Safeguarding digital identity: the SPICI (Sharing Policy, Identity, and Control Information) approach to negotiating identity federation and sharing agreements

Authors:
Deborah Bodeau
Affiliations:
The MITRE Corporation, Bedford, MA
Venue:
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Year:
2009

Citing 11
Cited 0

Law of Internet Security and Privacy

Law of Internet Security and Privacy
Attribute-based encryption for fine-grained access control of encrypted data

Proceedings of the 13th ACM conference on Computer and communications security
Using Attribute-Based Access Control to Enable Attribute-Based Messaging

ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Establishing and protecting digital identity in federation systems

Journal of Computer Security - The First ACM Workshop on Digital Identity Management -- DIM 2005
Trust Negotiation in Identity Management

IEEE Security and Privacy
Ciphertext-Policy Attribute-Based Encryption

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Receipt management- transaction history based trust establishment

Proceedings of the 2007 ACM workshop on Digital identity management
AttributeTrust A Framework for Evaluating Trust in Aggregated Attributes via a Reputation System

PST '08 Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust
Minimal information disclosure with efficiently verifiable credentials

Proceedings of the 4th ACM workshop on Digital identity management
Privilege federation between different user profiles for service federation

Proceedings of the 4th ACM workshop on Digital identity management
A calculus of trust and its application to PKI and identity management

Proceedings of the 8th Symposium on Identity and Trust on the Internet

Quantified Score

Hi-index	0.00

Visualization

Abstract

To perform key business functions, organizations in critical infrastructure sectors such as healthcare or finance increasingly need to share identifying and authorization-related information. Such information sharing requires negotiation about identity safeguarding policies and capabilities, as provided by processes, technologies, tools, and models. That negotiation must address the concerns not only of the organizations sharing the information, but also of the individuals whose identity-related information is shared. SPICI (Sharing Policy, Identity, and Control Information) provides a descriptive and analytic framework to structure and support such negotiations, with an emphasis on assurance.