Minimal credential disclosure in trust negotiations

Federica Paci, David Bauer, Elisa Bertino, Douglas M. Blough, Anna Squicciarini
2008 Proceedings of the 4th ACM workshop on Digital identity management - DIM '08  
The secure release of identity attributes is a key enabler for electronic business interactions. In particular, integrity and confidentiality of identity attributes are two key requirements in such context. Users should also have the maximum control possible over the release of their identity attributes and should state under which conditions these attributes can be disclosed. Moreover, users should disclose only the identity attributes that are actually required for the transactions at hand.
more » ... sactions at hand. In this paper we present an approach for the controlled release of identity attributes that addresses such requirements. The approach is based on the integration of trust negotiation and minimal credential disclosure techniques. Trust negotiations support selective and incremental disclosure of identity attributes, while minimal credential disclosure guarantees that only the attributes necessary to complete the on line interactions are disclosed.
doi:10.1145/1456424.1456439 dblp:conf/dim/PaciBBBS08 fatcat:5qmvxaagyneo5huhskmorvwo3y