Controlled Sharing of Identity Attributes for Better Privacy Rodrigo Lopes and Dongwan Shin Department of Computer Science New Mexico Tech Socorro, NM, USA {rodrigo, doshin}@nmt.edu Abstract— In recent years user centricity has drawn a lot of attention as a promising component to advance federated identity management (FIM) systems. The basic notion is to give users a larger degree of control over their attribute data that comprises digital identities on a federated network, thus providing an ideal mechanism for upholding user privacy. One of the fundamental problems facing user centricity in this context is how a user can selectively share her identity attributes certified by an identity provider (IdP) to a service provider (SP). In this paper we present an approach to addressing the problem, which allows a user to share only selected attributes from a larger set of attributes that form his digital identity credential for better privacy. Our approach enables such sharing to occur without IdP’s intervention in every transaction. Keywords - digital identity, federated systems, privacy, credentials I. INTRODUCTION With increasing complexity of managing user profiles in enterprise environments, many efforts have been made so far to enable more convenient and more efficient user account management. They have generally attempted to address issues like profile provisioning and linking as part of digital identity management solutions. Central to the efforts however was the concept called identity federation, which concerns the virtual joining and use of a user’s online profiles stored across multiple organizations, thereby facilitating decentralized user profile management for organizations and better online experience for users. As a result, a relatively new notion called the network identity of a user has been defined as a global set of user attribute information residing in multiple organizations. In addition, federated identity management (FIM) solutions have been proposed to enable the sharing of identity attributes in a secure and convenient manner. User centricity has drawn a lot of attention recently as a promising component to advance FIM systems. The basic notion is to give users, not organizations, a larger degree of control over user attribute data that comprises network identities, thus providing an ideal mechanism for upholding user privacy. Therefore, user centricity is often considered to be opposite to business centricity, where businesses or organizations have most of control over user attribute data collected from users. As business centricity has been widely practiced, there has been always a lingering privacy issue related to the proper collection and uses of user attribute data, though organizations purport to collect and use them only on behalf of users. Hence user centricity and business centricity do have a tight tension between convenience and privacy. There have been several approaches proposed to address user privacy in digital identity management; more specifically speaking, the use and sharing of user attribute data. However, most of them are focused on the business-centric perspectives, lacking the focus on user-centric perspective. One of the fundamental problems facing user centricity in the context of privacy is how a user can selectively share her identity attributes certified by an identity provider (IdP) to a service provider (SP). In this paper we study this issue and propose an approach to addressing the issue. Specifically our approach allows a user to obtain credentials from an IdP and be able to show that credential as many times as desired without the need to contact the issuer again. More importantly, our approach allows the credential to be composed of many attributes and the user to show and prove any subset of attributes contained in the credential. Two novel methods for the purpose are introduced; one is based on an authenticated dictionary over a skip list, and the other is on Hamiltonian path. The remainder of this paper is organized as follows. In Section 2 we discuss background material related to privacy and user-centric identity management. Section 3 describes our solution, including two protocols. Section 4 discusses our future works. Section 5 concludes the paper. II. BACKGROUND AND RELATED WORKS In this section we discuss the issue of privacy in varying context and we also present a detailed discussion on user centric identity management as related works. A. Privacy What is privacy and why should an organization be worried about protecting it? The foundation of privacy is the creation and maintenance of trust. Most organizations need to collect and process personal data in order to do business. For example, all organizations have employees and need to collect and process their data in order to hire, pay and manage those employees. Many organizations have customers whose personal information they need to collect in order to bill, ship product and advertise to those customers. In order for employees, customers and business partners to feel comfortable