Authentication and authorisation are essential ingredients for effective protection of data in distributed information systems. Currently, they are being treated as separate components with specified input and output relations. Traditional authorisation components require all of the users’ information that is possibly relevant to an authorisation decision and consequently the authentication components need to fully identify the users and collect all available information about them. This destroys all the potential privacy and security benefits of data-minimising authentication technologies such as private credential systems. In this paper, we discuss different ways to address this problem. More precisely, we sketch two possibilities of integrating data-minimising authentication into a traditional authorisation system such that the overall system becomes data-minimising.
|Name||Lecture Notes in Computer Science|
|Conference||conference; 7th International Conference on Trust and Trustworthy Computing; 2014-06-30; 2014-07-02|
|Period||30/06/14 → 2/07/14|
|Other||7th International Conference on Trust and Trustworthy Computing|