Abstract
Authentication and authorisation are essential ingredients for effective protection of data in distributed information systems. Currently, they are being treated as separate components with specified input and output relations. Traditional authorisation components require all of the users' information that is possibly relevant to an authorisation decision and consequently the authentication components need to fully identify the users and collect all available information about them. This destroys all the potential privacy and security benefits of data-minimising authentication technologies such as private credential systems. In this paper, we discuss different ways to address this problem. More precisely, we sketch two possibilities of integrating data-minimising authentication into a traditional authorisation system such that the overall system becomes data-minimising. © 2014 Springer International Publishing.
Author supplied keywords
Cite
CITATION STYLE
Ayed, D., Bichsel, P., Camenisch, J., & Den Hartog, J. (2014). Integration of data-minimising authentication into authorisation systems. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8564 LNCS, pp. 179–187). Springer Verlag. https://doi.org/10.1007/978-3-319-08593-7_12
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
