Role Based Authorization as a Tool for Privacy and Anonymity
Carnegie Mellon University; University of Colorado at Boulder - Department of Computer Science
September 1, 2003
The advent of the information age has brought a proliferation in the amount of information that is available and an increase in accessibility to such information. As we rely more heavily on networks as a means of communicating, we must increasingly consider how these networks store and distribute this information. Aside from the problems that arise in managing the security of large diverse systems, we must also consider the implications of distributing personally identifiable information across such systems. For example, both web browsing and voice over internet communications processes include considerable amounts of personally identifiable information about the user. For some, the distribution of (and access to) this personal information is of no consequence; however, for others, this is tantamount to an invasion of their privacy. Some of the issues associated with the distribution of this information arise out of the identity, authentication and authorization models that have been defined for these services. Many of the existing models rely heavily on identity information that readily links back to an individual (i.e., an individual’s name as their login). Further, many models do not provide support for privacy or anonymity, nor do they provide granularity in terms of what information might be released to whom and methods of controlling such release.
To address these problems, various groups are working on new role-based authorization (RBA) models. The value of a RBA approach is that the user asserts a ‘role’ rather than a typical identity when requesting a service. In this way, the user can maintain some level of anonymity and privacy. However, the actual identity of the user may still be maintained by the local domain, thereby addressing possible repudiation and legal concerns (i.e., CALEA). These RBA systems also allow the user to determine the amount and type of information released about that user. This granularity of control can be used to adjust the level of anonymity associated with a communication session. For example, a user may want one session to be anonymous and the next not. In this paper, we will begin by providing some relevant technical background material and loosely define two rather contentious terms, privacy and anonymity. We will then briefly describe the RBA models under development, including the motivation of these models. We will demonstrate how these models can be used to provide privacy and anonymity. Next, we will consider the policy implications of RBA models, particularly as it relates to US federal law and policy. We will end by considering how privacy, anonymity and law might co-exist.
Number of Pages in PDF File: 14
Date posted: May 15, 2012