Abstract | ||
---|---|---|
Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated identity- management systems. The protections include minimal disclosure and providing PII only on a "need-to-know" basis. We then look at the Liberty Alliance system and analyze previous privacy critiques of that system. We show how law and policy provide privacy protections in federated identity-management systems, and that privacy threats are best handled using a combination of technology and law/policy tools. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1007/978-3-642-03549-4_4 | Financial Cryptography |
Keywords | Field | DocType |
law,privacy threat,federated identity management system,policy.,federated identity management,privacy,previous privacy critique,achieving privacy,privacy risk,fundamental privacy protection,privacy protection,liberty alliance system,federated identity,use identity information,domains blurs security boundary | Internet privacy,Authentication,Privacy by Design,Alliance,Computer security,Computer science,Privacy policy,Federated identity,Information privacy,Management system,Privacy software | Conference |
Volume | ISSN | Citations |
5628 | 0302-9743 | 8 |
PageRank | References | Authors |
0.53 | 11 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Susan Landau | 1 | 172 | 28.89 |
Hubert Gong | 2 | 8 | 0.53 |
Robin Wilton | 3 | 8 | 0.87 |