Enhancing Consumer Privacy in the Liberty Alliance Identity by vev19514

VIEWS: 6 PAGES: 22

									Enhancing Consumer Privacy in the Liberty
Alliance Identity Federation and Web
Services Frameworks



       Mansour Alsaleh & Carlisle Adams

       School of Information Technology and Engineering (SITE),
       University of Ottawa
Outline

        Introduction
        Key Concepts
          Identity Federation
          Identity Federation Steps
          Single Sign-On
          Liberty Alliance Identity Federation Architecture
        Problem Statement and Research Contribution
        Liberty Use Case Scenario
        Possible Privacy Breaches: Identification, Analysis, and Recommendations
          Identity Federation
          Single Sign-On
          Discovery Service
          Interaction Service
          User Attribute Access Control
        Proposal for New Services in ID-FF and ID-WSF
          User Privacy Preferences Service
          Privacy Seal Service
          Audit Trail Service
        Conclusion


                                                                                    2
Introduction “User privacy in the Internet”

   Several recent surveys show that users’ concern about
    their personal information privacy reduces their use of
    electronic businesses and Internet services
         It is the first barrier in 2006 according to the Industry watchdog
          Gartner Group prediction (in 2003)



   Many users intend to provide false data in order to
    protect their real identities
         24% of users reported giving false information to a Web site and 20%
          gave alternative or secondary e-mail addresses to Web sites (A Pew
          Internet & American Life Project survey in 2000)

                                                                               3
Identity Federation

  What is Identity Federation?
     Assemble an identity virtually from a user’s personal information stored
          across several distinct identity management systems

                        Service Provider                           Service Provider

                         Hotel.com                                   Book.com
  Identity Provider 1                        Identity Provider 2
                        User Profile 3                             User Profile 5

    Airline.com                                 Bank.com

   User Profile 1                             User Profile 2
                        Service Provider                           Service Provider

                        CarRent.com                                Auction.com

                        User Profile 4                             User Profile 6



                                                                                      4
Identity Federation Steps

 1.   Create “an” account with the
      identity provider (Airline.com)                                    Airline.com
                                                             1, 2         (Identity
 2.   User gives consent to the            User                           Provider)
      identity provider to introduce
      him to the affinity group (circle




                                                                              Back Channel
      of trust)




                                                                    el
                                                                 nn
                                          3, 4




                                                              ha
 3.   Identity provider redirect the




                                                             C
      user to the service provider he




                                                         ck
      selected (Hotel.com)




                                                        Ba
 4.   User gives consent to the
      service provider to federate his
      identity                            Hotel.com                      CarRent.com
                                           (Service                        (Service
                                          Provider I)                     Provider II)


                                                                                             5
Single Sign-On

  Single Sign-On (SSO)
                                                                   Airline.com
                                                                    (Identity
   A mechanism whereby a user         User                          Provider)
   can authenticate once with one
   of his identity providers (e.g.




                                                                        Back Channel
   Airline.com) and gain access to




                                                              el
   the resources of multiple




                                                            nn
   members among the group of




                                                         ha
                                                        C
   service providers (e.g.




                                                    ck
                                                   Ba
   Hotel.com or CarRent.com)
   without signing-on again

                                     Hotel.com                     CarRent.com
                                      (Service                       (Service
                                     Provider I)                    Provider II)



                                                                                       6
Why to use Identity Federation

  For Consumers:
    Fewer identities and more manageable

    More connectivity (between existing identities)

    Fewer redundant logons and logouts



  For Businesses:
    Reduces the administrative costs of user profiles for service providers

    Keeps more accurate and up-to-date information about users

    Increases “user” affiliation and sharing of their personal information



                                                                               7
Liberty Alliance Identity Federation Architecture

  Liberty Alliance Objectives:


     To create open, technical specifications that enable sign-on mechanisms
      through federated network identification
     To support a permission-based attribute sharing framework to enable a
      user's control over the use and disclosure of his/her personal information


  The project has obtained support from over 150 well known
   companies and organizations in the last few years




                                                                               8
Liberty Alliance Identity Federation Frameworks
 Liberty Identity Federation          Liberty Identity Service Interface Specifications (ID-SIS 1.0)
 Framework (ID-FF 1.2)
                                      Defines service interfaces for each identity-based Web service so that providers
 OR                                   can exchange different parts of identity interoperably. These might include services
                                      such as registration, contact book, calendar, or geo-location.
 Security Assertion Markup             Personal Profile         Employee              Contact Book            Geolocation
 Language (SAML 2.0)                       Service            Profile Service           Service                 Service

                                      Liberty Identity Web Services Framework (ID-WSF 2.0)
 Enables identity federation
 and management through               Defines a framework for Web services that allows providers to share users’
 features such as identity/           identities in a permission-based mode; The framework offers features like
 account linkage, simplified          Permission Based Attribute Sharing, Identity Service Discovery (to discover identity
 sign on, and simple session          and attribute providers), Interaction Service (a mechanism to obtain permissions
 management.                          from a user) and the associated security profiles.

                                           Data Services
                                             Template
                                                                                                  Identity Services Template


                                        Discovery         Interaction      People         Authentication Service
   Bindings and Profiles
                                         Service            Service        Service
                                                                                                   Identity Services Protocols

   Protocols and Schema
                                       Security Mechanisms           SOAP Binding           Client Profiles
                                                                                             Web Services Bindings & Profiles


      HTTP                     SAML                  SOAP                 SSL/TLC                   WAP                  …
                                                                                                                             9
Problem Statement



  The multidiscipline specifications Liberty covers make it
   vulnerable to a variety of privacy breaches


  Lack of privacy-aware architecture reduces consumer
   trust in using Liberty-enabled providers’ services




                                                               10
Research Contribution

 Identify and analyze consumer privacy breaches and
   concerns in Liberty Alliance Project


 Propose solutions/recommendations to the identified
   privacy breaches to enhance consumer privacy


 Propose requisite new services to Liberty specification
   to enhance consumer privacy




                                                            11
Liberty Use Case Scenario
                                                                                                      CarRent.com (SP 2)



                                                                                                                                   Application Portal




                                                                         se
                                                                       ut
                                                                     ib




                                                                                                                                                                                                11
                                                                 ttr




                                                                                                                                                                                                 .R
                                                                rA




                                                                                 t)
                                                                               ac




                                                                                                                                                                                                     eq
                                                           se



                                                                              tif




                                                                                                                                                                                                       ue
                                                         rU




                                                                             r
                                                                          (a




                                                                                                                                                                                                          s
                                                                                                       2. Authentication Request
                                                       fo




                                                                                                                                                                                                            te
                                                                         on




                                                                                                                                                                                                              d
                                                                                                                                                                 12. Provide Service
                                                       e




                                                                                                                                       1. Service Request
                                                    ns




                                                                                                                                                                                                                At
                                                                     r ti




                                                                                                                                                                                               7.
                                                                 se




                                                                                                                                                                                                                    tr i
                                                  po




                                                                                                                                                                                                  Ge




                                                                                                                                                                                                                        bu
                                                                As
                                               es




                                                                                                                                                                                                                          te
                                                                                                                                                                                                     t
                                          t/ R




                                                             n




                                                                                                                                                                                                     At




                                                                                                                                                                                                                          sR
                                                           io
                                          es




                                                                                                                                                                                                         tr i
                                                           at




                                                                                                                                                                                                                               es
                                        qu




                                                        tic




                                                                                                                                                                                                             bu




                                                                                                                                                                                                                                po
                                   Re




                                                      en




                                                                                                                                                                                                               te




                                                                                                                                                                                                                                  ns
                                                                                                                                                                                                              s
                                                    th
                                   up



                                                  Au




                                                                                                                                                                                                                                     e
                                ok
                              Lo




                                               L
                                              M
                                           SA
                           5.



                                        4.




                                                                                                 ct
                                                                                                ire
                                                                                              ed
                                                                                         rR
                                                                                         se
                                                                                        w
                                                                                      ro
                                                                                    B




                                                                                                                                                                                       9. Take User Permission
           Discovery    Application               3. Authentication Response                                                                                                                                                         Application
PDP                                                                                                                                                         Interaction
      6.




                                                                                                                                                                                                                                                        PDP




                                                                                                                                                                                                                                                   8.
            Service       Portal                           (artifact)                                 Browser                                                                                                                          Portal
                                                                                                                                                              service
                                                                                                                                                                                       10. User Response (ok)


           Airline.com (IdP)                                                                                                                                                                                                              Hotel.com (SP 1)




                                                                                                                                                                                                                                                        12
Privacy Breaches: Identity Federation

  It is not sufficient that IdP gets a general user
   consent to introduce the user to other members
   of the affinity group
     IdP needs to get a user consent for every single                            1, 2
                                                                                              Airline.com
                                                                                               (Identity
       introduction                                             User                           Provider)


  Lack of nonrepudiable clear user consent for




                                                                                                   Back Channel
   Identity federation between IdP and SP
     Always preferable that the user gives this consent




                                                                                         el
                                                                                      nn
                                                               3, 4




                                                                                   ha
       to the IdP side




                                                                                  C
                                                                              ck
                                                                             Ba
  SPs could obtain some basic information about
   the user even before federating the identity with
   the user IdP (e.g. user IdPs list, user preferred
                                                               Hotel.com                      CarRent.com
   IdP)                                                         (Service                        (Service
     SP should not know any information about this            Provider I)                     Provider II)
       introduction until the user visits the SP website and
       he wants to federate




                                                                                                           13
Privacy Breaches: Single Sign-On

 The federation common domain cookie can be
  used to find out the most recent IdP that
  authenticated the user
    The cookie should not contain more than a random                                      Airline.com
                                                                                            (Identity
      list of user IdPs (e.g. preferred IdP or the most       User                          Provider)
      recently established IdP session)

 Browser-redirect messages can carry some




                                                                                                Back Channel
                                                                                      el
  unencrypted personal information about the user




                                                                                    nn
    The artifact should be always an arbitrary number




                                                                                 ha
                                                                                C
      that is known only to the IdP (Any PII should be via




                                                                            ck
                                                                           Ba
      the back-channel)

 Redirection between SPs: When the user is
                                                             Hotel.com                     CarRent.com
  redirected from SP1 to SP2, SP2 will know that              (Service                       (Service
  the user came from SP1                                     Provider I)                    Provider II)
    Audit trail mechanism; Smart IdP




                                                                                                         14
Privacy Breaches: Discovery Service

  SP may locally store the address of the user attribute
   resource holder (taken from DS PDP) and use it at a             CarRent.com (SP 2)
   later time
     Audit trail trusted third party; Timestamp (signed by the
        DS)

  SP can request resource-holder address for more




                                                                                5. Lookup Request/Response
   than one user attribute within the same request




                                                                                     for User Attributes
   message; however the SP may use only one Usage
   Directive SOAP header to specify only one usage
   purpose
     Separate Usage Directive SOAP header for each
        attribute resource-holder address; If only one Usage
        Directive header used, then there should be a standard
        way to express more than one purpose within the single
        usage field of the lookup request

  Lack of standard privacy expressions could lead to             PDP
                                                                             Discovery                       Application




                                                                        6.
                                                                              Service                          Portal
   inconsistent interpretation of data privacy directives
        A standard, fine-grained privacy expression language
        (e.g., XACML)                                                   Airline.com (IdP)


                                                                                                                     15
Privacy Breaches: Interaction Service

                                       9. Take User Permission
                       Interaction                               Application
                                                                                    PDP




                                                                               8.
            Browser                                                Portal
                         service
                                       10. User Response (ok)

                                                                   Hotel.com (SP 1)



  The user SP can fabricate user consent; it is only the SP who decide
   whether to sign the consent or not
     Users should be able to control the integrity of consent request messages; IS to
       sign user consents on behalf of the user  user logs in to the IS first

  IS hosted by other providers may have privacy impacts
     If the IS is not hosted by the user agent itself then the provider hosting the user IS
       should be very trusted by the user (e.g. IdP)

  SP is able to deny its query to the user, as well as user consent (or user
   deny) that is returned
     SP queries to the user should be recorded by the interaction service. SPs should
       digitally sign each query to the user (and signing a confirmation of user consent
       receipt)


                                                                                           16
Privacy Breaches: User Attribute Access Control

  SP cooperation
     audit trail mechanism can help in exposing
       such leakages                                                             Airline.com
                                                                                             PDP
                                                                                     (IdP)
  Attribute deduction (one SP collects more
                                                       User


   than one non-identifiable attribute about
   the same user)




                                                                                          Back Channel
     A privacy seal trusted third party that can




                                                                            el
                                                                           nn
       certify and monitor SP privacy policies and




                                                                       ha
       practices can help to diminish this privacy




                                                                       C
                                                                  ck
       concern




                                                                 Ba
  If the attribute provider relies on the
   discovery service to be the PEP, SP can
   reuse or share the information about the          Hotel.com                     CarRent.com
                                                                 PDP
   attribute provider holding the user’s              (SP 1)                          (SP 2)
   attributes
     Both the discovery service and the attribute
       provider should act as a PEP



                                                                                                         17
Proposal for New Services in ID-FF and ID-WSF
User Privacy Preferences Service

  To enhance user privacy, we need to make the user aware of the
   excessive transactions occurring and to request his permission in
   many cases
    Consequently, the user may be overwhelmed by many access
       permission requests and so identity federation will no longer be a
       fast, easy-to-use mechanism

     User privacy preferences service as part of the ID-WSF specification:
       •   Enable the user to enter his default privacy preferences
       •   Some access permission requests can be directed first to the user
           privacy preferences service




                                                                               18
Proposal for New Services in ID-FF and ID-WSF
Privacy Seal Service

  It is always difficult to ensure that a user SP or attribute requester
   will adhere to its stated privacy policy and its declared purposes
   and other attribute usage directives
    If no technical mechanism exists, the user will need to rely on his
       trust for the service provider

     Liberty privacy seal service (by a trusted third party) that can certify and
       monitor identity and service providers’ privacy policies:
       •   At the time of federation introduction, this service will assure the user that
           an SP privacy policy accurately states what personal information the SP
           gathers and how it is handled
       •   This service can be consulted by an attribute provider PDP before
           revealing any information




                                                                                       19
Proposal for New Services in ID-FF and ID-WSF
Audit Trail Service

  User has many privacy concerns about the different providers
   exchanging his personal information without his permission
    The user needs to know if any privacy violation has been
       committed by any SP so he can take the appropriate action for
       future transactions (and to update his privacy preferences
       accordingly)

     An audit trail service as part of the Liberty architecture:
       •   The user (and probably his IdP) can access this service to review the
           transaction record (many transactions need to be recorded)
       •   The provider hosting this service may need to notify the user in case of
           potentially dangerous violations




                                                                                      20
Conclusion

        Enhancing consumer privacy in Liberty
                     standard



   Increase consumer trust in using Liberty-enabled
                  providers’ services


        Greater adoption of Liberty standards



                                                      21
Thank You




            22

								
To top