Skip to main content
SpringerLink
Log in

A Privacy-Considerate Framework for Identity Management in Mobile Services

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

The subscribers’ personal information and services that mobile operators are able to provide to Web developers offer new and exciting possibilities in numerous domains. However, bringing mobile information services to the Web to enable a new generation of mobile Web services presents several research challenges on identity and privacy management. In this paper, we describe a framework for identity management in mobile services that empowers users to govern the use and release of their personal information. Our framework is based on a brokering approach that intermediates between the mobile operator’s information services and the Web service providers. By leveraging on Web services, identity management infrastructure and privacy enhancing technologies, our framework provides an effective, privacy-considerate delivery of services over the mobile Web environment. This paper describes the design principles and architecture of the framework as well as the feasibility, applicability and user-experience evaluation we have carried out.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. http://www.openimscore.org

  2. https://opensso.dev.java.net/

  3. http://bandit-project.org

  4. http://code.google.com/p/openid-server/

  5. http://code.google.com/android/

  6. http://sunxacml.sourceforge.net/

References

  1. 3rd Generation Partnership Project (2004) 3GPP TR 23 941, Generic User Profile (GUP), version 6.0.0.. http://www.3gpp.org/ftp/specs/html-info/23941.htm. Accessed 25 May 2011.

  2. 3rd Generation Partnership Project (2004) 3GPP TR 33.919, Generic Authentication Architecture (GAA); System description. http://www.3gpp.org/ftp/Specs/html-info/33919.htm. Accessed 25 May 2011.

  3. 3rd Generation Partnership Project (2006) 3GPP TR 33.980, Liberty Alliance and 3GPP security interworking; Interworking of Liberty Alliance Identity Federation Framework (ID-FF), Identity Web Services Framework (ID-WSF) and Generic Authentication Architecture (GAA). http://www.3gpp.org/ftp/Specs/html-info/33980.htm. Accessed 25 May 2011.

  4. 3rd Generation Partnership Project (2004) 3GPP TS 33.220, Generic Authentication Architecture (GAA); Generic bootstrapping architecture. http://www.3gpp.org/ftp/Specs/html-info/33220.htm. Accessed 25 May 2011.

  5. Aars R, et al. (Editors) (2003) Liberty architecture framework for supporting privacy preference expression languages (PPELs). Version 1.0, Liberty Alliance.

  6. Ahn GJ, Ko M (2007) User-centric privacy management for federated identity management. International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp 187–195.

  7. Working Party on Police and Justice (2009) Article 29 of the data protection working party, the future of privacy—joint contribution to the consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, 02356/09/EN

  8. Bessler S, Jons O (2005) A privacy enhanced service architecture for mobile users. PerCom Workshops, pp 125–129

  9. Bhargav-Spantzely A, Camenisch J, Gross T, Sommer D (2007) User centricity: a taxonomy and open issues. ACM Workshop on Digital Identity Management, IOS Press, pp 493–527

  10. Cadenas A, Sanchez-Esguevillas A, Carro B (2010) Building context-aware telco operator services based on web services technologies. In: Sheng Q, Yu J, Dustdar S (eds) Enabling context-aware web services: methods, architectures, and technologies. Chapman and Hall/CRC, Boca Ratón, pp 139–169

    Chapter  Google Scholar 

  11. Camarillo G, García-Martín MA (2006) The 3G IP multimedia subsystem (IMS): Merging the internet and the cellular worlds, 2nd edn. Wiley, Chichester

    Google Scholar 

  12. Cantor S, et al. (2005). Assertions and protocols for the OASIS Security Assertion Markup Language (SAML). Standard v2.0, OASIS Standard. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf. Accessed 25 May 2011

  13. del Álamo JM, Monjas MA, Yelmo JC, San Miguel B, Trapero R, Fernández AM (2010) Self-service privacy: user-centric privacy for network-centric identity. International Conference on Trust Management (IFIPTM), pp 17–31

  14. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

  15. El Maliki T, Seigneur J-M (2007) User-centric mobile identity management services. SECURWARE International Conference, IARIA.

  16. ETSI Standard ES 202 391-1, Open Service Access (OSA) (2006) Parlay X web services; Part 1: Common (Parlay X 2), version 1.2.1

  17. Goix LW, Lamorte L, Falcarin P, Baladrón C, Yu J, Ordás I, Martínez A, Trapero R, JM Del Álamo, Stecca M (2010) Leveraging context-awareness for personalization in a user generated services platform. In: Sheng Q, Yu J, Dustdar S (eds) Enabling context-aware web services: methods, architectures, and technologies. Chapman and Hall/CRC, Boca Ratón

    Google Scholar 

  18. GSMA’s OneAPI project portal. http://www.gsmworld.com/oneapi.Accessed November 2010.

  19. Higgins Web Site: http://www.eclipse.org/higgins/. Accessed November 2010.

  20. InfoCard Web Site: http://informationcard.net/. Accessed November 2010.

  21. Jorstad I, Van Thuan D, Jonvik T, Van Thanh D (2007) Bridging cardspace and liberty alliance with SIM authentication. ICIN

  22. Jorstad, I., Van Thuan, D., Jonvik, T., Van Thanh, D. (2008). Utilising Emerging Identity Management Frameworks in IMS. ICIN.

  23. Kantara Project Web Site: http://kantarainitiative.org/. Accessed November 2010

  24. Liberty Alliance Web Site: http://projectliberty.org. Accessed November 2010

  25. Liberty IGF Privacy Constraints Specification. http://projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf. Accessed March 2011

  26. Light-Weight Identity Web Site: http://lid.netmesh.org. Accessed November 2010

  27. Madsen P, Cassasa M, Wilton R (2006) A privacy policy framework. W3C Workshop of Privacy Policy Negotiation.

  28. Microsoft Cardspace Web Site: http://windows.microsoft.com/en-us/windows-vista/Windows-CardSpace. Accessed November 2010

  29. Moses T (Ed.) (2005) Extensible Access Control Markup Language (XACML), Version 2.0. OASIS Standard, OASIS eXtensible Access Control Markup Language (XACML) TC

  30. Nie P, et al. (2009) Flexible single sign-on for SIP: bridging the identity chasm. 2009 IEEE International Conference on Communications

  31. Nilsson M, et al. (2001) Privacy enhancements in the mobile internet. IFIP WG 9.6/11.7 Working Conf. on Security and Control of IT in Society.

  32. Open Mobile Alliance Website. http://www.openmobilealliance.org/. Accessed November 2010

  33. OpenID Web Site. http://openid.net/. Accessed November 2010.

  34. Organisation for Economic Cooperation and Development—Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 23 September 1980.

  35. Privacy 2.0: Give a little, take a little, The Economist. http://www.economist.com/node/15350984?story_id=15350984. Accessed 28 January 2010

  36. Sheng QZ, Yu J, JM Del Álamo, Falcarin P (2009) Personalized service creation and provision for the mobile web. In: King I, Baeza-Yates R (eds) Weaving services, location, and people on the WWW. Springer, Berlin, pp 99–121

    Chapter  Google Scholar 

  37. Titkov L, Poslad S, Jim Tan J (2006) An integrated approach to user-centered privacy for mobile information services. Appl Artif Intell. doi:10.1080/08839510500484181

  38. The Friend Of a Friend (FOAF) Project Web Site. http://www.foaf-project.org/. Accessed November 2010

  39. W3C: Composite Capability/Preference Profiles (CC/PP): Structure and Vocabularies 1.0: World Wide Web consortium site, http://www.w3.org/TR/CCPP-struct-vocab. Accessed 25 May 2011

  40. Windley P (2005) Digital identity. O’Really Media, Sebastopol

    Google Scholar 

  41. Wireless Application Forum (2008) Wireless application protocol user agent profile specification. http://www.openmobilealliance.org/tech/affiliates/wap/wap-248-uaprof-20011020-a.pdf. Accessed 25 May 2011.

  42. Yavatkar R, Pendarakis D, Guerin R (2000) A framework for policy-based admission control, IETF RFC, p 2753

  43. Yelmo JC, Trapero R, Del Álamo JM (2009) Identity management and web services as service ecosystem drivers in converged networks. IEEE Comm Mag 47(3):174–180

    Article  Google Scholar 

  44. Yum P (2010) LTE Update. IEEE Comm Mag 48(2):78

    Article  Google Scholar 

Download references

Acknowledgment

This work has been partially supported by CDTI Ministry of Science and Innovation of Spain, as part of the SEGUR@ project (https://www.cenitsegura.es/), under the CENIT program, CENIT-2007/2011.

Author information

Authors and Affiliations

  1. Universidad Politécnica de Madrid, Av. Complutense 30, Ciudad Universitaria, 28040, Madrid, Spain

    José M. del Álamo, Antonio M. Fernández, Rubén Trapero & Juan C. Yelmo

  2. Ericsson Technology and Innovation Unit, Madrid R&D Center, Via de los Poblados, 13, 28033, Madrid, Spain

    Miguel A. Monjas

Authors
  1. José M. del Álamo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio M. Fernández
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rubén Trapero
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Juan C. Yelmo
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Miguel A. Monjas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to José M. del Álamo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

del Álamo, J.M., Fernández, A.M., Trapero, R. et al. A Privacy-Considerate Framework for Identity Management in Mobile Services. Mobile Netw Appl 16, 446–459 (2011). https://doi.org/10.1007/s11036-011-0325-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11036-011-0325-3

Keywords

Search

Navigation