Towards unconditional anonymity

privacy enforcement model inweb services

Yong Yang*, Jian Yang

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

1 Citation (Scopus)
5 Downloads (Pure)

Abstract

Privacy in web services is of great importance and a critical requirement for any business and non-business environments. The growth of web services has been accompanied by sharing more and more user personal information with web service providers between diverse and heterogeneous computing systems, which has raised concern about possible malicious or accidental unauthorized abuse of user information. The Security Assertion Markup Language (SAML) architecture is an XML standard for exchanging authentication and authorization data. However privacy preserving in SAML is inadequate for user privacy protection. In this paper, the SAML architecture is extended to address this shortcoming. A privacy enforcement model based on ring signature is presented, which provides unconditional anonymity for web service users. This model enables verification of individuals who belong to a specific group with access right without actually being identified by their IDs or names. Therefore the risk of information leak is reduced. Furthermore, even if the third party is corrupted or the ID correspondence relationship is leaked, the individual remains unrecognizable. Meanwhile most SAML authorization between individual and web services can be done without the presence of the third party, which largely decreases communication overhead and enhances the privacy. Finally, a web services conversation establishment protocol is constructed based on this model, which has been implemented in Java/Tomcat.

Original languageEnglish
Title of host publication2008 IEEE Congress on Services Part II, SERVICES 2008
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages26-33
Number of pages8
ISBN (Electronic)9780769533131
ISBN (Print)9780769532868
DOIs
Publication statusPublished - 2008
Event2008 IEEE Congress on Services, SERVICES 2008 - Beijing, China
Duration: 23 Sep 200826 Sep 2008

Other

Other2008 IEEE Congress on Services, SERVICES 2008
CountryChina
CityBeijing
Period23/09/0826/09/08

Bibliographical note

Copyright 2008 IEEE. Reprinted from 2008 IEEE Congress on Services : SERVICES 2008 : Part 2 : 23-26 September 2008, Beijing, China. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of Macquarie University’s products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.

Fingerprint Dive into the research topics of 'Towards unconditional anonymity: privacy enforcement model inweb services'. Together they form a unique fingerprint.

  • Cite this

    Yang, Y., & Yang, J. (2008). Towards unconditional anonymity: privacy enforcement model inweb services. In 2008 IEEE Congress on Services Part II, SERVICES 2008 (pp. 26-33). [4700496] Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/SERVICES-2.2008.8