Addressing privacy issues in CardSpace

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Waleed A. Alrodhan Articles by Chris J. Mitchell

2007 The Third International Symposium on Information Assurance and Security

Manchester, United Kingdom

August 29-August 31

ISBN: 0-7695-2876-7

	ASCII Text	x
	Waleed A. Alrodhan, Chris J. Mitchell, "Addressing privacy issues in CardSpace," Information Assurance and Security, International Symposium on, pp. 285-291, 2007 The Third International Symposium on Information Assurance and Security, 2007.

	BibTex	x
	@article{ 10.1109/IAS.2007.12, author = {Waleed A. Alrodhan and Chris J. Mitchell}, title = {Addressing privacy issues in CardSpace}, journal ={Information Assurance and Security, International Symposium on}, volume = {0}, year = {2007}, isbn = {0-7695-2876-7}, pages = {285-291}, doi = {http://doi.ieeecomputersociety.org/10.1109/IAS.2007.12}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Information Assurance and Security, International Symposium on TI - Addressing privacy issues in CardSpace SN - 0-7695-2876-7 SP285 EP291 A1 - Waleed A. Alrodhan, A1 - Chris J. Mitchell, PY - 2007 KW - null VL - 0 JA - Information Assurance and Security, International Symposium on ER -

Waleed A. Alrodhan, University of London, UK

Chris J. Mitchell, University of London, UK

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/IAS.2007.12

CardSpace (formerly known as InfoCard) is a Digital Identity Management system that has recently been adopted by Microsoft. In this paper we identify two security flaws in CardSpace that may lead to a serious privacy violation. The first flaw is the reliance on Internet user judgements of the trustworthiness of service providers, and the second is the reliance of the system on a single layer of authentication. We also propose a solution designed to address both flaws. Our solution is compatible with the currently deployed CardSpace identity metasystem, and should enhance the privacy of the system with minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposed solution.

Citation:

Waleed A. Alrodhan, Chris J. Mitchell, "Addressing privacy issues in CardSpace," ias, pp.285-291, 2007 The Third International Symposium on Information Assurance and Security, 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.