Title :
A Privacy Oriented Extension of Attribute Exchange in Shibboleth
Author :
Fujiwara, Shoichirou ; Komura, Takaaki ; Okabe, Yasuo
Author_Institution :
Graduate Sch. of Informatics, Kyoto Univ.
Abstract :
In frameworks for Web services like SAML, liberty or Shibboleth, a user can get authentication by asking one\´s IdP (identity provider) to issue a security assertion by which one can get access to services at an SP (service provider). If the SP additionally requests some attributes of one\´s, the user is forced to reveal the immediate values of them. There are cases where users must present detailed privacy information which SPs don\´t actually require to authorize them. We focus on Shibboleth and propose an extension of the attribute exchange protocol between an IdP and an SP in Shibboleth. While in the conventional framework of Shibboleth attributes are exchanged in immediate value, in our extension an SP requests an IdP to test whether user\´s attributes are satisfied some conditions, then the IdP returns either "true", "false" or "unanswerable" to the SP. We specify a language to describe the conditions as a query at the SP. We also extend an attribute authority at the IdP to evaluate the conditions presented from the SP
Keywords :
Web services; data privacy; message authentication; protocols; Shibboleth; Web services; attribute exchange protocol; data privacy; identity provider; message authentication; service provider; Authentication; Informatics; Information security; Internet; Privacy; Protocols; Service oriented architecture; Testing; Web services; XML;
Conference_Titel :
Applications and the Internet Workshops, 2007. SAINT Workshops 2007. International Symposium on
Conference_Location :
Hiroshima
Print_ISBN :
0-7695-2757-4
Electronic_ISBN :
0-7695-2757-4
DOI :
10.1109/SAINT-W.2007.13
