Browser-based attribute exchange means protocols for a user of a normal web browser to send attributes, such as authentication or demographic data, to a web site. The best-known deployed protocol of this type in the real world is Microsoft’s Passport. We identify the privacy requirements on such protocols in a general consumer scenario, derive the main design decisions needed to fulfil these requirements, and present a protocol with these properties. Our emphasis lies on protocols that could be standardized and deployed short-term.
By: Birgit Pfitzmann and Michael Waidner
Published in: Proceedings of the ACM Conference on Computer and Communications Security - Workshop on Privacy in the Electronic Society. , ACM. , p.52-62 in 2002
Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.
Questions about this service can be mailed to reports@us.ibm.com .