Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon -

Cross-domain identity management is gaining significant interest in industry. A recent example is the Liberty Alliance's specifications for single signon of users across a federation of enterprises. These specifications stress that the federation process is voluntary for the users and that privacy is preserved, e.g., by using pseudonyms. We evaluate the privacy of these specifications in detail. We point out ambiguities and propose a concrete privacy policy together with a few changes to the Liberty
processing rules. Our analysis demonstrates that identity-management policies are non-trivial even in a limited context. We also discuss how such low-tech proposals from industry relate to high-tech privacy-enhancing proposals from the research community.

By: Birgit Pfitzmann

Published in: Lecture Notes in Computer Science, volume 2760, (no ), pages 189-204 in 2003

Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.

Questions about this service can be mailed to .