1. Field
The following description relates to information protection in a web service, and more particularly to an apparatus and method for managing identity information.
2. Description of the Related Art
In general, when a user registers for a website such as a portal site, he/she inputs all user information required by the website into the website system. At this time, the user accepts an agreement that he/she will provide his/her own information, thereby providing his/her identity information to the website.
According to this method, once a user accepts such an agreement, all of his/her personal information is provided to the corresponding website, and the website obtains more of the user's personal information than needed. Also, in general, users must accept an agreement about deletion, holding period, etc., of personal information set by a website party, and thus have no right to control their personal information in the current method of registering for a website.
In the ID-WSF discovery service of Liberty Alliance, an identity provider (IdP) providing user identity registers information about what kind of information about a user it provides in a discovery server. And, when an identity consumer (IdC) consuming user identity needs user identity information, it searches for an IdP providing the information and requests the IdP to inquire about the user information. However, in this method, users are excluded from identity flow in which identity information is requested and provided, and thus users' right to control their personal information is still weakened. Also, since a clear agreement on information provision and consumption is not made, it is not easy to solve a problem such as identity information leakage.
In another conventional method, users select IdPs, and the selection results are transferred to requesters who request identity. This method can strengthen users' right of selection. However, this method does not involve a clear agreement on information provision and consumption, and thus a problem such as identity information leakage is still at issue.