Presentation | 2021-03-02 Mutual Secrecy of Attributes and Authorization Policies in Identity Federation Satsuki Nishioka, Yasuo Okabe, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | In modern Web services, authentication federation that separates the Identity Provider (IdP), which centrally manages authentication information such as user passwords, from the service provider (SP) is commonly used. Authorization federation in which the IdP further manages user attributes, the IdP provides attribute values to the SP, and the SP decides whether to provide the service, is used as well. However, more information about attribute values is often passed to the SP than is necessary for the authorization decision. There also are cases in which it is necessary to keep the authorization policies secret from the IdP and the user. Information that should be concealed may be narrowed down through multiple authorization processes, even if attributes and authorization policies can be kept secret from each other in a single authorization process. If an authorization policy of the SP is logical expression of predicates, the expression needs to be disclosed to the IdP. In this work, we point out and formulate these problems and provide some protocols to solve them. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | identity federation / authorization policy / attribute / oblivious transfer / Binary Decision Diagram (BDD) |
Paper # | SITE2020-53,IA2020-49 |
Date of Issue | 2021-02-22 (SITE, IA) |
Conference Information | |
Committee | SITE / IA / IPSJ-IOT |
---|---|
Conference Date | 2021/3/1(2days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | Online |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | Masaru Ogawa(Kobe Gakuin Univ.) / Hiroyuki Osaki(Kwansei Gakuin Univ.) |
Vice Chair | Takushi Otani(Kibi International Univ.) / Takeo Tatsumi(Open Univ. of Japan) / Rei Atarashi(IIJ) / Toru Kondo(Hiroshima Univ.) / Hiroshi Yamamoto(Ritsumeikan Univ.) |
Secretary | Takushi Otani(KDDI Research) / Takeo Tatsumi(Yamaguchi Pref Univ.) / Rei Atarashi(Kwansei Gakuin Univ.) / Toru Kondo(KDDI Research) / Hiroshi Yamamoto(NEC) |
Assistant | Daisuke Suzuki(Hokuriku Univ.) / Hideyuki Fujii(NRI-Secure) / Kenji Ohira(Osaka Univ.) / Daiki Nobayashi(Kyushu Inst. of Tech.) / Ryohei Banno(Kogakuin Univ.) |
Paper Information | |
Registration To | Technical Committee on Social Implications of Technology and Information Ethics / Technical Committee on Internet Architecture / Special Interest Group on Internet and Operation Technology |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Mutual Secrecy of Attributes and Authorization Policies in Identity Federation |
Sub Title (in English) | |
Keyword(1) | identity federation |
Keyword(2) | authorization policy |
Keyword(3) | attribute |
Keyword(4) | oblivious transfer |
Keyword(5) | Binary Decision Diagram (BDD) |
1st Author's Name | Satsuki Nishioka |
1st Author's Affiliation | Kyoto University(Kyoto Univ.) |
2nd Author's Name | Yasuo Okabe |
2nd Author's Affiliation | Kyoto University(Kyoto Univ.) |
Date | 2021-03-02 |
Paper # | SITE2020-53,IA2020-49 |
Volume (vol) | vol.120 |
Number (no) | SITE-380,IA-381 |
Page | pp.pp.93-100(SITE), pp.93-100(IA), |
#Pages | 8 |
Date of Issue | 2021-02-22 (SITE, IA) |