DocumentCode
2027587
Title
Privacy-enhanced identity via browser extensions and linking services
Author
Accornero, Renato ; Rispoli, Daniele ; Bergadano, Francesco
Author_Institution
Dipt. di Inf., Univ. degli Studi di Torino, Turin, Italy
fYear
2011
fDate
6-8 Sept. 2011
Firstpage
89
Lastpage
96
Abstract
Identity Management systems come with a promise of simpler, centralized, and more secure handling of user data, credentials and authorizations. Service providers can thus be separated from an identity provider (IdP), and users will benefit from single sign on mechanisms. However, identity providers become single points of failure, from a security and trust perspective. In particular, in this paper, we address the protection of user privacy against IdPs profiling. The IdP should not be aware of which services the user will access, or about the details of such service use. This paper discusses the difficulties of this type of privacy protection problem and surveys existing solutions. We then identify a novel solution and improve an existing one: (1) moving part of the access management logic to the client, via a Web Browser extension, and (2) elaborating on previously proposed solutions based on the concept of a linking service, i.e. a server separated from the IdP and from the Service Provider, that will perform some of the authentication steps. Proof of the principle implementations of both solutions are made available to the user.
Keywords
data privacy; online front-ends; IdP profiling; Web browser extension; identity management systems; identity provider; linking services; privacy enhanced identity; privacy protection problem; security perspective; trust perspective; Authentication; Browsers; Fires; HTML; Joining processes; Privacy; Reactive power;
fLanguage
English
Publisher
ieee
Conference_Titel
Network and System Security (NSS), 2011 5th International Conference on
Conference_Location
Milan
Print_ISBN
978-1-4577-0458-1
Type
conf
DOI
10.1109/ICNSS.2011.6059964
Filename
6059964
Link To Document