{"updated":"2025-01-19T18:29:32.756972+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00209524","sets":["1164:4088:10494:10495"]},"path":["10495"],"owner":"44499","recid":"209524","title":["認証認可連携における属性値と認可条件の相互秘匿"],"pubdate":{"attribute_name":"公開日","attribute_value":"2021-02-22"},"_buckets":{"deposit":"2c4c42bf-d0dc-4a60-b082-62dd2766cf36"},"_deposit":{"id":"209524","pid":{"type":"depid","value":"209524","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"認証認可連携における属性値と認可条件の相互秘匿","author_link":["528236","528237","528235","528238"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"認証認可連携における属性値と認可条件の相互秘匿"},{"subitem_title":"Mutual Secrecy of Attributes and Authorization Policies in Identity Federation","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"SITE・IA","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2021-02-22","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"京都大学大学院情報学研究科"},{"subitem_text_value":"京都大学学術情報メディアセンター"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Informatics, Kyoto University","subitem_text_language":"en"},{"subitem_text_value":"Academic Center for Computing and Media Studies, Kyoto University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/209524/files/IPSJ-IOT21052029.pdf","label":"IPSJ-IOT21052029.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-IOT21052029.pdf","filesize":[{"value":"1.8 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"43"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"c03fc809-55bc-4998-87fe-6e7352c28047","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2021 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"西岡, 幸来"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"岡部, 寿男"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Satsuki, Nishioka","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yasuo, Okabe","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12326962","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8787","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"Web 上でのサービス提供において，ユーザのパスワードなどの認証情報を一元管理する認証プロバイダ（IdP）をサービス提供者（SP）から分離する認証連携や，IdP でさらにユーザの属性を管理し IdP から SP に属性値を提供して SP でサービス提供の可否の判断を行う認可連携が普及している．しかし，認可連携において属性値に関する情報が必要以上に SP に渡されている．また，SP がユーザを認可する条件を IdP やユーザに秘匿したいという要求が存在する．本研究では，認可にあたり属性値と認可条件を相互に秘匿する中で，一度の認可では秘匿できたとしても複数回の認可を通して秘匿したい情報を絞り込むことができる問題や，SP の認可条件の論理式を IdP に開示する必要がある問題について指摘・定式化し，これらを解決するプロトコルを提案する．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In modern Web services, authentication federation that separates the Identity Provider (IdP), which centrally manages authentication information such as user passwords, from the service provider (SP) is commonly used. Authorization federation in which the IdP further manages user attributes, the IdP provides attribute values to the SP, and the SP decides whether to provide the service, is used as well. However, more information about attribute values is often passed to the SP than is necessary for the authorization decision. There also are cases in which it is necessary to keep the authorization policies secret from the IdP and the user. Information that should be concealed may be narrowed down through multiple authorization processes, even if attributes and authorization policies can be kept secret from each other in a single authorization process. If an authorization policy of the SP is logical expression of predicates, the expression needs to be disclosed to the IdP. In this work, we point out and formulate these problems and provide some protocols to solve them.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告インターネットと運用技術（IOT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2021-02-22","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"29","bibliographicVolumeNumber":"2021-IOT-52"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"created":"2025-01-19T01:10:49.729739+00:00","id":209524,"links":{}}