Abstract
Identity management is a powerful mechanism to enhance user-privacy. In this paper we will examine the idea of an identity management system built atop of an anonymous-communication network. First, we will develop some basic approaches to realize identity management, and we will introduce the Platform for Privacy Preferences Project (P3P) as a standard for exchanging personal data in the World Wide Web. After discussing the feasibility of using P3P as a basis, we will outline some possibilities for designing an identity management system using P3P. For this purpose, other building blocks, especially considering the representation of different kinds of pseudonyms as the core of an identity management system, are described. Finally, we will sketch possible future developments of identity managers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
A P3P Preference Exchange Language (APPEL); Marc Langheinrich (Ed.); W3C Working Draft 20 April 2000; http://www.w3.org/TR/2000/WD-P3P-preferences-20000420 (newer version in the W3C member area: Working Draft 3 October 2000; http://www.w3.org/P3P/Group/Preferences/Drafts/WD-P3P-preferences-20001006.html).
Oliver Berthold, Hannes Federrath: Identitätsmanagement; in: Helmut Bäumler (Ed.): E-Privacy; Proceedings Summer School of the Independent Centre for Privacy Protection Schleswig-Holstein, August 28, 2000, Kiel; Vieweg, Wiesbaden 2000, 189–204.
Stefan Brands: Rethinking Public Key Infrastructures and Digital Certificates-Building in Privacy; Thesis; Brands Technologies; 1999; http://www.xs4all.nl/~brands/.
David Chaum: Security Without Identification: Card Computers to Make Big Brother Obsolete; http://www.chaum.com/articles/Security WthoutIdentification.htm. Original version: Security Without Identification: Transaction Systems to Make Big Brother Obsolete; Communications of the ACM, Vol. 28 No. 10, October 1985; 1030–1044.
David Chaum: Showing Credentials without Identification: Transferring Signatures between Unconditionally Unlinkable Pseudonyms; in: J. Seberry/ J. Pieprzyk (Eds.): Advances in Cryptology-AUSCRYPT’ 90, volume 453 of Lecture Notes in Computer Science, 8–11 January, 1990, Sydney, Australia, Springer; 246–264.
Roger Clarke: Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice; in: Simone Fischer-Hübner, Gerald Quirchmayr, Louise Yngström (Eds.): User Identification & Privacy Protection: Applications in Public Administration & Electronic Commerce; Kista, Schweden; June 1999; IFIP WG 8.5 and WS 9.6; http://www.anu.edu.au/people/Roger.Clarke/DV/UIPP99.html.
Lorrie Faith Cranor: Agents of Choice: Tools that Facilitate Notice and Choice about Web Site Data Practices; Proceedings of the 21st International Conference on Privacy and Personal Data Protection; September 13–15, 1999; Hong Kong SAR, China; 19–25; http://www.research.att.com/~lorrie/pubs/hk.pdf.
Herbert Damker, Ulrich Pordesch, Martin Reichenbach: Personal Reachability and Security Management-Negotiation of Multilateral Security; in: Günter Müller, Kai Rannenberg (Eds.): Multilateral Security in Communications-Technology, Infrastructure, Economy; Proceedings Multilateral Security in Communications, July 16–17, 1999, Stuttgart; Addison-Wesley-Longman, Munich 1999; 95–111.
John Hagel, Marc Singer: Net Worth: Shaping Markets When Customers Make the Rules; Harvard Business School Press, U.S.; 1999.
Joe Kilian, Erez Petrank: Identity Escrow; in: H. Krawczyk (Ed.): Advances in Cryptology-CRYPTO’ 98; Volume 1642of Lecture Notes in Computer Science; Springer, Berlin 1998; 169–185; http://www.cs.technion.ac.il/~erez/identcrypto.ps.
Marit Köhntopp: Identitätsmanagement; 2000; http://www.koehntopp.de/marit/publikationen/idmanage/.
Anna Lysyanskaya: Pseudonym Systems; Master’s Thesis at the Massachusetts Institute of Technology; June 1999; http://theory.lcs.mit.edu/~cis/theses/anna-sm.ps.gz.
Andreas Pfitzmann, Marit Köhntopp: Anonymity, Unobservability, and Pseudonymity-A Proposal for Terminology; in this volume.
Birgit Pfitzmann, Michael Waidner, Andreas Pfitzmann: Secure and Anonymous Electronic Commerce: Providing Legal Certainty in Open Digital Systems Without Compromising Anonymity; IBM Research Report RZ 3232 (#93278) 05/22/00, IBM Research Division, Zurich, May 2000; http://www.semper.org/sirene/publ/PWP00anoEcommerce.ps.gz.
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification; Massimo Marchiori (Ed.); W3C Candidate Recommendation 15 December 2000; http://www.w3.org/TR/2000/CR-P3P-20001215/.
Henk van Rossum, Huib Gardeniers, John Borking et al.: Privacy-Enhancing Technologies: The Path to Anonymity, Volume I u. II; Achtergrondstudies en Verkenningen 5a/5b; Registratiekamer, The Netherlands & Information and Privacy Commissioner/Ontario, Canada; August 1995; http://www.ipc.on.ca/english/pubpres/sum pap/papers/anon-e.htm.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Berthold, O., Köhntopp, M. (2001). Identity Management Based on P3P. In: Federrath, H. (eds) Designing Privacy Enhancing Technologies. Lecture Notes in Computer Science, vol 2009. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44702-4_9
Download citation
DOI: https://doi.org/10.1007/3-540-44702-4_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41724-8
Online ISBN: 978-3-540-44702-3
eBook Packages: Springer Book Archive