Home // ICN 2017, The Sixteenth International Conference on Networks // View article

Preserving Privacy with Fine-grained Authorization in an Identity Management System

Authors:
Gerson Camillo
Carla Westphall
Jorge Werner
Carlos Westphall

Keywords: Privacy; Identity Management; OpenID Connect; Fine-grained Authorization; XACML.

Abstract:
In policy-based management, service providers want to enforce fine-grained policies for their resources and services. Besides the assurance of digital identity, service providers usually need personal data for evaluation of access control policies. The disclosure of personal data, also known as Personally Identifiable Information (PII), could represent a privacy breach. This paper proposes an architecture that allows an individual to obtain services without the need of releasing all personal attributes. The architecture achieves that outcome evaluating the targeted policy in the domain of the identity provider, that is, policies are sent from service providers to identity providers to be evaluated, without the need of releasing some PIIs to the service provider side. We also present an implementation of a prototype using XACML 3.0 for fine-grained authorization and OpenID Connect for identity management. The prototype was evaluated through an use case representing an hypothetical scenario of a bookstore. The project demonstrated that for certain situations an user can restrict the release of PII data and still gain access to services.

Pages: 75 to 80

Copyright: Copyright (c) IARIA, 2017

Publication date: April 23, 2017

Published in: conference

ISSN: 2308-4413

ISBN: 978-1-61208-546-3

Location: Venice, Italy

Dates: from April 23, 2017 to April 27, 2017