Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.1: Overview on IMS
Mechanisms to Meet Requirements of IMS with Respect to Privacy
Introduction
The following categories and mechanisms are derived – among others – from [ICP03]. The categorisation is commented with respect to privacy.
The mechanisms are listed in sections. Each block has enumerations describing the mechanisms and listing partial mechanisms.
Section I to III is describing the main functionality of the different types of IMS.
Section IV is describing security as a mechanism. Generally security is also seen as fundamental for privacy.
Section V describes specific and general mechanisms to meet privacy requirements.
Section VI describes mechanisms to achieve interoperability. Depending on the type of IMS those requirements differ. Type 1 IMS especially require compliance with standards in the area of authentication systems (e.g. PKI) and directory services (e.g. LDAP, SAML etc.). Type 2 IMS require Interfaces to collect data generated or transferred from the user-client. Type 3 IMS require in addition to the standards mentioned for IMS Type 1 the integration of various existing identity management applications to larger identity management systems.
Section VII to X describes mechanisms for Type 3 IMS which are important to make the existing applications (today mainly client-side tools) attractive for the majority of users. Those mechanisms are meant to overcome the main observed obstacles for a better market penetration of Type 3 IMS.
Type 1 IMS: Account Management Systems
Functionality: Centralised and decentralised account administration
Centralised creation of accounts, decentralised administration of identity information
Centralised role Management
Identity recovery
Functionality: Logging
To determine the attempt to access restricted data
Functionality: Access control
Authentication and application of roles
Single Sign-On
Security (the following aspects of Security are taken from1, the IT Baseline Protection Manual and the British Standards (ISO/EIC 17799))
Confidentiality (e.g. secrecy of authentication data)
Integrity (including non-repudiation)
Availability
Privacy
Privacy control functionality (consent, objection, disclosure, correction, deletion and addition of privacy information)
Role-based access to privacy information stored in the accounts
Data minimisation: Storing and processing only data which is really necessary
Standards (e.g. P3P), seals (e.g. Privacy Seal by ICPP) and penalties
Interoperability for third party integration
Compliance to existing standards
Examples: LDAP, SAML etc.
Well defined interfaces
Type 2 IMS: Profiling
Functionality: Logging user interaction and generate profiles for further internal use
Functionality: Notice
Share profile data with the user
Functionality: User control
Rule handling
User is in control of the data transferred into the profile or the profile itself (by local storage and central processing)
Security
Confidentiality (e.g. anonymisation, secrecy)
Integrity (including non-repudiation)
Availability
Privacy
Privacy control functionality (consent, objection, disclosure, correction, deletion and addition of privacy information)
Data minimisation: Storing and process only data which is really necessary
Standards (e.g. P3P), seals (e.g. Privacy Seal by ICPP) and penalties
Interoperability for third party integration
Compliance to existing standards
Well defined interfaces
Type 3 IMS: User-Controlled Context-Related Role and Pseudonym Management
Functionality: Identity administration
Communication-independent handling and representation of identities: Possibility to choose between different profiles / data schemes; creating, updating, deleting identity and identity information
Pseudonyms with specific properties: Using pseudonyms for privacy enhancement by averting linkability
Credentials: To reach an optimised privacy protection credentials can be used as convertible certifications by which authorisations obtained under one pseudonym can be transferred to another pseudonym without loosing unlinkability. Although an authorisation is bound to an individual and can be reliably used in many contexts, its use does not automatically lead to data trails or unwanted disclosure of personal data. As long as the individual does not misuse the credential, anonymity is guaranteed.
Identity recovery: A user may want to prove that a given pseudonym was in his control at an earlier time.
Functionality: Notice
History management: Possibility to log transaction for reconstructing and analysing data flow
Example: Illustrating what the communication partner knows from previous transactions; filters could be used to get a view e.g. on identity and identity information
Practical view: email communications have to be stored completely, because the privacy-relevant content cannot be analysed automatically.
Context detection: which partial identity was used in which transactional context?
Functionality: Control
Rule handling
Support user to choose the right profile / preferences etc.
Anonymity as base-rule for privacy enhancement
Essential on the lower layers to enable Identity Management
Anonymity is also seen as mechanism for security, especially confidentiality
Security
Confidentiality (e.g. anonymity, secrecy)
Integrity (including non-repudiation)
Availability (e.g. if a cascade within anonymising service such as JAP/AN.ON goes down an automatic redirect to another cascade takes place)
Privacy
Privacy control functionality (consent, objection, disclosure, correction, deletion and addition of privacy information)
Data minimisation: Storing and process only data which is really necessary
Standards (e.g. P3P), seals (e.g. Privacy Seal by ICPP) and penalties
Interoperability for third party integration
Compliance to existing standards
Well defined interfaces for integration in popular software (e.g. mailers, browsers, etc)
Trustworthiness
Segregation of power, separating knowledge, reviewing by independent parties
Using Open Source
Trusted seals of approval
Law Enforcement / Liability
Digital evidence
Example: Proof of transactions etc.
Digital signatures
Data retention
Comment: this is contrary to privacy
Usability
Comfortable and informative user interfaces
Training and education
Low complexity
Raising awareness
Affordability
Power of market: Create IMS that are competitive and are able to reach a remarkable penetration of market
Using open source building blocks
Subsidies for development, use, operation, etc.
19 / 31 |