Abstract
Personal mobile devices with real practical computational power and Internet connectivity are currently widespread throughout all levels of society. This is so much so that the most popular of these devices, the smart phone, in all its varied ubiquitous manifestations is nowadays the de facto personal mobile computing platform, be it for civil or even military applications. In parallel with these developments, Internet application providers like Google and Facebook are developing and deploying an ever increasing set of personal services that are being aggregated and structured over personal user accounts were an ever increasing set of personal private sensitive attributes is being massively aggregated. In this paper we describe OFELIA (Open Federated Environment for Leveraging of Identity and Authorization), a framework for user centric identity management that provides an identity/authorization versatile infrastructure that does not depend upon the massive aggregation of users identity attributes to offer a versatile set of identity services. In OFELIA personal attributes are distributed among and protected by several otherwise unrelated AAs (Attribute Authorities). Only the user mobile device knows how to aggregate these scattered AAs identity attributes back into some useful identifiable entity identity. Moreover by recurring to an IdB (Identity Broker), acting as a privacy enhancing blind caching-proxy, in OFELIA the identity attributes location in the Internet is hidden from the RP/SP (Relying Party, Service Provider) that wants to have temporary access to the users personal data. The mobile device thus becomes the means by which the user can asynchronously exercise discretionary access control over their most sensitive dynamic identity attributes in a simple but highly transparent way.
Chapter PDF
Similar content being viewed by others
Keywords
References
Baden, R., Bender, A., Spring, N., Bhattacharjee, B., Starin, D.: Persona: an online social network with user-defined privacy. SIGCOMM Comput. Commun. Rev. 39, 135–146 (2009)
Cantor, S.: Shibboleth architecture, protocols and profiles (September 2005), http://www.mediafire.com/?8bswqc4y47sqygw (verified on January 13, 2012)
Chadwick, D.: Authorisation using attributes from multiple authorities. In: 15th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE 2006, pp. 326–331. IEEE (2006)
Chadwick, D., Inman, G., and Klingenstein, N. Authorisation using attributes from multiple authorities–a study of requirements. European Institute for E-Learning (EIfEL), 366 (2007)
Chadwick, D.W., Inman, G., Klingenstein, N.: A conceptual model for attribute aggregation. Future Generation Computer Systems 26(7), 1043–1052 (2010)
Eastlake III, D., Crocker, S., Schiller, J.: Randomness recommendations for security (2005), https://ietf.org/rfc/rfc4086.txt (verified on February 14, 2012)
Saint-Andre, P. (ed.): Extensible messaging and presence protocol (xmpp):core. RFC 3920, IETF (July 2004)
For Android, P.S. Secure element evaluation kit for the android platform - the ’smartcard api’ (2011), http://tinyurl.com/seek4android (verified on January 10, 2012)
Gemmill, J., Robinson, J.-P., Scavo, T., Bangalore, P.: Cross-domain authorization for federated virtual organizations using the myvocs collaboration environment. Concurr. Comput.: Pract. Exper. 21, 509–532 (2009)
GmbH, G.. D. S. F.S. Mobile security card ve 2.0 (2011), http://tinyurl.com/mobseccard (verified on January 10, 2012)
Huang, H.: Reversible data hiding with histogram-based difference expansion for qr code applications. IEEE Transactions on Consumer Electronics 57(2), 779–787 (2011)
Haaker, T., Smit, S., Vester, J., Shepherd, K., Ito, N., Guelbahar, M., Zoric, J.: Business models for networked media services. In: Proceedings of the Seventh European Conference on European Interactive Television Conference, EuroITV 2009, pp. 53–56. ACM, New York (2009)
Hammer-Lahav, E.: Introducing oauth 2.0 (2010)
Hammer-Lahav, E.: The oauth 1.0 protocol (rfc5849) (April 2010), http://tools.ietf.org/html/rfc5849 (verified on April 14, 2011)
Ian Paterson, P. S.-A.: Xep-0206: Xmpp over bosh (July 2010), http://bit.ly/xep0206 (verified on April 14, 2011)
Inman, G., Chadwick, D.: A privacy preserving attribute aggregation model for federated identity managements systems. Serbian Publication InfoReview joins UPENET, the Network of CEPIS Societies Journals and Magazines 21 (2010)
Jsang, A., Pope, S.: User-centric identity management. In: Proceedings of AusCERT 2005, Brisbane, Australia (May 2005)
Sakimura, N., et al.: Openid connect standard 1.0, http://tinyurl.com/openidc (verified on January 13, 2012)
Recordon, D., Reed, D.: Openid 2.0: a platform for user-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, DIM 2006, pp. 11–16. ACM, New York (2006)
Saint-André, P., Smith, K., Tronçon, R.: XMPP: the definitive guide. Definitive Guide Series. O’Reilly (2009)
Schwartz, P. M.: Property, Privacy, and Personal Data. SSRN eLibrary
Song, D., Bruza, P.: Towards context sensitive information inference. Journal of the American Society for Information Science and Technology, IETF 54, 321–334 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Augusto, A.B., Correia, M.E. (2012). OFELIA – A Secure Mobile Attribute Aggregation Infrastructure for User-Centric Identity Management. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds) Information Security and Privacy Research. SEC 2012. IFIP Advances in Information and Communication Technology, vol 376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30436-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-30436-1_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30435-4
Online ISBN: 978-3-642-30436-1
eBook Packages: Computer ScienceComputer Science (R0)