1 An XMPP messaging infrastructure for a mobile held security identity wallet of personal and private dynamic identity attributes Alexandre B. Augusto, Manuel E. Correia aaugusto@dcc.fc.up.pt , mcc@dcc.fc.up.pt Center for Research in Advanced Computing Systems (CRACS-INESC LA); Department of Computer Science, Faculty of Science, University of Porto; Portugal Abstract. We are currently witnessing the widespread usage of personal mobile smart devices with serious practical computational power and Internet connectivity. The most popular of these devices being the smart phone, which is in its way of becoming an ubiquitous powerful personal device. At the same time sites like Google and Facebook are deploying an ever increasing set of personal services that are being aggregated and structured over personal user accounts were an ever increasing set of personal private sensitive attributes is being demanded as an excuse for better services interoperability. These user attributes are extremely valuable [5] for these global Internet service companies, as they allow them to produce highly accurate user profiles that they can then monetise very efficiently for marketing purposes. The more accurate a user profile is, the more valuable it becomes, and there are certain kind of personal attributes these companies have just started to harvest that present a major threat to personal security and privacy. These attributes are highly dynamic and are intimately associated to their owners by the means of their personal devices. One example is the user GPS position [10] and other dynamic attributes like heart beat, body temperature, etc... that can be collected and maintained by the user personal mobile devices, sometimes without the user being aware of their disclosure into highly sensitive personal profiles. In this paper we propose and describe an identity management framework that allows users to asynchronously control and effectively share this type of sensitive dynamic data thus guaranteeing security and privacy in a simple and transparent way. Our approach is realised by a fully secure mobile iden- tity digital wallet, running on mobile devices (Android smart phones), where users can exercise discretionary control over the access to sensitive dynamic attributes, disclosing their value only to pre-authenticated and authorised users for determined periods of time. For that we rely on an adaptation of the OAuth protocol [7] to authorise and secure the disclosure of personal private user data and new XML Schemas [8] to establish secure authorisation and dis- closure of a set of supported dynamic data types that are being maintained by the personal mobile digital wallet. The communication infrastructure is fully implemented over the XMPP instant messaging protocol and is completely compatible with the public XMPP large messaging infrastructures. Keywords: Mobile Dynamic Personal Identity Attributes, OAuth, XMPP, Mobile Identity Wallet, sensitive personal dynamic data, Security XML Schemas.