Towards Unconditional Anonymity: Privacy Enforcement Model in Web Services

Privacy in Web services is of great importance and a critical requirement for any business and non-business environments. The growth of Web services has been accompanied by sharing more and more user personal information with Web service providers between diverse and heterogeneous computing systems, which has raised concern about possible malicious or accidental unauthorized abuse of user information. The security assertion markup language (SAML) architecture is an XML standard for exchanging authentication and authorization data. However privacy preserving in SAML is inadequate for user privacy protection. In this paper, the SAML architecture is extended to address this shortcoming. A privacy enforcement model-based on ring signature is presented, which provides unconditional anonymity for Web service users. This model enables verification of individuals who belong to a specific group with access right without actually being identified by their IDs or names. Therefore the risk of information leak is reduced. Furthermore, even if the third party is corrupted or the ID correspondence relationship is leaked, the individual remains unrecognizable. Meanwhile most SAML authorization between individual and web services can be done without the presence of the third party, which largely decreases communication overhead and enhances the privacy. Finally, a web services conversation establishment protocol is constructed based on this model, which has been implemented in Java/Tomcat.