With Federated Identity Management (FIM) protocols, service providers can request user attributes, such as the billing address, from the user's identity provider. Access to this information is managed using so-called Attribute Release Policies (ARPs). In this paper, we first analyze various shortcomings of existing ARP implementations; then, we demonstrate that the eXtensible Access Control Markup Language (XACML) is very suitable for the task. We present an architecture for the integration of XACML ARPs into SAML-based identity providers and specify the policy evaluation workflows. We also introduce our implementation and its integration into the Shibboleth architecture. © IFIP International Federation for Information Processing 2005.
CITATION STYLE
Hommel, W. (2005). Using XACML for privacy control in SAML-based identity federations. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3677 LNCS, pp. 160–169). https://doi.org/10.1007/11552055_16
Mendeley helps you to discover research relevant for your work.