Privacy Protected Authentication and Authorisation

  • TYPE: Combined Session DATE: Thursday, May 12, 2011 TIME: 16:30-17:30 LOCATION: Alpsee

CardSpace in the Cloud describes a web based federated identity management system which is based on the user centric approach of the Information Card model, but has been significantly enhanced to remove many of the problems inherent in Microsoft’s original design. The new design is an alternative to UProve and Idemix credentials, and uses existing SAML 2 federations and assertions. Our model supports privacy protection of the user attributes, user mobility and the aggregation of multiple claims from different identity providers (IdPs), whilst only requiring the user to authenticate via just one of his IdPs. Furthermore no constraints are placed on the authentication mechanism that is used by this IdP. The level of assurance (LoA) of the authenticating IdP is built into the design.

All this is achieved by introducing a new component, the Linking Identity Selector, which can run anywhere in the cloud, and allows the user to select multiple cards at service provision time. Users can then use the combined set of credentials to access a wider range of web based resources. We describe a use case which allows the user to present a credit card, a self asserted card, a hotel loyalty card and a frequent flyer card in order to make an online hotel booking, using voice biometrics for authentication.


Ronny Bjones currently is working for Microsoft Corporate as senior architect in the identity & security division. Ronny joined Microsoft in 2002 to contribute in trustworthy computing. Later he became the EMEA security lead for Microsoft’s enterprise business. He has 27 years of...

Gregory Neven is a research scientist at IBM Research - Zurich in Switzerland. His main research topics are provably secure cryptography and privacy policy languages, in which fields he has published over forty scientific papers. He received his MSE and Ph.D. degrees from Katholieke Universiteit...



European Identity Conference 2011

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • May 10 - 13, 2011 Munich