Privilege federation between different user profiles for service federation

Authors:
Makoto Hatakeyama;Shigeyoshi Shima
Affiliations:
NEC Corporation, Minato-Ku, Tokyo, Japan;NEC Corporation, Minato-Ku, Tokyo, Japan
Venue:
Proceedings of the 4th ACM workshop on Digital identity management
Year:
2008

Citing 8
Cited 2

Decentralized Trust Management and Accountability in Federated Systems

HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
A delegation framework for federated identity management

Proceedings of the 2005 workshop on Digital identity management
Access control management in a distributed environment supporting dynamic collaboration

Proceedings of the 2005 workshop on Digital identity management
Trust Negotiation in Identity Management

IEEE Security and Privacy
Privacy-aware role based access control

Proceedings of the 12th ACM symposium on Access control models and technologies
Linkability estimation between subjects and message contents using formal concepts

Proceedings of the 2007 ACM workshop on Digital identity management
Protecting privacy during on-line trust negotiation

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Simplified privacy controls for aggregated services: suspend and resume of personal data

PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies

Safeguarding digital identity: the SPICI (Sharing Policy, Identity, and Control Information) approach to negotiating identity federation and sharing agreements

Proceedings of the 8th Symposium on Identity and Trust on the Internet
Federation proxy for cross domain identity federation

Proceedings of the 5th ACM workshop on Digital identity management

Quantified Score

Hi-index	0.00

Visualization

Abstract

Service providers often incorporate services other than the main ones they offer for user convenience. Such service providers need to exchange personal attributes with other providers they interact with and link user accounts. Some service providers, however, can not federate the accounts, because the subject of them is not always same; for instance, one subject of an account is a user of a personal profile, and the other of another account is the one of a family profile. Thus a mechanism is needed to federate user profiles. To address this issue, we propose a privilege federation framework for personal attribute exchange between different user profiles. This framework enables the providers to exchange attributes based on identity federation established by privilege exchange. With it, they can determine what attributes to be exchanged with the privilege assertion and protect privacy information against leakage.