Privacy in browser-based attribute exchange

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue WORKSHOP, 2002, Pages 52-62

  Pfitzmann, Birgit ^a   Waidner, Michael ^a  

^a IBM RESEARCH ZURICH   (Switzerland)

Author keywords

Attribute exchange; BBAE; E Community Single Signon; Identity management; Liberty; Passport; Privacy; Roles; SAML; Security; Shibboleth; Single signon; Traffic data; Wallet; Web browser

Indexed keywords

ALGORITHMS; ELECTRONIC COMMERCE; NETWORK PROTOCOLS; SECURITY OF DATA; USER INTERFACES; WEBSITES;

ATTRIBUTE-EXCHANGE PROTOCOLS;

WEB BROWSERS;

EID: 0038379542     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/644527.644533     Document Type: Conference Paper

References (34)

1. APP01 A P3P Preference Exchange Language 1.0 (APPEL1.0); W3C Working Draft 26 February 2001, http://www.w3.org/TR/P3P-preferences.html
2. BLK+01 Kathy Bohrer, Xuan Liu, Dogan Kesdogan, Edith Schonberg, Moninder Singh, Susan L. Spraragen: Personal Information Management and Distribution; 4th Intern. Conf. on Electronic Commerce Research (ICECR-4), Dallas, Nov. 2001
3. Cha81 David Chaum: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms; Communications of the ACM 24/2 (1981) 84-88
4. Cha85 David Chaum: Security without Identification: Transaction Systems to make Big Brother Obsolete; Communications of the ACM 28/10 (1985) 1030-1044
5. CL00 Jan Camenisch, Anna Lysyanskaya: An efficient system for non-transferable anonymous credentials with optional anonymity revocation; Eurocrypt 2001, LNCS 2045, SpringerVerlag, Berlin, 93-117
6. CV02 Jan Camenisch, Els Van Herreweghen: Design and Implementation of the Idemix Anonymous Credential System; to appear at ACM CCS 2002, Washington, Nov. 2002
7. DH76 Whitfield Diffie, Martin E. Hellman: New Directions in Cryptography; IEEE Transactions on Information Theory 22/6 (1976) 644-654
8. FSS+01 Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster; Dos and Don'ts of Client Authentication on the Web; Proc. l0th USENIX Security Symposium, 2001
9. Gat99 Gator: The Smart Online Companion; first release 1999, http://www.gator.com/
10. GGK+99 Eran Gabber, Phillip B. Gibbons, David M. Kristol, Yossi Matias, Alain Mayer: Consistent, Yet Anonymous, Web Access with LPWA; Communications of the ACM 42/2 (1999) 42-47
11. Gol01 Y. Y. Goland: Zero Install Single Sign On Solution for a HTTP Browser; Internet Draft, Nov. 2001, http://www. ietf.cnri.reston.va.us/internet-drafts/draft-goland-sso-human-00.txt
12. Har02 Harris Interactive: First Major Post-9/11 Privacy Survey Finds Consumers Demanding Companies Do More To Protect Privacy; Rochester, Feb. 2002, http://www.harrisinteractive.com/news/allnewsbydate.asp? NewsID=429
13. HTT99 Hypertext Transfer Protocol - HTTP/1.1; Internet RFC 2616, 1999
14. IBM97 IBM Consumer Wallet; first release 1997, White Paper 1999, http://www-3.ibm.com/software/webservers/commerce/payment/wallet.pdf
15. IBM99 IBM Multi-National Consumer Privacy Survey, conducted by Louis Harris & Associates, Inc.; IBM Global Services, October 1999
16. IBM02 IBM: Enterprise Security Architecture using IBM Tivoli Security Solutions; April 2002, http://www.redbooks. ibm.com/abstracts/sg246014.html
17. IM02 IBM Corporation, Microsoft: Security in a Web Services World: A Proposed Architecture and Roadmap, V 1.0; April 2002, http://www-106.ibm.com/developerworks/library/ws-secmap/
18. KR00 David P. Kormann, Aviel D. Rubin: Risks of the Passport Single Signon Protocol; Computer Networks 33 (2001) 51-58
19. KSW02 Günter Karjoth, Matthias Schunter, Michael Waidner: Platform for Enterprise Privacy Practices; to appear in these proceedings.
20. Lib02 Liberty Alliance Project (founded 2001): Specifications Version 1.0, July 2002, http://www.projectliberty.org/specs/liberty-specifications-vl.0.zip
21. Mic01 Microsoft Corporation: NET Passport documentation (started 1999), in particular Technical Overview, Sept. 2001, and SDK 2.1 Documentation; http://www.passport. com and http://msdn.microsoft.com/downloads
22. Mic02 Microsoft Corporation: Microsoft Federated Security and Identity Roadmap, June 2002, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/w sfederate.asp?frame=true
23. P3P02 The Platform for Privacy Preferences 1.0 (P3P1.0) Specification; W3C Recommendation, April 2002, http://www.w3.org/TR/2002/REC-P3P-20020416/
24. Pas99 Passlogix: v-Go Single Signon; first release 1999, White Paper 2000, http://www.passlogix.com/media/pdfs/usable_security.pdf
25. PKI02 Public-Key Infrastructure (X.509) Working Group: An Internet Attribute Certificate Profile for Authorization; RFC 3281, 2002, http://www.ietf.org/rfc/rfc3281.txt
26. PW02 Birgit Pfitzmann, Michael Waidner: BBAE - A General Protocol for Browser-based Attribute Exchange; IBM Research Report RZ 3455 (# 93800), Sept 2002, http://www.zurich.ibm.com/security/publications/2002.html
27. Rob99 Roboform: Free Web Form Filler and Password Manager; first release 1999, http://www.siber.com/roboform/
28. SAM02 OASIS Security Assertion Markup Language (SAML); Committee specification 01, May 2002 (started Jan. 2001), http://www.oasis-open.org/committees/security/docs
29. Shi02 Shibboleth-Architecture DRAFT v05; May 2002 (vl in 2001) http://middleware.internet2.edu/shibboleth/docs/draft-internet2-shibboleth-arch- v05.pdf
30. Sle01 Marc Slemko: Microsoft Passport to Trouble; Rev. 1.18, Nov. 5, 2001 http://alive.znep.com/̃marcs/passport/
31. Wes67Alan F. Westin: Privacy and Freedom; Atheneum, New York NY, 1967
32. Wil02 Joe Wilcox: Customers wary of online IDs and Survey: Passport required-not appealing, CNET News.com, April 2002, http://news.com.com/2100-1001-892808.html and http://news.com.com/2100-1001-884730.html
33. XML02 XML-Signature Syntax and Processing; W3C Recommendation, Feb. 2002, http://www.w3.org/TR/xmldsigcore/
34. Zer99 Zeroknowledge: Freedom Personal Firewall; first release 1999, http://www.freedom.net/products/firewall/index.html