Hommel, W. (2005):

Using XACML for Privacy Control in SAML-based Identity Federations

With Federated Identity Management (FIM) protocols, service providers can request user attributes, such as the billing address, from the user\x{2019}s identity provider. Access to this information is managed using so-called Attribute Release Policies (ARPs). In this paper, we first analyze various shortcomings of existing ARP implementations; then, we demonstrate that the eXtensible Access Control Markup Language (XACML) is very suitable for the task. We present an architecture for the integration of XACML ARPs into SAML-based identity providers and specify the policy evaluation workflows. We also introduce our implementation and its integration into the Shibboleth architecture.

Last Change: Fri, 22 Feb 2019 04:04:27 +0100 - Viewed on: Fri, 12 Aug 2022 15:10:04 +0200
Copyright © MNM-Team http://www.mnm-team.org - Impressum / Legal Info  - Datenschutz / Privacy