Meeting the Privacy Goals of NSTIC in the Short Term
22
05/03/2011 Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen P. Lewison Pomcor
-
Upload
elizabeth-mcguire -
Category
Documents
-
view
27 -
download
2
description
Meeting the Privacy Goals of NSTIC in the Short Term. Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen P. Lewison Pomcor. Contents. - PowerPoint PPT Presentation
Transcript of Meeting the Privacy Goals of NSTIC in the Short Term
05/03/2011 Pomcor1
Meeting the Privacy Goals of NSTIC in the Short Term
Presentation at the
2011 Internet Identity Workshop
Francisco Corella and Karen P. Lewison
Pomcor
05/03/2011 Pomcor2
Contents
The following slides illustrate protocol steps described in the white paper “Achieving the Privacy Goals of NSTIC in the Short Term” available at
http://pomcor.com/whitepapers/NSTICWhitePaper.pdf
There are three protocol variations: Attribute verification Delegated authorization Social login
05/03/2011 Pomcor3
Attribute Verification
Attribute
Provider
Browser
Relying
Party
Attribute request
+Callback
URL
Step 1
Attribute
Provider
Browser
Relying
Party
Attribute request
+one-time
PublicKey
Retains callback URL.
Produces one-time key pair,
retains one-time private key.
User’s long term
TLS certificate
Step 2
Attribute
Provider
Browser
Relying
Party
One-time cert binding attribute to one-time
public key
Step 3
Attribute
Provider
Browser
Relying
Party
Asks user’s permission to pass attribute
to relying party
Step 4
Attribute
Provider
Browser
Relying
Party
Uses one-time private key in TLS handshake
Step 5
One-time cert used as TLS client cert
Targets callback
URL
Browser
Success
05/03/2011 Pomcor9
Delegated Authorization
Site holding user’s
account
Browser
Web application
Access request+
One-time public key+
Callback URL
Step 1
Browser
Access request
+one-time
PublicKey
Retains callback
URL
User’s long term
TLS certificate
Step 2
Site holding user’s
account
Web application
Browser
One-time cert binding access grant to one-time public key
Step 3
Site holding user’s
account
Web application
Browser
Asks user’s permission to
grant access to application
Step 4
Site holding user’s
account
Web application
Browser
Step 5
Browser
One-time cert with access grant Targets
callback URL
Site holding user’s
account
Web application
Browser
Step 6
Browser
One-time cert with access grant used as TLS client cert
Site holding user’s
account
Web application
05/03/2011 Pomcor16
Social Login
Combines attribute verification
And delegated authorization
Attribute
Provider
Browser
Attribute request, access request,app’s one-time
public key,callback URL
Step 1
Web application
Attribute
Provider
Browser
User’s long term
TLS certificate
Step 2
Retains callback URL.
Produces browser’s one-time key pair,
retainingprivate key.
Attribute request, browser’s one-time
public key,access request,app’s one-time
public key
Web application
Attribute
Provider
Browser
One-time cert bindingattribute to browser’s one-time public key +one-time cert bindingaccess grant to app’s one-time public key
Step 3
Web application
Attribute
Provider
Browser
Asks user’s permission to
pass attribute and grant access to
application
Step 4
Web application
Attribute
Provider
Browser
Step 5
Browser
One-time cert with access grant
Uses one-time private key in TLS handshake
One-time cert with attribute used as TLS client cert
Targets callback
URL
Web application
Attribute
Provider
Browser
Step 6
Browser
One-time cert with access grant used as TLS client cert
Web application
![27 Mining Privacy Goals from Privacy Policies using ...jbhatia/papers/jbhatia_TOSEM2016.pdf · other RE tasks [Kof 2004]. These include automatically extracting requirements and goals](https://static.fdocuments.in/doc/165x107/5ec075ecebd7ed491c262824/27-mining-privacy-goals-from-privacy-policies-using-jbhatiapapersjbhatia.jpg)