Privacy-Preserving Digital Identity Management for Cloud Computing

Internet is not any longer only a communication medium but, because of the reliable, affordable, and ubiquitous broadband access, is becoming a powerful computing platform. Rather than running the software and managing data on a desktop computer or server, users are able to execute applications and access data on demand from the "Cloud" (the Internet) anywhere in the world. Cloud services make it easier for users to access their personal information from databases and make it available to services distributed across Internet. Digital identity management services are crucial in cloud computing infrastructures to authenticate users and to support flexible access control to services, based on user identity properties (also called attributes) and past interaction histories. Such services need to preserve the privacy of users, while enhancing interoperability across multiple domains and simplifying management of identity verification. This paper proposes an approach of addressing such requirements, based on the use of high-level identity verification policies expressed in terms of identity attributes, zero-knowledge proof protocols, and semantic matching techniques. The approach uses efficient cryptographic protocols and matching techniques to address heterogeneous naming. The paper describes the basic techniques that could be adopted and the architecture of a system developed based on these techniques, and reports performance experimental results.