Journal of Information Processing
Online ISSN : 1882-6652
ISSN-L : 1882-6652
Privacy Preserving Attribute Aggregation Method without Shared Identifier Binding
Takeshi NishimuraMotonori NakamuraKazutsuna YamajiHiroyuki SatoYasuo Okabe
Author information
JOURNALS FREE ACCESS

2014 Volume 22 Issue 3 Pages 472-479

Details
Abstract

Identity federation is rapidly spreading, especially in the academic world. In identity federation users' credentials are stored only at their own organization, while the identity system provides authentication results and attributes to various online services, including cloud services that are hosted outside the user's organization. Attribute aggregation is a generalization of basic identity federation that allows a user to collect attributes from multiple authoritative sources. Group membership information is one of use cases, which is necessary to collaborate e.g., in an inter-organizational group. Despite the importance of privacy in identity federation, conventional methods of attribute aggregation require some identifier for a user to be shared among unrelated services, which makes correlation of user activity possible across the services. This privacy issue makes large-scale deployment of collaboration environments built on identity federation difficult. This paper proposes a new attribute aggregation method which does not require any shared identifier for services. The method has been implemented and validated as an extension of an open source federated identity software, Shibboleth. We also provide consideration about practical use of this new attribute aggregation method and comparison with existing technologies.

Information related to the author
© 2014 by the Information Processing Society of Japan
Previous article Next article
feedback
Top