How do anonymous credentials and selective disclosure certificates affect enterprise IAM?

Ask the Expert

How do anonymous credentials and selective disclosure certificates affect enterprise IAM?

Lately I've read a lot about anonymous credentials and selective disclosure certificates. What do these terms mean and how do they affect enterprise IAM?

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

The technologies you describe are used as a way to prevent disclosure of too much information about a user during the authentication process. Access management systems create profiles for each user who has been granted access. Additionally, some systems use digital certificates to further verify the user's identity. Depending on the system, these digital certificates may contain a lot of information about an individual user's identity.

Since the entire digital certificate is used during authentication, if compromised it could lead to a breach of sensitive information about the user, some of which could be used later for stealing the legitimate user's identity or authentication credentials for malicious access.

The technology, also called minimal disclosure certificates, was developed in 2000 by Stefan Brands, a cryptographer and professor of computer science at McGill University in Montreal.

Here's a scenario to explain how it works. Someone goes into a bar and the bartender asks for the person's driver's license to verify if he or she is of legal age to drink. Most likely, the bartender just looks at the person's date of birth and isn't interested in the name, address or other personal information. Once the bartender is satisfied, the person puts their license away and is allowed to stay in the bar.

But in open networks -- like the Web and the Internet -- an entire digital certificate may be exposed to the whole world over the wire, where its contents can be sniffed and stolen by hackers interested in stealing authentication credentials.

Minimal disclosure certificates solve that problem by only providing enough information from the user's DC to grant access to a system for a specific request. The user's whole identity or credentials aren't served up to the system requesting authentication.

Anonymous credentials are a similar concept, but are more about hiding credentials altogether rather than selective release of identity information.

Brands has a fascinating blog on the subject, The Identity Corner, where he explains and debates the finer points of these two concepts. He says there are three privacy properties of minimal disclosure: minimal traceability back to the user, minimal linkage back to the user and selective disclosure about the user.

Their effect on enterprise access management systems is hard to say right now, since the technology is still currently evolving and not widely adopted. Minimal disclosure certificates and anonymous credentials require access management systems with a high degree of granularity, meaning such systems must be capable of being tuned to pick and choose which pieces of users' identities can be used for authentication.

The technology is being discussed as part of CardSpace, a Microsoft identity management initiative, and as part of the Security Assertions Markup Language (SAML), a similar open source project.

For more information:

  • Joel Dubin discusses the pros and cons associated with creating a personal digital certificate.
  • In this expert response, application security pro Michael Cobb emphasizes the importance of keeping your Web server certificates up-to-date.
  • This was first published in October 2007