Information Sharing and User Privacy in the Third-Party Identity Management Landscape

Abstract : The cross-site information sharing and authorized actions of third-party identity management can have significant privacy implications for the users. In this paper, we use a combination of manual analysis of identified third-party identity management relationships and targeted case studies to (i) capture how the protocol usage and third-party selection is changing, (ii) profile what information is requested to be shared (and actions to be performed) between websites, and (iii) identify privacy issues and practical problems that occur when using multiple accounts (associated with these services). By characterizing and quantifying the third-party relationships based on their cross-site information sharing, the study highlights differences in the privacy leakage risks associated with different classes of websites, and provides concrete evidence for how the privacy risks are increasing. For example, many news and file/video-sharing sites ask users to authorize the site to post information to the third-party website. We also observe a general increase in the breadth of information that is shared across websites, and find that due to usage of multiple third-party websites, in many cases, the user can lose (at least) partial control over which identities they can merge/relate and the information that is shared/posted on their behalf.
Type de document :
Communication dans un congrès
Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.174-188, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_12〉
Liste complète des métadonnées

Littérature citée [18 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01345104
Contributeur : Hal Ifip <>
Soumis le : mercredi 13 juillet 2016 - 10:56:38
Dernière modification le : mercredi 13 juillet 2016 - 11:18:42

Fichier

337885_1_En_12_Chapter.pdf
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Anna Vapen, Niklas Carlsson, Anirban Mahanti, Nahid Shahmehri. Information Sharing and User Privacy in the Third-Party Identity Management Landscape. Hannes Federrath; Dieter Gollmann. 30th IFIP International Information Security Conference (SEC), May 2015, Hamburg, Germany. IFIP Advances in Information and Communication Technology, AICT-455, pp.174-188, 2015, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-319-18467-8_12〉. 〈hal-01345104〉

Partager

Métriques

Consultations de la notice

56

Téléchargements de fichiers

5