Birgit Pfitzmann
Michael Waidner
ABSTRACT
Browser-based attribute-exchange protocols enable users of normal web browsers to conveniently send attributes, such as authentication or demographic data, to web sites. Such protocols might become very common and almost mandatory in general consumer scenarios over the next few years. We derive the privacy requirements on such protocols from general privacy principles and study their consequences for the protocol design. We also survey to what extent proposals like Microsoft's Passport, IBM's e-Community Single Signon, SAML, Shibboleth, the Liberty Alliance specifications and a protocol BBAE of our own conform to these design consequences, and how one could go forward.
- APP01 A P3P Preference Exchange Language 1.0 (APPEL1.0); W3C Working Draft 26 February 2001, http://www.w3.org/TR/P3P-preferences.html]]Google Scholar
- BLK+01 Kathy Bohrer, Xuan Liu, Dogan Kesdogan, Edith Schonberg, Moninder Singh, Susan L. Spraragen: Personal Information Management and Distribution; 4th Intern. Conf. on Electronic Commerce Research (ICECR-4), Dallas, Nov. 2001]]Google Scholar
- Cha81 David Chaum: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms; Communications of the ACM 24/2 (1981) 84--88]] Google ScholarDigital Library
- Cha85 David Chaum: Security without Identification: Transaction Systems to make Big Brother Obsolete; Communications of the ACM 28/10 (1985) 1030--1044]] Google ScholarDigital Library
- CL00 Jan Camenisch, Anna Lysyanskaya: An efficient system for non-transferable anonymous credentials with optional anonymity revocation; Eurocrypt 2001, LNCS 2045, Springer-Verlag, Berlin, 93--117]] Google ScholarDigital Library
- CV02 Jan Camenisch, Els Van Herreweghen: Design and Implementation of the Idemix Anonymous Credential System; to appear at ACM CCS 2002, Washington, Nov. 2002]] Google ScholarDigital Library
- DH76 Whitfield Diffie, Martin E. Hellman: New Directions in Cryptography; IEEE Transactions on Information Theory 22/6 (1976) 644--654]]Google ScholarDigital Library
- FSS+01 Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster: Dos and Don'ts of Client Authentication on the Web; Proc. 10th USENIX Security Symposium, 2001]] Google ScholarDigital Library
- Gat99 Gator: The Smart Online Companion; first release 1999, http://www.gator.com/]]Google Scholar
- GGK+99 Eran Gabber, Phillip B. Gibbons, David M. Kristol, Yossi Matias, Alain Mayer: Consistent, Yet Anonymous, Web Access with LPWA; Communications of the ACM 42/2 (1999) 42--47]] Google ScholarDigital Library
- Gol01 Y. Y. Goland: Zero Install Single Sign On Solution for a HTTP Browser; Internet Draft, Nov. 2001, http://www.ietf.cnri.reston.va.us/internet-drafts/draft-goland-sso-human-00.txt]]Google Scholar
- Har02 Harris Interactive: First Major Post-9/11 Privacy Survey Finds Consumers Demanding Companies Do More To Protect Privacy; Rochester, Feb. 2002, http://www.harrisinteractive.com/news/allnewsbydate.asp? NewsID=429]]Google Scholar
- HTT99 Hypertext Transfer Protocol -- HTTP/1.1; Internet RFC 2616, 1999]]Google Scholar
- IBM97 IBM Consumer Wallet; first release 1997, White Paper 1999, http://www-3.ibm.com/software/webservers/commerce/payment/wallet.pdf]]Google Scholar
- IBM99 IBM Multi-National Consumer Privacy Survey, conducted by Louis Harris & Associates, Inc.; IBM Global Services, October 1999]]Google Scholar
- IBM02 IBM: Enterprise Security Architecture using IBM Tivoli Security Solutions; April 2002, http://www.redbooks.ibm.com/abstracts/sg246014.html]]Google Scholar
- IM02 IBM Corporation, Microsoft: Security in a Web Services World: A Proposed Architecture and Roadmap, V 1.0; April 2002, http://www-106.ibm.com/developerworks/library/ws-secmap/]]Google Scholar
- KR00 David P. Kormann, Aviel D. Rubin: Risks of the Passport Single Signon Protocol; Computer Networks 33 (2001) 51--58]] Google ScholarDigital Library
- KSW02 Günter Karjoth, Matthias Schunter, Michael Waidner: Platform for Enterprise Privacy Practices; to appear in these proceedings.]]Google Scholar
- Lib02 Liberty Alliance Project (founded 2001): Specifications Version 1.0, July 2002, http://www.projectliberty.org/specs/liberty-specifications-v1.0.zip]]Google Scholar
- Mic01 Microsoft Corporation: .NET Passport documentation (started 1999), in particular Technical Overview, Sept. 2001, and SDK 2.1 Documentation; http://www.passport.com and http://msdn.microsoft.com/downloads]]Google Scholar
- Mic02 Microsoft Corporation: Microsoft Federated Security and Identity Roadmap, June 2002, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/wsfederate.asp?frame=true]]Google Scholar
- P3P02 The Platform for Privacy Preferences 1.0 (P3P1.0) Specification; W3C Recommendation, April 2002, http://www.w3.org/TR/2002/REC-P3P-20020416/]]Google Scholar
- Pas99 Passlogix: v-Go Single Signon; first release 1999, White Paper 2000, http://www.passlogix.com/media/pdfs/usable_security.pdf]]Google Scholar
- PKI02 Public-Key Infrastructure (X.509) Working Group: An Internet Attribute Certificate Profile for Authorization; RFC 3281, 2002, http://www.ietf.org/rfc/rfc3281.txt]]Google Scholar
- PW02 Birgit Pfitzmann, Michael Waidner: BBAE -- A General Protocol for Browser-based Attribute Exchange; IBM Research Report RZ 3455 (# 93800), Sept 2002, http://www.zurich.ibm.com/security/publications/2002.html]]Google Scholar
- Rob99 Roboform: Free Web Form Filler and Password Manager; first release 1999, http://www.siber.com/roboform/]]Google Scholar
- SAM02 OASIS Security Assertion Markup Language (SAML); Committee specification 01, May 2002 (started Jan. 2001), http://www.oasis-open.org/committees/security/docs]]Google Scholar
- Shi02 Shibboleth-Architecture DRAFT v05; May 2002 (v1 in 2001) http://middleware.internet2.edu/shibboleth/docs/draft-internet2-shibboleth-arch-v05.pdf]]Google Scholar
- Sle01 Marc Slemko: Microsoft Passport to Trouble; Rev. 1.18, Nov. 5, 2001 http://alive.znep.com/~marcs/passport/]]Google Scholar
- Wes67 Alan F. Westin: Privacy and Freedom; Atheneum, New York NY, 1967]]Google Scholar
- Wil02 Joe Wilcox: Customers wary of online IDs and Survey: Passport required-not appealing, CNET News.com, April 2002, http://news.com.com/2100-1001-892808.html and http://news.com.com/2100-1001-884730.html]]Google Scholar
- XML02 XML-Signature Syntax and Processing; W3C Recommendation, Feb. 2002, http://www.w3.org/TR/xmldsig-core/]]Google Scholar
- Zer99 Zeroknowledge: Freedom Personal Firewall; first release 1999, http://www.freedom.net/products/firewall/index.html]]Google Scholar
Index Terms
- Privacy in browser-based attribute exchange
Recommendations
Proving a WS-Federation passive requestor profile
SWS '04: Proceedings of the 2004 workshop on Secure web serviceCurrently, influential industrial players are in the process of realizing identity federation, in particular the authentication of browser users across administrative domains. WS-Federation is a joint protocol framework for Web Services clients and ...
A SWIFT Take on Identity Management
A proposed identity management framework provides privacy protection, by means of virtual identities, and cross-layer single sign-on for users who subscribe to multiple service and identity providers.
Proving a WS-federation passive requestor profile with a browser model
SWS '05: Proceedings of the 2005 workshop on Secure web servicesWeb-based services are an important business area. For usability and cost-effectiveness these services require users to rely only on standard browsers. A representative class of such applications, currently in the focus of many industrial players, is ...
Comments