Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management

  • Anna Squicciarini
  • Abhilasha Bhargav-Spantzel
  • Alexei Czeskis
  • Elisa Bertino
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4258)


Digital identity is defined as the digital representation of the information known about a specific individual or organization. An emerging approach for protecting identities of individuals while at the same time enhancing user convenience is to focus on inter-organization management of identity information. This is referred to as federated identity management. In this paper we develop an approach to support privacy controlled sharing of identity attributes and harmonization of privacy policies in federated environments. Policy harmonizations mechanisms make it possible to determine whether or not the transfer of identity attributes from one entity to another violate the privacy policies stated by the former. We also provide mechanisms for tracing the release of user’s identity attributes within the federation. Such approach entails a form of accountability since an entity non-compliant with the users original privacy preferences can be identified. Finally, a comprehensive security analysis details security properties is also offered.


Privacy Policy Identity Attribute Trusted Third Party Identity Information Local Match 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    The Platform for Privacy Preferences 1.0 (P3P1.1) specification,
  2. 2.
  3. 3.
    Spantzel, A.B., Squicciarini, A.C., Bertino, E.: Integrating federated digital identity management and trust negotiation. In: Review for the IEEE Security and Privacy Magazine (2005)Google Scholar
  4. 4.
    Gruber, T.R.: A translation approach to portable ontology specifications. Knowledge Acquisition 5(2), 199–220 (1993)CrossRefGoogle Scholar
  5. 5.
    Doan, A., Madhavan, J., Domingos, P., Halevy, A.: Ontology Matching: A Machine Learning Approach (2003)Google Scholar
  6. 6.
    Uschold, M., Gruninger, M.: Ontologies: Principles, Methods, and Applications. Knowledge Engineering Review 11(2), 93–155 (1996)CrossRefGoogle Scholar
  7. 7.
    Maedche, A., Motik, B., NunoSilva, Volz, R.: MAFRA – a MApping FRAmework for distributed ontologies. In: Gómez-Pérez, A., Benjamins, V.R. (eds.) EKAW 2002. LNCS (LNAI), vol. 2473, pp. 235–241. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    P3P Preference Exchange Language 1.0 (APPEL1.0),
  9. 9.
    Alliance, L.: Liberty architecture framework for supporting privacy preference expression languages (ppel’s) (2003)Google Scholar
  10. 10.
    Liberty Alliance Project,
  11. 11.
    Shibboleth, Internet2,
  12. 12.
    Cranor, L.F.: P3P: Making privacy policies more useful 1, 50–55 (2003)Google Scholar
  13. 13.
    Ashley, P., Satoshi Hada, G.K., Schunter, M.: E-P3P Privacy Policies and Privacy Authorization. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES) (2001)Google Scholar
  14. 14.
    Stufflebeam, W.H., Antón, A.I., He, Q., Jain, N.: Specifying privacy policies with P3P and EPAL: lessons learned. In: Proceedings of the Workshop on Privacy in the Electronic Society (WPES), p. 35 (2004)Google Scholar
  15. 15.
  16. 16.
  17. 17.
    HAKA Federation Finland Federation,
  18. 18.
    Overhage, S., Thomas, P.: Ws-specification: Specifying web services using uddi improvements. In: Aksit, M., Mezini, M., Unland, R. (eds.) NODe 2002. LNCS, vol. 2591, pp. 100–119. Springer, Heidelberg (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Anna Squicciarini
    • 1
  • Abhilasha Bhargav-Spantzel
    • 1
  • Alexei Czeskis
    • 1
  • Elisa Bertino
    • 1
  1. 1.Computer Science DepartmentPurdue University 

Personalised recommendations