Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.1: Overview on IMS
 |
Title: Overview on IMS RESEARCH AND DEVELOPMENT IN TYPE 3 IMS |
 |
Research and Development in Type 3 IMS
Designers of decentralised IMS (Type 3) try to give users control over their personal data. Ideally, the data should be kept on a machine under the user’s control or under the control of someone closer to and more trusted by the user than a central authority. This is e.g. in compliance with the “Laws of Identity” put forth by Kim Cameron of Microsoft, Inc. The following projects try to implement these requirements:
Identity Commons / OASIS XDI/XRI Standards
This technological approach is still in the planning stage. The goal is to formulate access rules to personal data in a XML-defined form and store personal data together with the user’s rules about disclosure and processing. These data/rules objects are kept by “i-brokers” who make transactions for the users, always in accordance with the rules stated by the owners of the data. The brokers are expected to check user’s real-world identities to encourage trust in the corresponding virtual identities. The objects are identified by “i-names” and “i-numbers”, the latter are fixed and globally unique.
LID ‑ Light-Weight Identity Management
This approach uses URLs as identifiers. They are not bound to persons in any way. There is no central authorised party or layer of authorised parties. Behind each URL is a CGI which accesses the data available. The scheme uses HTTP mechanisms to enable such scripts to communicate with each other. They can then authenticate and negotiate which information is transferred. As a side effect, the system can be used for Single Sign-On.
A quite similar project is Sxip.
What distinguishes the schemes from directory-lookup services is the use of “smart pointers”. The identifiers cannot be de-referenced without calling a routine under the control of the user (in LID) or of someone trusted by the user (in Identity Commons). A smart pointer can run checks on the requesting party before de-referencing the data it points to.
Biometric Secured Client-Side Identity Management
This is an additional approach to enable an improved management of biometric authentication data by the user himself. The basic idea behind this concept is the storage of a biometric template on a device controlled by the user and the use of biometrics and knowledge on that device for authentication purposes. The device generates in case of positive authentication a digital credential which can be used for authentication purposes with various applications. This concept will be further described in the FIDIS study “PKI and Biometrics”. Today an advanced prototype of this approach is available.
Integration, Advanced Prototyping and Basic Research
Basing on scientific research and development carried out by a consortium comprising enterprises, universities and a privacy commissioner, the project “Privacy and Identity Management for Europe” (PRIME) currently aims at developing an advanced prototype for type 3 IMS. In contrast to prior research and prototypes the integration of a number of various identity management functionalities in one application is planned. In the area of research improvement of identity management functionalities, integration of credential systems, policy management, improved usability and user interfaces, business models and social acceptance are central topics of research and development within this project. PRIME is addressing policy-makers, business, administration, academia and standardisation organisations.
Many other groups are conducting research in the field of privay enhancing identity management, too. There is a huge variety of open research topics, e.g. improvement of anonymity or unlinkability, measuring privacy aspects and giving reasonable feedback to the user, communicating legal rights to the user and enabling him to really use these rights, privacy management languages and protocols, or trusted systems and their control. A further challenge is the integration of legacy systems, especially in the area of (e-)government area where the user’s identity is increasingly represented by digital ID cards. The integration of (privacy enhancing) identity management systems into real world application ranges from small pseudonymisation concepts to systems which supports the user’s privacy against increasing surveillance and decreasing transparency about what is happening with the user’s data. Especially the way to an ambient intelligence society needs to be evaluated and designed with respect to privacy and identity management.
| |
   |
|
| 24 / 31 |
