Authenticated Dictionary-Based Attribute Sharing in Federated Identity Management

Authenticated dictionaries have been primarily studied and used in the context of certificate revocation in public key infrastructure (PKI). This paper presents a novel approach to enabling controlled access to and selective sharing of sensitive user attributes in federated identity management (FIM) by integrating an authenticated dictionary (ADT)-based credential into FIM, while attempting to achieve both better privacy control and usability. Our approach is motivated by the notion of user-centricity, which is essentially to give users a larger degree of control over their attributes. We discuss the design of a security system based on the usage of ADT-based credentials. Finally we discuss a proof-of-concept implementation.