Gehören Sie zu den Ersten, denen das gefällt!
Identity federations operating in a business or consumer context need to prevent the collection of user data across trust service providers for legal and business case reasons. Other reasons include business owners becoming increasingly aware of confidentiality risks that go beyond traditional information security, e.g., the numbers of authentications to an EDI service might provide insights into the volume of invoices, from which one could derive insider information. This presenation proposes extended technical controls supporting more strict privacy requirements, predominantly limited linkability and limited observability.
Using a hub-and-spoke federation style following the privacy-by-design principle, this reference architecture addresses the privacy controls mentioned above. Opposed to PET (privacy enhanced technologies) this model does not require advanced cryptography and fits into existing technology stacks such as WS-Trust and SAML WebSSO.