An Introduction to Privacy-Enhancing Identity Management

Camenisch, Jan; Leenes, Ronald; Hansen, Marit; Schallaböck, Jan

doi:10.1007/978-3-642-19050-6_1

Cited by 3 publications

(2 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The research done in projects such as PRIME (Camenisch et al , 2011) and PrimeLife (Fischer-Hübner et al , 2011) has shown that the end-user is having a lack of trust especially in the case of PETs (Privacy Enhancing Technologies). Users often have difficulty believing PETs’ privacy protection claims mainly because these are counterintuitive.…”

Section: Evaluating the Need For Privacy Labelsmentioning

confidence: 99%

A multidisciplinary definition of privacy labels

Johansen¹,

Pedersen²,

Fischer‐Hübner³

et al. 2022

ICS

View full text Add to dashboard Cite

Purpose This paper aims to present arguments about how a complex concept of privacy labeling can be a solution to the current state of privacy. Design/methodology/approach The authors give a precise definition of Privacy Labeling (PL), painting a panoptic portrait from seven different perspectives: Business, Legal, Regulatory, Usability and Human Factors, Educative, Technological and Multidisciplinary. They describe a common vision, proposing several important “traits of character” of PL as well as identifying “undeveloped potentialities”, i.e. open problems on which the community can focus. Findings This position paper identifies the stakeholders of the PL and their needs with regard to privacy, describing how PL should be and look like to address these needs. Main aspects considered are the PL’s educational power to change people’s knowledge of privacy, tools useful for constructing PL and the possible visual appearances of PL. They also identify how the present landscape of privacy certifications could be improved by PL. Originality/value The authors adopt a multidisciplinary approach to defining PL as well as give guidelines in the form of goals, characteristics, open problems, starting points and a roadmap for creating the ideal PL.

show abstract

Section: Evaluating the Need For Privacy Labelsmentioning

confidence: 99%

A multidisciplinary definition of privacy labels

Johansen¹,

Pedersen²,

Fischer‐Hübner³

et al. 2022

ICS

View full text Add to dashboard Cite

show abstract

“…Prior work on privacy-enhancing identity management (PIM) has explored economic incentives for stakeholders [12] and technical possibilities of implementing privacy solutions (e.g., [15,59]); many of these studies relate to initiatives focused on improving privacy in online identity management within European frameworks.…”

Section: Misaligned Stakeholder Interestsmentioning

confidence: 99%

User Privacy in OAuth-Based Single Sign-On Systems

Morkonda Gnanasekaran

View full text Add to dashboard Cite

Web Single Sign-On (SSO) login is a popular alternative to password-based login in current authentication systems. SSO services enable users to use accounts registered with identity providers (IdPs) such as Google and Facebook to login on multiple relying party (RP) websites. Common web SSO deployments are based on the OAuth 2.0 authorization standard which enables RPs to both authenticate users and access a subset of a user's personal information from an IdP. This thesis pursues three goals related to user privacy in OAuth-based web SSO implementations. First, we build OAuthScope, a tool that extracts OAuth protocol data from RP sites. We use it to conduct an empirical investigation of privacy implications for users of OAuth implementations in RP websites most visited by users across five countries. We categorize user data made available by four IdPs (Google, Facebook, Apple, and LinkedIn) and evaluate the types of user data accessed by RPs through these IdPs. Our results reveal considerable variations in the categories and amounts of user data accessed by RPs, including differences across site versions in different countries. Second, to improve the transparency of user data accessed by RPs, we design and implement SSOPrivateEye (SPEye), a browser extension tool to inform users about the privacy consequences of choosing SSO login options. SPEye extracts information about permission requests made by RPs to enable users to compare SSO options before making a login choice.Finally, I would like to thank my family and friends for all their support and motivation throughout my studies. To my parents, Gnanasekaran and Indumathi, and my sister Srinimisha, thanks for encouraging me to pursue a PhD. To my wife Nivethini, thank you for always being there and keeping me motivated throughout this journey. This thesis would not have been possible without their love and support.

show abstract

Technical Tools and Designs for Data Protection

Tamò-Larrieux

2018

Law, Governance and Technology Series

View full text Add to dashboard Cite

An Introduction to Privacy-Enhancing Identity Management

Cited by 3 publications

References 0 publications

A multidisciplinary definition of privacy labels

A multidisciplinary definition of privacy labels

User Privacy in OAuth-Based Single Sign-On Systems

Technical Tools and Designs for Data Protection

Contact Info

Product

Resources

About