|
Journal of Computer Science and Technology ›› 2021, Vol. 36 ›› Issue (3): 664-692.doi: 10.1007/s11390-021-9673-z
Special Issue: Data Management and Data Mining; Computer Networks and Distributed Computing
• Regular Paper • Previous Articles Next Articles
Paul Marillonnet1,2, Maryline Laurent2, and Mikaël Ates1
[1] Paverd A, Martin A, Brown I. Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Technical Report, University of Oxford, 2014. https://www.cs.ox.ac.uk/people/andrew.paverd/casper/casperprivacy-report.pdf, Nov. 2020. [2] De Capitani di Vimercati S, Foresti S, Samarati P. Authorization and access control. In Security, Privacy, and Trust in Modern Data Management, Petković M, Jonker W (eds.), Springer Berlin Heidelberg, 2007, pp.39-53. DOI:10.1007/978-3-540-69861-6_4. [3] Grassi P A, Galluzzo R, Piccarreta B M, Nadeau E M, Lefkovitz N B, Dinh A T. Attribute metadata:A proposed schema for evaluating federated attributes. Technical Report, NIST Computer Security Resource Center, 2018. https://csrc.nist.gov/publications/detail/nistir/8112/nal, Nov. 2020. [4] Nuñez D, Agudo I. BlindIdM:A privacy-preserving approach for identity management as a service. International Journal of Information Security, 2014. 13(2):1615-5270. DOI:10.1007/s10207-014-0230-4. [5] De Montjoye Y A, Shmueli E, Wang S S, Pentland A S. openPDS:Protecting the privacy of metadata through SafeAnswers. PLoS ONE, 2014, 9(7):Article No. e98790. DOI:10.1371/journal.pone.0098790. [6] Papadopoulou E, Stobart A, Taylor N K, Williams H M. Enabling data subjects to remain data owners. In Proc. the 9th KES International Conference on Agent and MultiAgent Systems:Technologies and Applications, June 2015, pp.239-248. DOI:10.1007/978-3-319-19728-9_20. [7] Mortier R, Zhao J, Crowcroft J, Wang L, Li Q, Haddadi H, Amar Y, Crabtree A, Colley J, Lodge T, Brown T, McAuley D, Greenhalgh C. Personal data management with the databox:What's inside the box? In Proc. the 2016 ACM Workshop on Cloud-Assisted Networking, December 2016, pp.49-54. DOI:10.1145/3010079.3010082. [8] Paquin C. U-prove technology overview V1.1(revision 2). Technical Report, Microsoft, 2013. https://www.microsoft.com/en-us/research/publication/u-prove-technologyoverview-v1-1-revision-2/, Nov. 2020. [9] Camenisch J, Pfitzmann B. Federated identity management. In Security, Privacy, and Trust in Modern Data Management, Petković M, Jonker W (eds.), Springer Berlin Heidelberg, 2007, pp.213-238. DOI:10.1007/978-3-540-69861-6_15. [10] Maler E, Machulak M, Richer J, Hardjono T. Usermanaged access (UMA) 2.0 grant for OAuth 2.0 authorization. Technical Report, Internet Engineering Task Force, 2019. https://datatracker.ietf.org/doc/html/draftmaler-oauthumagrant-00, Nov. 2020. [11] Ceccanti A, Hardt M, Wegh B, Millar P A, Caberletti M, Vianello E, Licehammer S. The INDIGO-data cloud authentication and authorization infrastructure. Journal of Physics:Conference Series, 2017, 898(10):Article No. 102016. DOI:10.1088/1742-6596/898/10/102016. [12] Campbell B, Mortimore C, Jones M. RFC 7522:Security assertion markup language (SAML) 2.0 profile for OAuth 2.0 client authentication and authorization grants. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7522, Nov. 2020. [13] Sakimura N, Bradley J, Jones M, De Medeiros B, Mortimore C. OpenID connect core 1.0 incorporating errata set 1. Technical Report, The OpenID Foundation, Nov. 2014. https://openid.net/specs/openid-connect-core-10.html, Nov. 2020. [14] Hardt D. RFC 6749:The OAuth 2.0 authorization framework. Technical Report, Internet Engineering Task Force, 2012. https://tools.ietf.org/html/rfc6749, Nov. 2020. [15] Richer J, Jones M, Bradley J, Machulak M, Hunt P. RFC 7591:OAuth 2.0 dynamic client registration protocol. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7591, Nov. 2020. [16] Richer J, Jones M, Bradley J, Machulak M. RFC 7592:OAuth 2.0 dynamic client registration management protocol. Technical Report, Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7592, Nov. 2020. [17] Campbell B, Mortimore C, Jones M, Goland Y Y. RFC 7521:Assertion framework for OAuth 2.0 client authentication and authorization grants. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7521, Nov. 2020. [18] Jones M, Sakimura N, Bradley J. RFC 8414:OAuth 2.0 authorization server metadata. Technical Report, Internet Engineering Task Force, 2018. https://tools.ietf.org/html/rfc8414, Nov. 2020. [19] Richer J. RFC 7662:OAuth 2.0 token introspection. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7662, Nov. 2020. [20] Lodderstedt T, Dronia S, Scurtescu M. RFC 7009:OAuth 2.0 token revocation. Technical Report, Internet Engineering Task Force, 2013. https://tools.ietf.org/html/rfc7009, Nov. 2020. [21] Fernandez G, Walter F, Nennker A, Tonge D, Campbell B. OpenID connect client initiated backchannel authentication flow-Core 1.0 draft-03. Technical Report, The OpenID Foundation, 2020. https://openid.net/specs/openid-clientinitiatedbackchannel-authentication-core-10.html, Nov. 2020. [22] Diffie W, Hellman M. New directions in cryptography. IEEE Transactions on Information Theory, 1976, 22(6):644-654. DOI:10.1109/TIT.1976.1055638. [23] Shamir A. How to share a secret. Commun. ACM, 1979, 22(11):612-613. DOI:10.1145/359168.359176. [24] Schneier B. Applied Cryptography:Protocols, Algorithms, and Source Code in C (2nd edition). John Wiley & Sons, 1996. [25] Blaze M, Strauss M. Atomic proxy cryptography. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.40.493-7&rep=rep1&type=pdf, Nov. 2020. [26] Blum M, Feldman P, Micali S. Non-interactive zeroknowledge and its applications. In Proc. the 20th Annual ACM Symposium on Theory of Computing, January 1988, pp.103-112. DOI:10.1145/62212.62222. [27] Chaum D, Evertse J H, van de Graaf J. An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In Proc. the 1988 Workshop on the Theory and Application of Cryptographic Techniques, April 1988, pp.127-141. DOI:10.1007/3-540-39118-5_13. [28] Haddadi H, Howard H, Chaudhry A, Crowcroft J, Madhavapeddy A, Mortier R. Personal data:Thinking inside the box. arXiv:1501.04737, 2015. http://arxiv.org/abs/1501.04737, Jun. 2017. [29] Osborn S L. Role-based access control. In Security, Privacy, and Trust in Modern Data Management, Petković M, Jonker W (eds.), Springer Berlin Heidelberg, 2007, pp.55-70. DOI:10.1007/978-3-540-69861-6_5. [30] Ferraiolo D F, Sandhu R, Gavrila S, Kuhn D R, Chandramouli R. Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur., 2001, 4(3):224-274. DOI:10.1145/501978.501980. [31] Birgisson A, Politz J G, Erlingsson Ú, Taly A, Vrable M, Lentczner M. Macaroons:Cookies with contextual caveats for decentralized authorization in the cloud. In Proc. the 2014 Network and Distributed System Security Symposium, February 2014. DOI:10.14722/ndss.2014.23212. [32] Henriksen-Bulmer J, Jeary S. Re-identification attacks-A systematic literature review. International Journal of Information Management, 2016, 36(6):1184-1192. DOI:10.1016/j.ijinfomgt.2016.08.002. [33] Maler E. Controlling data usage with user-managed access (UMA). Technical Report, W3C Privacy and Data Usage Control Workshop, 2010. https://www.w3.org/2010/policy-ws/papers/18-Maler-Paypal.pdf, Nov. 2020. [34] Machulak M, Richer J. Federated authorization for user-managed access (UMA) 2.0. Technical Report, Internet Engineering Task Force, 2018. https://docs.kantarainitiative.org/uma/wg/rec-oauth-uma-federated-authz-2.0.html, Nov. 2020. [35] Rackoff C, Simon D R. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Proc. the 1991 Annual International Cryptology Conference, August 1991, pp.433-444. DOI:10.1007/3-540-46766-1_35. [36] Lizar M, Turner D. Consent receipt specification. Technical Report, Kantara Initiative, 2018. https://kantarainitiative.org/file-downloads/consent-receipt-specification-v1-1-0/, Nov. 2020. [37] Lizar M, Wunderlich J. Minimum viable consent receipt (MVCR) Specification. Technical Report, Kantara Initiative, Nov. 2014. https://kantarainitiative.org/confluence/display/archive/Minimum+Viable+Consent+Receipt+-%28MVCR%29+Specification+v.05, Nov. 2020. [38] Leech M D, Ganis M, Lee Y et al. RFC 1928:SOCKS protocol version 5. Technical Report, Internet Engineering Task Force, 1996. https://tools.ietf.org/html/rfc1928, Nov. 2020. [39] Fielding R T. REST:Architectural styles and the design of network-based software architectures[Ph.D. Thesis]. Department of Information and Computer Science, University of California at Irvine, 2000. [40] Turner M, Budgen D, Brereton P. Turning software into a service. Computer, 36(10):38-44. DOI:10.1109/MC.2003.1236470. [41] Reschke J. RFC 7617:The ‘Basic’ HTTP authentication scheme. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7617, Nov. 2020. [42] Jones M, Campbell B, Mortimore C. RFC 7523:JSON web token (JWT) profile for OAuth 2.0 client authentication and authorization grants. Technical Report, Internet Engineering Task Force, 2015. https://tools.ietf.org/html/rfc7523, Nov. 2020. [43] Andersdotter A, Jensen-Urstad A. Evaluating websites and their adherence to data protection principles:Tools and experiences. In Privacy and Identity Management. Facing up to Next Steps, Lehmann A, Whitehouse D, Fischer-Hübner S, Fritsch L, Raab C (eds.) Springer, 2016, pp.39-51. DOI:10.1007/978-3-319-55783-0_4. |
No related articles found! |
|