{"title":"A Design Towards Personally Identifiable Information Control and Awareness in OpenID Connect Identity Providers","authors":"R. Weingärtner, C. Westphall","doi":"10.1109/CIT.2017.30","DOIUrl":null,"url":null,"abstract":"Cloud computing usage has increased in recent years as a consequence of its benefits such as agility on resource provisioning, elasticity, and reduced costs. However, once organizations migrate to cloud environments they lose control of the underlying structure of their applications such as physical networking, storage, and servers. Therefore, the cloud may pose privacy threats to sensitive data that are used to identify users; hence, data stored in identity providers that are deployed on cloud platforms may be accessed by curious/malicious system administrators. We present a design that addresses some privacy issues within the personally identifiable information that is stored in identity providers of federated identity management systems. Further, we provide an overview of the addition of the proposed design into the MITREid OpenID Connect implementation developed by MIT.","PeriodicalId":378423,"journal":{"name":"2017 IEEE International Conference on Computer and Information Technology (CIT)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Conference on Computer and Information Technology (CIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIT.2017.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
Cloud computing usage has increased in recent years as a consequence of its benefits such as agility on resource provisioning, elasticity, and reduced costs. However, once organizations migrate to cloud environments they lose control of the underlying structure of their applications such as physical networking, storage, and servers. Therefore, the cloud may pose privacy threats to sensitive data that are used to identify users; hence, data stored in identity providers that are deployed on cloud platforms may be accessed by curious/malicious system administrators. We present a design that addresses some privacy issues within the personally identifiable information that is stored in identity providers of federated identity management systems. Further, we provide an overview of the addition of the proposed design into the MITREid OpenID Connect implementation developed by MIT.