Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP

HP Labs home

Technical reports

» 

HP Labs

» Research
» News and events
» Technical reports
» About HP Labs
» Careers @ HP Labs
» People
» Worldwide sites
» Downloads
Content starts here

 
Click here for full text: PDF

Automatic Compliance of Privacy Policies in Federated Digital Identity Management

Squicciarini, Anna; Casassa Mont, Marco; Bhargav- Spantzel, Abhilasha; Bertino, Elisa

HPL-2008-8

Keyword(s): Privacy, Privacy Policy, Federated Identity Management

Abstract: Privacy in the digital world is an important problem which is becoming even more pressing as new collaborative applications are developed. The lack of privacy preserving mechanisms is particularly problematic in federated identity management contexts. In such a context, users can seamlessly interact with a variety of federated web services, through the use of single-sign-on mechanisms and the capability of sharing personal data among these web services. Because of the latter feature, user's privacy is at a stake, if the sharing of such data among federated service providers is not properly controlled to ensure that privacy is preserved and user's privacy preferences are complied with. Current federated identity managed solutions adopt simplistic approaches to privacy management, based on contractual/legal approaches and/or limited simple checks on users' privacy preferences. We argue that more comprehensive privacy policies (consisting of access control and obligation constraints, along with privacy preferences) should be stated by federated service providers and proactively checked by these providers, before disclosing users' data to federated partners. To address such requirements, we introduce mechanisms and algorithms for policy compliance checking between federated service providers, based on an innovative policy subsumption approach. We formally introduce and analyze our approach. We also show how our approach is suitable for deployment and application in existing federated identity management solutions, such as Liberty Alliance, WS-* and Shibboleth. Publication Info: Submitted to IEEE Policy 2008, 2-4 June 2008, Palisades, NY, USA

11 Pages

Back to Index

»Technical Reports

» 2009
» 2008
» 2007
» 2006
» 2005
» 2004
» 2003
» 2002
» 2001
» 2000
» 1990 - 1999

Heritage Technical Reports

» Compaq & DEC Technical Reports
» Tandem Technical Reports
Printable version
Privacy statement Using this site means you accept its terms Feedback to HP Labs
© 2009 Hewlett-Packard Development Company, L.P.