E-P3P privacy policies and privacy authorization
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Managing privacy preferences for federated identity management
Proceedings of the 2005 workshop on Digital identity management
Policy Languages for Digital Identity Management in Federation Systems
POLICY '06 Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks
User-centric identity governance across domain boundaries
Proceedings of the 5th ACM workshop on Digital identity management
A trusted decentralized access control framework for the client/server architecture
Journal of Network and Computer Applications
Privacy-enhanced user-centric identity management
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
A persistent data tracking mechanism for user-centric identity governance
Identity in the Information Society
Hi-index | 0.00 |
Identity federation systems enable participating organizations to provide services to qualified individuals and manage their identity attributes at an inter-organizational level. Most importantly, they empower individuals with control over the usage of their attributes within the federation via enforcement of various policies. Among such policies, one of the most important yet immature one is the privacy policy. Existing frameworks proposed for privacy-preserving federations lack the capability to support complex data-usage preferences in the form of obligations, i.e. the privacy related actions that must be performed upon certain actions on a specific piece of information. Moreover, they do not account for the history of events resulting from the interactions among federation entities. To address these deficiencies we propose an extension to an existing assertion based policy language. More specifically, we provide a new set of assertions to define the privacy related properties of a federation system. We extend the com-mon definition of privacy preference policies with obligation preferences. Finally, we illustrate how the proposed framework is realized among service providers to ensure proper enforcement of privacy policies and obligations.