Privacy with Delegation of Rights by Identity Management

  • Sven Wohlgemuth
  • Günter Müller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3995)


Privacy in business processes with proxies is not possible. Users need to share attributes with their proxies which leads to “Big Brothers”. This is the reason why identity management systems such as Liberty Alliance and Microsoft .NET Passport are not successful. We propose a generic privacy-preserving protocol for sharing identifying attributes as credentials with others. This delegation protocol extends current identity management systems.


Business Process Identity Management Identity Provider Proxy Credential Access Control List 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Müller, G., Eymann, T., Kreutzer, M.: Telematik- und Kommunikationssysteme in der vernetzten Wirtschaft. Oldenbourg (2003)Google Scholar
  2. 2.
    Sackmann, S., Strüker, J.: Electronic Commerce Enquête 2005 - 10 Jahre Electronic Commerce: Eine stille Revolution in deutschen Unternehmen. Institut für Informatik und Gesellschaft, Telematik, Freiburg i.Br., Germany (2005)Google Scholar
  3. 3.
    Huhns, M., Singh, M.: Service-Oriented Computing: Key Concepts and Principles. IEEE Internet Computing 49(1), 75–81 (2005)CrossRefGoogle Scholar
  4. 4.
    Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. In: Communications of the ACM, vol. 24(3), pp. 84–88. ACM Press, New York (1981)Google Scholar
  5. 5.
    Clauß, S., Köhntopp, M.: Identity management and its support of multilateral security. Computer Networks 37(2), 205–219 (2001)CrossRefGoogle Scholar
  6. 6.
    Kohl, J., Neumann, C.: The Kerberos Network Authentication Service V5. Request for Comments 1510. Network Working Group (1993)Google Scholar
  7. 7.
    Jendricke, U., Gerd tom Markotten, D.: Identitätsmanagement: Einheiten und Systemarchitektur. In: Fox, D., Köhntopp, M., Pfitzmann, A. (eds.) Verlässliche IT-Systeme – Sicherheit in komplexen Infrastrukturen, Vieweg, Wiesbaden, Germany, pp. 77–85 (2001)Google Scholar
  8. 8.
    Camenisch, J., Van Herreweghen, E.: Design and Implementation of the idemix Anonymous Credential System. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 21–30. ACM Press, Washington (2002)Google Scholar
  9. 9.
    Westin, A.: Privacy and Freedom. Atheneum, New York (1967)Google Scholar
  10. 10.
    Bundesverfassungsgericht: Volkszählungsurteil. In: Entscheidungen des Bundesverfassungsgerichts, Urteil vom 15.12.1983; Az.: 1 BvR 209/83; NJW 84, 419 (1983)Google Scholar
  11. 11.
    Chaum, D.: Security without Identification: Transaction Systems to make Big Brother Obsolete. In: Communications of the ACM, vol. 28(10), pp. 1030–1077 (1985)Google Scholar
  12. 12.
    Microsoft Corporation: Microsoft. NET Passport Review Guide (2003) (accessed December 2003),
  13. 13.
    Erdos, M., Cantor, S.: Shibboleth-Architecture DRAFT v05 (accessed July 2004),
  14. 14.
    Wason, T. (ed.): Liberty ID-FF Architecture Overview Version: 1.2. Liberty Alliance Project (2004) (accessed at July 2004),
  15. 15.
    Ford, W., Baum, M.: Secure Electronic Commerce. Prentice-Hall, New Jersey (1997)Google Scholar
  16. 16.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
  17. 17.
    Pfitzmann, B., Waidner, M.: Federated Identity-Management Protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 153–174. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  18. 18.
    Ellison, G. (ed.): Liberty ID-WSF Security Mechanisms Version: 1.2. Liberty Alliance Project (2005) (accessed at August 2005),
  19. 19.
    Camenisch, J., Lysyanskaya, A.: Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In: EUROCRYPT 2001. LNCS, vol. 2045, pp. 91–118. Springer, Heidelberg (2001)Google Scholar
  20. 20.
    Neuman, C.: Proxy-Based Authorization and Accounting for Distributed Systems. In: 13th International Conference on Distributed Computing Systems, Pittsburgh, pp. 283–291 (1993)Google Scholar
  21. 21.
    Aura, T.: Distributed Access-Rights Managements with Delegations Certificates. In: Vitek, J. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 211–235. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  22. 22.
    Farrell, S., Housley, R.: An Internet Attribute Certificate Profile for Authorization. Request for Comments 3281. Network Working Group (2002)Google Scholar
  23. 23.
    Camenisch, J.L., Lysyanskaya, A.: Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    Ellison, E., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: SPKI Certificate Theory. Request for Comments 2963. Network Working Group (1999)Google Scholar
  25. 25.
    Welch, V., Foster, I., Kesselmann, C., Mulmo, O., Pearlman, L., Tuecke, S., Gawor, J., Meder, S., Siebenlist, F.: X.509 Proxy Certificates for Dynamic Delegation. In: 3rd Annual PKI R&D Workshop (2004) (accessed June 2004),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Sven Wohlgemuth
    • 1
  • Günter Müller
    • 1
  1. 1.Institute of Computer Science and Social Studies, Department of TelematicsAlbert-Ludwig University FreiburgGermany

Personalised recommendations