Protecting End User’s Privacy When using Social Login through GDPR Compliance

Carlos Villarán, Marta Beltrán

2021

Abstract

Social login allows end-users to identify and authenticate in different applications and services using their social network providers (Facebook, Twitter, Google, LinkedIn) instead of using specific accounts and passwords. This kind of single-sign-on approach relies on federated identity management specifications that significantly simplify login processes. However, this kind of solution also implies new threats for end user’s privacy, because identity providers (social network providers) have access to sensitive information that allows them to perform processing without explicit consent (to profile or track their users, for example) or that can be shared with third parties. This paper proposes the inclusion of new capabilities within the authentication flows, intending to mitigate these privacy threats guaranteeing compliance with the General Data Protection Regulation (GDPR) through transparency and efficient use of already existing mechanisms and technologies such as back-channel logout or consent receipts. Furthermore, the integration of these capabilities in OpenID Connect flows has been validated with a real prototype of the proposed solution.

Download


Paper Citation


in Harvard Style

Villarán C. and Beltrán M. (2021). Protecting End User’s Privacy When using Social Login through GDPR Compliance. In Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT, ISBN 978-989-758-524-1, pages 428-435. DOI: 10.5220/0010521304280435


in Bibtex Style

@conference{secrypt21,
author={Carlos Villarán and Marta Beltrán},
title={Protecting End User’s Privacy When using Social Login through GDPR Compliance},
booktitle={Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,},
year={2021},
pages={428-435},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010521304280435},
isbn={978-989-758-524-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Security and Cryptography - Volume 1: SECRYPT,
TI - Protecting End User’s Privacy When using Social Login through GDPR Compliance
SN - 978-989-758-524-1
AU - Villarán C.
AU - Beltrán M.
PY - 2021
SP - 428
EP - 435
DO - 10.5220/0010521304280435