The platform for privacy preferences
Communications of the ACM
ACM SIGAda Ada Letters
Privacy Preserving Trust Authorization Framework Using XACML
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Fine-grained access control for GridFTP using SecPAL
GRID '07 Proceedings of the 8th IEEE/ACM International Conference on Grid Computing
A privacy-enhanced attribute-based access control system
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Formal description of the SWIFT identity management framework
Future Generation Computer Systems
Policy-based integration of user and provider-sided identity management
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Enhancing consumer privacy in the liberty alliance identity federation and web services frameworks
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Adding support to XACML for dynamic delegation of authority in multiple domains
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
| Hi-index | 0.00 |
With Federated Identity Management (FIM) protocols, service providers can request user attributes, such as the billing address, from the user's identity provider. Access to this information is managed using so-called Attribute Release Policies (ARPs). In this paper, we first analyze various shortcomings of existing ARP implementations; then, we demonstrate that the eXtensible Access Control Markup Language (XACML) is very suitable for the task. We present an architecture for the integration of XACML ARPs into SAML-based identity providers and specify the policy evaluation workflows. We also introduce our implementation and its integration into the Shibboleth architecture.