael Stausholm. Final Reference Implementation. Deliverable D4.2, The ABC4Trust EU Project, 2014. Available at https://abc4trust.eu/download/D4.2%20Final%20Reference%20Implementation.pdf, Last accessed on 2014-11-08.
  5. [BCD+14]
    Patrik Bichsel, Jan Camenisch, Maria Dubovitskaya, Robert R. Enderlein, Stephan Krenn, Ioannis Krontiris, Anja Lehmann, Gregory Neven, Janus Dam Nielsen, Christian Paquin, Franz-Stefan Preiss, Kai Rannenberg, Ahmad Sabouri, and Michael Stausholm. Architecture for Attribute-based Credential Technologies - Final Version. Deliverable D2.2, The ABC4Trust EU Project, 2014. Available at https://abc4trust.eu/download/Deliverable_D2.2.pdf, Last accessed on 2014-11-08.
  6. [Bra]
    Stefan Brands. The ID Corner blog. The problem(s) with OpenID. http://www.untrusted.ca/cache/openid.html.
  7. [CDF+]
    J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. OpenPGP Message Format. http://www.rfc-editor.org/rfc/rfc4880.txt.
  8. [Cha83]
    David Chaum. Blind signatures for untraceable payments. In Advances in cryptology, pages 199–203. Springer, 1983.Google Scholar
  9. [CKL+14]
    Jan Camenisch, Stephan Krenn, Anja Lehmann, Gert Læssø e Mikkelsen, Gregory Neven, and Michael østergaard Pedersen. Scientific Comparison of ABC Protocols: Part I Formal Treatment of Privacy-Enhancing Credential Systems. Deliverable D3.1, The ABC4Trust EU Project, 2014. Available at https://abc4trust.eu/download/Deliverable\%20D3.1\%20Part\%201.pdf, Last accessed on 2014-11-08.Google Scholar
  10. [Cro06]
    Douglas Crockford. The application/json media type for JavaScript Object Notation (JSON). Technical Report RFC 4627, Internet Engineering Taskforce (IETF), 2006.Google Scholar
  11. [CSF+08]
    D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Technical report, IETF, May 2008.Google Scholar
  12. [DFLP07]
    Nelly Delessy, Eduardo B Fernandez, and Maria M Larrondo-Petrie. A pattern language for identity management. In Computing in the Global Information Technology, 2007. ICCGI 2007. International Multi-Conference on, pages 31–31. IEEE, 2007.Google Scholar
  13. [DW10]
    Arkajit Dey and Stephen Weis. PseudoID: Enhancing Privacy in Federated Login. In Hot Topics in Privacy Enhancing Technologies, pages 95–107, 2010.Google Scholar
  14. [Fac]
  15. [Fid]
    Fido Alliance. http://fidoalliance.org.
  16. [Har04]
    Russell Hardin. Trust and trustworthiness, volume 4. Russell Sage Foundation, 2004.Google Scholar
  17. [Har12]
    Dick Hardt. OAuth 2.0 Authorization Protocol. http://tools.ietf.org/html/rfc6749, October 2012.
  18. [HBH07]
    Dick Hardt, Johnny Bufu, and Josh Hoyt. OpenID Attribute Exchange 1.0. http://openid.net/specs/openid-attributeexchange-1_0.html, December 2007.
  19. [HTEG10]
    D. Hardt, A. Tom, B. Eaton, and Y. Goland. OAuthWeb Resource Authorization Profiles. http://tools.ietf.org/html/drafthardt-oauth-01, January 2010. draft version 19 at time of writing.
  20. [JBT]
    M. Jones, J. Bradley, and H. Tschofenig. Proof-Of-Possession Semantics for JSON Web Tokens (JWTs). http://tools.ietf.org/html/draft-jones-oauth-proof-of-possession-00.
  21. [JP04]
    Audun Jøsang and Stéphane Lo Presti. Analysing the relationship between risk and trust. In Trust Management, pages 135–145. Springer, 2004.Google Scholar
  22. [JWT]
    Json web token (jwt). http://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token. draft version 19 at time of writing.
  23. [KBC05]
    Tadayoshi Kohno, Andre Broido, and Kimberly C Claffy. Remote physical device fingerprinting. Dependable and Secure Computing, IEEE Transactions on, 2(2):93–108, 2005.Google Scholar
  24. [KTMM09]
    Uwe Kylau, Ivonne Thomas, Michael Menzel, and Christoph Meinel. Trust requirements in identity federation topologies. In Advanced Information Networking and Applications, 2009. AINA’09. International Conference on, pages 137–145. IEEE, 2009.Google Scholar
  25. [LSK12]
    Jesus Luna, Neeraj Suri, and Ioannis Krontiris. Privacy-by-design based on quantitative threat modeling. In Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on, pages 1–8. IEEE, 2012.Google Scholar
  26. [MC96]
    D. Harrison Mcknight and Norman L. Chervany. The Meanings of Trust. Technical report, University of Minnesota, 1996.Google Scholar
  27. [MCM14]
    C. Mortimore, B. Campbell, and Jones M. SAML 2.0 Bearer Assertion Profiles for OAuth 2.0. http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-19, March 2014. draft version 19 at time of writing.
  28. [O’H04]
    Kieron O’Hara. Trust: From Socrates to Spin. Icon Books Ltd, 2004.Google Scholar
  29. [Ope]
  30. [Ope07]
    OpenID Authentication 2.0. http://openid.net/specs/openid-authentication-2_0.html, December 2007.
  31. [SAM05]
    Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf, March 2005.
  32. [UPW11]
    U-Prove WS-Trust Profile V1.0. http://www.microsoft.com/u-prove, March 2011.
  33. [WS-12]
  34. [WSF09]
    Web Services Federation Language (WS-Federation) Version 1.2. http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html, May 2009.
  35. [WSS+01]
    Andrea Westerinen, John Schnizlein, John Strassner, Mark Scherling, Bob Quinn, Jay Perry, Shai Herzog, An-Ni Huynh, Mark Carlson, and Steve Waldbusser. Terminology for Policy-Based Management. Internet RFC 3198, November 2001.Google Scholar
  36. [WSS07]
  37. [WST09]

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Patrik Bichsel
    • 1
  • Jan Camenisch
    • 1
  • Maria Dubovitskaya
    • 1
  • Robert R. Enderlein
    • 1
  • Stephan Krenn
    • 1
  • Ioannis Krontiris
    • 2
  • Anja Lehmann
    • 1
  • Gregory Neven
    • 1
  • Christian Paquin
    • 3
  • Franz-Stefan Preiss
    • 1
  • Kai Rannenberg
    • 2
  • Ahmad Sabouri
    • 2
  1. 1.IBM Research – ZurichZurichSwitzerland
  2. 2.Chair of Mobile Business & Multilateral SecurityGoethe University FrankfurtFrankfurtGermany
  3. 3.Microsoft ResearchRedmondUSA

Personalised recommendations