Privacy Preserved Attribute Aggregation to Avoid Correlation of User Activities across Shibboleth SPs

Privacy is one of the most important issues in Identity Federation, a technology in which local IDs and credentials such as passwords managed at one site may be used to access many online services, including cloud services provided outside of users´ organization. Attribute aggregation is an advanced technique that may be employed in identity federation, collecting attributes about a user from multiple distinct identities to provide a complete picture about a user necessary for some services. However, conventional methods of attribute aggregation require a persistent shared unique ID. This may restrict the use of federated identity for some services because these unique ID´s could be used by bad actors to correlate user activity or user data. This paper proposes a new method of attribute aggregation that doesn´t require a universal unique ID. SAML, a widely used federated identity standard, is used as the basis for this work. This privacy-preserving attribute aggregation technique has been validated with a successful implementation for the open source federated identity software project Shibboleth.