隐私保护身份联盟:文献研究

IF 28 1区 计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS
Anne Bumiller, Elisavet Kozyri, Håvard Dagenborg
{"title":"隐私保护身份联盟:文献研究","authors":"Anne Bumiller, Elisavet Kozyri, Håvard Dagenborg","doi":"10.1145/3745018","DOIUrl":null,"url":null,"abstract":"Within an <jats:italic toggle=\"yes\">Identity federation (IF)</jats:italic> system, users gain access to multiple <jats:italic toggle=\"yes\">Service Providers</jats:italic> (SPs) by submitting credentials issued by one or more <jats:italic toggle=\"yes\">Identity Providers</jats:italic> (IdPs). Such Identity Federations (IFs) raise several privacy concerns: IdPs might track user activity, by recording the accessed services, and SPs might mismanage sensitive user attributes that comprise the submitted credentials. An extensive line of research on <jats:italic toggle=\"yes\">Privacy Preserving</jats:italic> IF has been developed to expose and address these privacy concerns. This survey aims to systematize the privacy requirements and enhancement techniques that has been employed so far in this line of research. Specifically, we use Systematic Mapping Study (SMS) and Systematic Literature Review (SLR) methodologies to organize research work from the last ten years and understand (i) the requirements that privacy-preserving IF is expected to satisfy, (ii) the degree at which these requirements have been formalized, (iii) the techniques employed to enforce these requirements, (iv) the means for providing enforcement assurance, and (v) the degree at which these techniques preserve fundamental authentication objectives and are aligned with existing IF standards. Based on this characterization of the literature, we draw conclusions about the rigorousness of the proposed approaches, their deployability into practice, and lessons learned for future research and practice in the field.","PeriodicalId":50926,"journal":{"name":"ACM Computing Surveys","volume":"19 1","pages":""},"PeriodicalIF":28.0000,"publicationDate":"2025-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Privacy Preserving Identity Federation: A Literature Study\",\"authors\":\"Anne Bumiller, Elisavet Kozyri, Håvard Dagenborg\",\"doi\":\"10.1145/3745018\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Within an <jats:italic toggle=\\\"yes\\\">Identity federation (IF)</jats:italic> system, users gain access to multiple <jats:italic toggle=\\\"yes\\\">Service Providers</jats:italic> (SPs) by submitting credentials issued by one or more <jats:italic toggle=\\\"yes\\\">Identity Providers</jats:italic> (IdPs). Such Identity Federations (IFs) raise several privacy concerns: IdPs might track user activity, by recording the accessed services, and SPs might mismanage sensitive user attributes that comprise the submitted credentials. An extensive line of research on <jats:italic toggle=\\\"yes\\\">Privacy Preserving</jats:italic> IF has been developed to expose and address these privacy concerns. This survey aims to systematize the privacy requirements and enhancement techniques that has been employed so far in this line of research. Specifically, we use Systematic Mapping Study (SMS) and Systematic Literature Review (SLR) methodologies to organize research work from the last ten years and understand (i) the requirements that privacy-preserving IF is expected to satisfy, (ii) the degree at which these requirements have been formalized, (iii) the techniques employed to enforce these requirements, (iv) the means for providing enforcement assurance, and (v) the degree at which these techniques preserve fundamental authentication objectives and are aligned with existing IF standards. Based on this characterization of the literature, we draw conclusions about the rigorousness of the proposed approaches, their deployability into practice, and lessons learned for future research and practice in the field.\",\"PeriodicalId\":50926,\"journal\":{\"name\":\"ACM Computing Surveys\",\"volume\":\"19 1\",\"pages\":\"\"},\"PeriodicalIF\":28.0000,\"publicationDate\":\"2025-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Computing Surveys\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3745018\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3745018","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0

摘要

在身份联合(Identity federation, IF)系统中,用户通过提交由一个或多个身份提供者(Identity provider, idp)颁发的凭证来访问多个服务提供者(Service provider, sp)。这样的身份联合(if)引起了几个隐私问题:idp可能通过记录访问的服务来跟踪用户活动,sp可能对包含提交凭据的敏感用户属性管理不当。为了揭露和解决这些隐私问题,已经开展了广泛的隐私保护IF研究。这项调查的目的是系统化的隐私要求和增强技术,已经采用了迄今为止在这方面的研究。具体而言,我们使用系统映射研究(SMS)和系统文献综述(SLR)方法来组织过去十年的研究工作,并了解(i)隐私保护IF期望满足的要求,(ii)这些要求已形式化的程度,(iii)用于执行这些要求的技术,(iv)提供执行保证的手段,(v)这些技术保持基本认证目标并与现有IF标准保持一致的程度。基于这些文献的特征,我们得出结论,提出的方法的严谨性,它们在实践中的可部署性,以及为该领域未来的研究和实践吸取的经验教训。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Privacy Preserving Identity Federation: A Literature Study
Within an Identity federation (IF) system, users gain access to multiple Service Providers (SPs) by submitting credentials issued by one or more Identity Providers (IdPs). Such Identity Federations (IFs) raise several privacy concerns: IdPs might track user activity, by recording the accessed services, and SPs might mismanage sensitive user attributes that comprise the submitted credentials. An extensive line of research on Privacy Preserving IF has been developed to expose and address these privacy concerns. This survey aims to systematize the privacy requirements and enhancement techniques that has been employed so far in this line of research. Specifically, we use Systematic Mapping Study (SMS) and Systematic Literature Review (SLR) methodologies to organize research work from the last ten years and understand (i) the requirements that privacy-preserving IF is expected to satisfy, (ii) the degree at which these requirements have been formalized, (iii) the techniques employed to enforce these requirements, (iv) the means for providing enforcement assurance, and (v) the degree at which these techniques preserve fundamental authentication objectives and are aligned with existing IF standards. Based on this characterization of the literature, we draw conclusions about the rigorousness of the proposed approaches, their deployability into practice, and lessons learned for future research and practice in the field.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
ACM Computing Surveys
ACM Computing Surveys 工程技术-计算机:理论方法
CiteScore
33.20
自引率
0.60%
发文量
372
审稿时长
12 months
期刊介绍: ACM Computing Surveys is an academic journal that focuses on publishing surveys and tutorials on various areas of computing research and practice. The journal aims to provide comprehensive and easily understandable articles that guide readers through the literature and help them understand topics outside their specialties. In terms of impact, CSUR has a high reputation with a 2022 Impact Factor of 16.6. It is ranked 3rd out of 111 journals in the field of Computer Science Theory & Methods. ACM Computing Surveys is indexed and abstracted in various services, including AI2 Semantic Scholar, Baidu, Clarivate/ISI: JCR, CNKI, DeepDyve, DTU, EBSCO: EDS/HOST, and IET Inspec, among others.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信