Abstract
The subscribers’ personal information and services that mobile operators are able to provide to Web developers offer new and exciting possibilities in numerous domains. However, bringing mobile information services to the Web to enable a new generation of mobile Web services presents several research challenges on identity and privacy management. In this paper, we describe a framework for identity management in mobile services that empowers users to govern the use and release of their personal information. Our framework is based on a brokering approach that intermediates between the mobile operator’s information services and the Web service providers. By leveraging on Web services, identity management infrastructure and privacy enhancing technologies, our framework provides an effective, privacy-considerate delivery of services over the mobile Web environment. This paper describes the design principles and architecture of the framework as well as the feasibility, applicability and user-experience evaluation we have carried out.
Similar content being viewed by others
References
3rd Generation Partnership Project (2004) 3GPP TR 23 941, Generic User Profile (GUP), version 6.0.0.. http://www.3gpp.org/ftp/specs/html-info/23941.htm. Accessed 25 May 2011.
3rd Generation Partnership Project (2004) 3GPP TR 33.919, Generic Authentication Architecture (GAA); System description. http://www.3gpp.org/ftp/Specs/html-info/33919.htm. Accessed 25 May 2011.
3rd Generation Partnership Project (2006) 3GPP TR 33.980, Liberty Alliance and 3GPP security interworking; Interworking of Liberty Alliance Identity Federation Framework (ID-FF), Identity Web Services Framework (ID-WSF) and Generic Authentication Architecture (GAA). http://www.3gpp.org/ftp/Specs/html-info/33980.htm. Accessed 25 May 2011.
3rd Generation Partnership Project (2004) 3GPP TS 33.220, Generic Authentication Architecture (GAA); Generic bootstrapping architecture. http://www.3gpp.org/ftp/Specs/html-info/33220.htm. Accessed 25 May 2011.
Aars R, et al. (Editors) (2003) Liberty architecture framework for supporting privacy preference expression languages (PPELs). Version 1.0, Liberty Alliance.
Ahn GJ, Ko M (2007) User-centric privacy management for federated identity management. International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp 187–195.
Working Party on Police and Justice (2009) Article 29 of the data protection working party, the future of privacy—joint contribution to the consultation of the European Commission on the legal framework for the fundamental right to protection of personal data, 02356/09/EN
Bessler S, Jons O (2005) A privacy enhanced service architecture for mobile users. PerCom Workshops, pp 125–129
Bhargav-Spantzely A, Camenisch J, Gross T, Sommer D (2007) User centricity: a taxonomy and open issues. ACM Workshop on Digital Identity Management, IOS Press, pp 493–527
Cadenas A, Sanchez-Esguevillas A, Carro B (2010) Building context-aware telco operator services based on web services technologies. In: Sheng Q, Yu J, Dustdar S (eds) Enabling context-aware web services: methods, architectures, and technologies. Chapman and Hall/CRC, Boca Ratón, pp 139–169
Camarillo G, García-Martín MA (2006) The 3G IP multimedia subsystem (IMS): Merging the internet and the cellular worlds, 2nd edn. Wiley, Chichester
Cantor S, et al. (2005). Assertions and protocols for the OASIS Security Assertion Markup Language (SAML). Standard v2.0, OASIS Standard. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf. Accessed 25 May 2011
del Álamo JM, Monjas MA, Yelmo JC, San Miguel B, Trapero R, Fernández AM (2010) Self-service privacy: user-centric privacy for network-centric identity. International Conference on Trust Management (IFIPTM), pp 17–31
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
El Maliki T, Seigneur J-M (2007) User-centric mobile identity management services. SECURWARE International Conference, IARIA.
ETSI Standard ES 202 391-1, Open Service Access (OSA) (2006) Parlay X web services; Part 1: Common (Parlay X 2), version 1.2.1
Goix LW, Lamorte L, Falcarin P, Baladrón C, Yu J, Ordás I, Martínez A, Trapero R, JM Del Álamo, Stecca M (2010) Leveraging context-awareness for personalization in a user generated services platform. In: Sheng Q, Yu J, Dustdar S (eds) Enabling context-aware web services: methods, architectures, and technologies. Chapman and Hall/CRC, Boca Ratón
GSMA’s OneAPI project portal. http://www.gsmworld.com/oneapi.Accessed November 2010.
Higgins Web Site: http://www.eclipse.org/higgins/. Accessed November 2010.
InfoCard Web Site: http://informationcard.net/. Accessed November 2010.
Jorstad I, Van Thuan D, Jonvik T, Van Thanh D (2007) Bridging cardspace and liberty alliance with SIM authentication. ICIN
Jorstad, I., Van Thuan, D., Jonvik, T., Van Thanh, D. (2008). Utilising Emerging Identity Management Frameworks in IMS. ICIN.
Kantara Project Web Site: http://kantarainitiative.org/. Accessed November 2010
Liberty Alliance Web Site: http://projectliberty.org. Accessed November 2010
Liberty IGF Privacy Constraints Specification. http://projectliberty.org/liberty/content/download/4323/28921/file/draft-liberty-igf-privacy-constraints-v1.0-04.pdf. Accessed March 2011
Light-Weight Identity Web Site: http://lid.netmesh.org. Accessed November 2010
Madsen P, Cassasa M, Wilton R (2006) A privacy policy framework. W3C Workshop of Privacy Policy Negotiation.
Microsoft Cardspace Web Site: http://windows.microsoft.com/en-us/windows-vista/Windows-CardSpace. Accessed November 2010
Moses T (Ed.) (2005) Extensible Access Control Markup Language (XACML), Version 2.0. OASIS Standard, OASIS eXtensible Access Control Markup Language (XACML) TC
Nie P, et al. (2009) Flexible single sign-on for SIP: bridging the identity chasm. 2009 IEEE International Conference on Communications
Nilsson M, et al. (2001) Privacy enhancements in the mobile internet. IFIP WG 9.6/11.7 Working Conf. on Security and Control of IT in Society.
Open Mobile Alliance Website. http://www.openmobilealliance.org/. Accessed November 2010
OpenID Web Site. http://openid.net/. Accessed November 2010.
Organisation for Economic Cooperation and Development—Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 23 September 1980.
Privacy 2.0: Give a little, take a little, The Economist. http://www.economist.com/node/15350984?story_id=15350984. Accessed 28 January 2010
Sheng QZ, Yu J, JM Del Álamo, Falcarin P (2009) Personalized service creation and provision for the mobile web. In: King I, Baeza-Yates R (eds) Weaving services, location, and people on the WWW. Springer, Berlin, pp 99–121
Titkov L, Poslad S, Jim Tan J (2006) An integrated approach to user-centered privacy for mobile information services. Appl Artif Intell. doi:10.1080/08839510500484181
The Friend Of a Friend (FOAF) Project Web Site. http://www.foaf-project.org/. Accessed November 2010
W3C: Composite Capability/Preference Profiles (CC/PP): Structure and Vocabularies 1.0: World Wide Web consortium site, http://www.w3.org/TR/CCPP-struct-vocab. Accessed 25 May 2011
Windley P (2005) Digital identity. O’Really Media, Sebastopol
Wireless Application Forum (2008) Wireless application protocol user agent profile specification. http://www.openmobilealliance.org/tech/affiliates/wap/wap-248-uaprof-20011020-a.pdf. Accessed 25 May 2011.
Yavatkar R, Pendarakis D, Guerin R (2000) A framework for policy-based admission control, IETF RFC, p 2753
Yelmo JC, Trapero R, Del Álamo JM (2009) Identity management and web services as service ecosystem drivers in converged networks. IEEE Comm Mag 47(3):174–180
Yum P (2010) LTE Update. IEEE Comm Mag 48(2):78
Acknowledgment
This work has been partially supported by CDTI Ministry of Science and Innovation of Spain, as part of the SEGUR@ project (https://www.cenitsegura.es/), under the CENIT program, CENIT-2007/2011.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
del Álamo, J.M., Fernández, A.M., Trapero, R. et al. A Privacy-Considerate Framework for Identity Management in Mobile Services. Mobile Netw Appl 16, 446–459 (2011). https://doi.org/10.1007/s11036-011-0325-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11036-011-0325-3