Bridging the Gap between Privacy and Security in Multi-Domain Federations with Identity Tokens.