Privacy-preserving user identity in Identity-as-a-Service

Abstract

In Federated Identity Management, providers from different security domains exchange messages containing authentication and authorisation credentials of users. As a result, a user can use his Personal Identifiable Information (PII) from one or more Identity Providers to gain access to other sites. Disseminating PII over intermediaries also requires protecting PII from being misused and unauthorised access. Identity-as-a- Service (IDaaS) provides a federated identity for users to access multiple Cloud services on demand but may preserve user privacy. In this paper, we present a novel approach for preserving privacy in IDaaS by combining Purpose Based Access Control and Attribute-based Encryption with multi-authorities support. Our approach is suitable for sharing sensitive user information in a large distributed and heterogeneous environment.