A Privacy Enabled Service Authorization Based on a User-centric Virtual Identity Management System

摘要

User trust and empowerment (in terms of their personal data control) are areas that must be addressed thoroughly when talking about identity and business models for distributed communication systems. Protecting the privacy of users is a challenging problem for identity management systems, which can only be achieved if it gives users complete control over their identity data. However, none of the existing solutions offers this possibility. Based on a user-centric virtual identity defined by EU IST project Daidalos, this paper proposes an effective infrastructure to authorize the privacy-enabled pervasive service, which protects the context-driven access policies for online services in order to avoid attacks by malicious eavesdroppers. In the proposed infrastructure, SMAL and Diameter are used to securely protect and deliver authenticated and authorized entities and XACML is used to authorize the user-level privacy policy. The proposed infrastructure is partially integrated into the Daidalos demonstration platform.