User-centric Privacy Management for Federated Identity Management Gail-Joon Ahn and Moonam Ko College of Computing and Informatics The University of North Carolina at Charlotte {gahn,mnko}@uncc.edu Abstract���We have witnessed that the Internet is now a prime vehicle for business, community, and personal interactions. The notion of identity is the important component of this vehicle. Identity management has been recently considered to be a viable solution for simplifying user management across enterprise applications. The network identity of each user is the global set of personal credentials and preferences constituting the various accounts. The prevalence of business alliances or coalitions necessitates the further evolution of identity management, named federated identity management (FIM). The main motivation of FIM is to facilitate the federation of identities among business partners emphasizing on ease of user management. In this paper, we propose systematic mechanisms to specify privacy preferences in FIM, attempting to help users facilitate preferences for managing their private information across domains. I. INTRODUCTION As enterprises have changed their business operation paradigm from brick-and-mortar to click-and-mortar, they have embraced a variety of enterprise applications for streamlin- ing business operations such as emailing systems, customer relationship management systems, enterprise resource plan- ning systems, supply chain management systems, and so on. However, a non-trivial problem has been compounded by this reinforcing line of enterprise applications, the problem of managing user profiles. The addition of such applications has proved to be subject to bringing in a new database for storing user profiles and it was quite costly and complex to manage all those profiles, which were often redundant. Considering business-to-business environments, where a set of users consists of not only their employees or customers but also those of their partners, the above-mentioned problem became even worse. As a set of underlying technologies and processes overarching the creation, maintenance, and termi- nation of user identities, identity management (IM) has been recently considered to be a viable solution for resolving such issues. Furthermore, the prevalence of business alliances or coali- tions necessitates the further evolution of IM, so called fed- erated identity management (FIM). The main motivation of FIM is to enhance user convenience and privacy as well as to decentralize user management tasks through the federation of identities among business partners. As a consequence, a cost-effective and interoperable technology is strongly required in the process of federation. Web Services (WS) can be a good candidate for such requirement as it has served to provide the standard way for enabling the communication and composition of various enterprise applications over distributed and heterogeneous networks [1], [2]. Since identity federation is likely to go along with the exchange of sensitive user information in a highly insecure online environment, security and privacy issues associated with such exchanges are key concerns in FIM. The concept of federated identities provides the consumers with a convenient way to create identities and move among various business nexus. Apart from all the simplicity and convenience that it provides the businesses with, the management of these feder- ated identities becomes a crucial task since it needs to take into consideration various threats against the vulnerable and confidential user data. Any identity management framework must adequately protect sensitive user information and must adhere to important elements of privacy policy. In this paper, we propose systematic mechanisms to specify privacy prefer- ences in FIM, attempting to help users facilitate preferences for managing their private information across domains. The rest of this paper is organized as follows. Section II overviews three approaches involved in IM and discusses the prior research works in IM followed by an overview of FIM models. Section III articulates business scenarios for FIM and relevant privacy requirements. In addition, we discuss our approach to support multi-level privacy policy framework using privacy labels and proposes languages for privacy policy and privacy preference expression along with the related works. Section IV concludes this paper. II. IDENTITY MANAGEMENT In this section, we first start with the discussion of IM approaches. We categorize IM approaches into the following three styles: isolated IM, centralized IM, and distributed IM. Thereafter, we discuss the related research works followed by FIM. The isolated IM model is the most conservative approach of the three models. Each business forms its own identity management domain (IMD) and has its own way of main- taining the identities of users including employees, customers, and partners. Hence, this model is simple to implement and has a tight control over user profiles. However, it is hard to achieve user convenience with this model since different IMDs are likely to have different authentication processes or