A privacy preserving assertion based policy language for federation systems

Anna C. Squicciarini, Ayca Azgin Hintoglu, Elisa Bertino, Yucel Saygin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)

Abstract

Identity federation systems enable participating organizations to provide services to qualified individuals and manage their identity attributes at an inter-organizational level. Most importantly, they empower individuals with control over the usage of their attributes within the federation via enforcement of various policies. Among such policies, one of the most important yet immature one is the privacy policy. Existing frameworks proposed for privacy-preserving federations lack the capability to support complex data-usage preferences in the form of obligations, i.e. the privacy related actions that must be performed upon certain actions on a specific piece of information. Moreover, they do not account for the history of events resulting from the interactions among federation entities. To address these deficiencies we propose an extension to an existing assertion based policy language. More specifically, we provide a new set of assertions to define the privacy related properties of a federation system. We extend the com-mon definition of privacy preference policies with obligation preferences. Finally, we illustrate how the proposed framework is realized among service providers to ensure proper enforcement of privacy policies and obligations.

Original languageEnglish (US)
Title of host publicationSACMAT'07
Subtitle of host publicationProceedings of the 12th ACM Symposium on Access Control Models and Technologies
Pages51-60
Number of pages10
DOIs
StatePublished - Aug 24 2007
EventSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies - Sophia Antipolis, France
Duration: Jun 20 2007Jun 22 2007

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

Other

OtherSACMAT'07: 12th ACM Symposium on Access Control Models and Technologies
CountryFrance
CitySophia Antipolis
Period6/20/076/22/07

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Cite this

Squicciarini, A. C., Hintoglu, A. A., Bertino, E., & Saygin, Y. (2007). A privacy preserving assertion based policy language for federation systems. In SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies (pp. 51-60). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1266840.1266849
Squicciarini, Anna C. ; Hintoglu, Ayca Azgin ; Bertino, Elisa ; Saygin, Yucel. / A privacy preserving assertion based policy language for federation systems. SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. 2007. pp. 51-60 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).
@inproceedings{7484fd1079ea430ba1960acadd98fd73,
title = "A privacy preserving assertion based policy language for federation systems",
abstract = "Identity federation systems enable participating organizations to provide services to qualified individuals and manage their identity attributes at an inter-organizational level. Most importantly, they empower individuals with control over the usage of their attributes within the federation via enforcement of various policies. Among such policies, one of the most important yet immature one is the privacy policy. Existing frameworks proposed for privacy-preserving federations lack the capability to support complex data-usage preferences in the form of obligations, i.e. the privacy related actions that must be performed upon certain actions on a specific piece of information. Moreover, they do not account for the history of events resulting from the interactions among federation entities. To address these deficiencies we propose an extension to an existing assertion based policy language. More specifically, we provide a new set of assertions to define the privacy related properties of a federation system. We extend the com-mon definition of privacy preference policies with obligation preferences. Finally, we illustrate how the proposed framework is realized among service providers to ensure proper enforcement of privacy policies and obligations.",
author = "Squicciarini, {Anna C.} and Hintoglu, {Ayca Azgin} and Elisa Bertino and Yucel Saygin",
year = "2007",
month = "8",
day = "24",
doi = "10.1145/1266840.1266849",
language = "English (US)",
isbn = "1595937455",
series = "Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT",
pages = "51--60",
booktitle = "SACMAT'07",

}

Squicciarini, AC, Hintoglu, AA, Bertino, E & Saygin, Y 2007, A privacy preserving assertion based policy language for federation systems. in SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT, pp. 51-60, SACMAT'07: 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, 6/20/07. https://doi.org/10.1145/1266840.1266849

A privacy preserving assertion based policy language for federation systems. / Squicciarini, Anna C.; Hintoglu, Ayca Azgin; Bertino, Elisa; Saygin, Yucel.

SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. 2007. p. 51-60 (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A privacy preserving assertion based policy language for federation systems

AU - Squicciarini, Anna C.

AU - Hintoglu, Ayca Azgin

AU - Bertino, Elisa

AU - Saygin, Yucel

PY - 2007/8/24

Y1 - 2007/8/24

N2 - Identity federation systems enable participating organizations to provide services to qualified individuals and manage their identity attributes at an inter-organizational level. Most importantly, they empower individuals with control over the usage of their attributes within the federation via enforcement of various policies. Among such policies, one of the most important yet immature one is the privacy policy. Existing frameworks proposed for privacy-preserving federations lack the capability to support complex data-usage preferences in the form of obligations, i.e. the privacy related actions that must be performed upon certain actions on a specific piece of information. Moreover, they do not account for the history of events resulting from the interactions among federation entities. To address these deficiencies we propose an extension to an existing assertion based policy language. More specifically, we provide a new set of assertions to define the privacy related properties of a federation system. We extend the com-mon definition of privacy preference policies with obligation preferences. Finally, we illustrate how the proposed framework is realized among service providers to ensure proper enforcement of privacy policies and obligations.

AB - Identity federation systems enable participating organizations to provide services to qualified individuals and manage their identity attributes at an inter-organizational level. Most importantly, they empower individuals with control over the usage of their attributes within the federation via enforcement of various policies. Among such policies, one of the most important yet immature one is the privacy policy. Existing frameworks proposed for privacy-preserving federations lack the capability to support complex data-usage preferences in the form of obligations, i.e. the privacy related actions that must be performed upon certain actions on a specific piece of information. Moreover, they do not account for the history of events resulting from the interactions among federation entities. To address these deficiencies we propose an extension to an existing assertion based policy language. More specifically, we provide a new set of assertions to define the privacy related properties of a federation system. We extend the com-mon definition of privacy preference policies with obligation preferences. Finally, we illustrate how the proposed framework is realized among service providers to ensure proper enforcement of privacy policies and obligations.

UR - http://www.scopus.com/inward/record.url?scp=34548008397&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=34548008397&partnerID=8YFLogxK

U2 - 10.1145/1266840.1266849

DO - 10.1145/1266840.1266849

M3 - Conference contribution

AN - SCOPUS:34548008397

SN - 1595937455

SN - 9781595937452

T3 - Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT

SP - 51

EP - 60

BT - SACMAT'07

ER -

Squicciarini AC, Hintoglu AA, Bertino E, Saygin Y. A privacy preserving assertion based policy language for federation systems. In SACMAT'07: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies. 2007. p. 51-60. (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT). https://doi.org/10.1145/1266840.1266849