Foreword ACTIVITY CHART

Activity Chart

The Activity Chart, set out on a single web page, summarises the principles of identity management and how they may be applied in practice. The Activity Chart is divided into five parts, which in turn are divided into sub-parts, or elements, as illustrated in Figure 2, and described below. All of the sub-parts have been given a unique reference number, e.g. P1, T2, L3 etc, so that these can be found and accessed easily via hyperlinks or directly from within a directory structure. 

Figure 1: Portal Structure 

Identity Management Processes

The identity management processes refer to the use of identities throughout their lifecycle in the many application areas such as e-Health, e-Government and banking systems. One extremely important issue to be taken into account is that many of the systems share, or exchange, the same identity information so it vital that when an identity is created that it is completely accurate and cannot be changed without the approval of the responsible authority. The processes may be sub-divided into the following elements. 

1. Requirements 

The requirements should include what the scope of an application is, the number of individuals being stored on the identity database, the types of identity being used, the stakeholders involved and their roles in the system, and the processes to be applied by each of them. 

Figure 2: The elements of the Activity chart 

1. Processes 

Processes and information models should be developed to show how identities are managed within each stakeholder and how the identities are shared or exchanged with other stakeholders involved with the application system. 

1. Stakeholders 

The roles and responsibilities of each stakeholder involved with the application must be well specified in identity policy documents. Particular attention must be made to the roles and responsibilities of staff because in many instances, they are the cause of errors in systems, or illegal use of identities. Fraudsters such as money launderers and identity thieves are now infiltrating associates into financial institutions, retail outlets and government sector organisations to perform illegal tasks on their behalf. 

1. Information Management 

In order to perform assignments in identity management it is necessary to recognise the role of effective information management. It is the skilful handling of knowledge to deliver the right information, to the right place, at the right time. Deliverable D4.6 recommended the Five Principles of Information Management namely Information Representation, Duty of Care, Processes and Procedures, Technologies and Audit for adoption for this purpose. 

Types of Identity

The many types of identity, and their application, are documented in deliverable D4.7 and particular attention is given to the following identities: 

1. Personal 

2. Biological 

3. Situational 

4. Locational 

When dealing with biological identities such as fingerprints, iris scans and face recognition methods confidence is needed in the reliability of the software and its ability to perform such tasks with the utmost accuracy. 

Identity Technologies

Five of the FIDIS research themes cover identity technologies which are discussed below.  

1. Profiling 

Profiling is probably the only way that vast volumes of data about individual and group behaviour can be mined and analysed. This technique is being applied extensively in fighting crimes such as money laundering and terrorist financing. However, when applying profiling techniques privacy principles must be taken into account. 

1. Interoperability 

The question of interoperability in respect of identity and identity management systems is one of growing concern. The work of WP4 addresses this issue and the proposed portal attempts to assist organisations with managing interoperability within and between organisations that are cooperating with each other.  

1. Forensics 

Forensic technology is being applied to counteract ID fraud and is used to provide sufficient evidence for possible prosecutions when fraud cases have been taken to court. Forensics may also be considered as a particular form of profiling 

1. High Tech ID 

High Tech systems cover such technologies as Public-Key Infrastructures, biometrics, electronic signatures and mobile identity management. Radio Frequency Identification (RFID) systems are also being used in many application systems such as the tracking of people and assets, medical applications where patients are linked with key drugs, and supply chain automation. 

1. Mobility 

The work of FIDIS dealing with mobility and identity covers legal, technology and sociology aspects. It also investigates legal certainty and privacy protection with regard to Location Based Services (LBS). 

Identity Lifecycle 

The identity lifecycle covers the following stages: 

1. Creation 

Extreme care must be taken by public authorities when creating citizen identities, in particular that the representations in digital form, of the various types of identity, are accurate, complete, authentic and unique.  

1. Storage 

When dealing with vast amounts of data which are stored as millions of entries, it is important that adequate assurance against information risks has been developed. Databases are prone to error and if a database has errors within it, they are rapidly shared or exchanged with others multiplying the problems exponentially. 

1. Matching Check 

Real-time identification of individuals is extremely important particularly when dealing with law enforcement, border control and financial transactions from cash points. Any matching checks, say of the individual’s fingerprints against those stored on a database must be extremely accurate and within well defined tolerances. 

1. Maintenance 

It is critical that all identity databases and processes are kept up to date and that all practitioners are informed of the latest versions. This is especially so when the information is used by more than one department or more than one organisation. The application of the five principles of management should assist in these tasks. 

1. Deletion 

As the active databases grow substantially, year on year, with new entries introduced to the systems, it is prudent that identities of deceased persons should be pruned from the database and transferred to archives. 

Identity Application Domains

The research performed in WP4 has concentrated on interoperability within three areas of interest, namely e-Health, e-Government and e-Commerce. For each sector identity management requirements were specified, a stakeholder model was presented, followed by operational and application activities expressed in the form of the five principles of information management. This work was documented in deliverable D4.8. 

1. e-Health 

Identity management was studied in detail within the health sector and this was reported in deliverable D4.9. The study took into account the work of deliverable D4.11 which was concerned with the models underlying the health identity management of different types of welfare states in Europe. 

1. e-Government 

Identity management is being applied in many areas of government, including health services, vehicle registration and the supply of financial benefits. Further work is taking place within WP16 in developing a conceptual framework for e-government which will include privacy, data protection and identity management issues. The proposed framework is based on a survey throughout EU countries and one of the aims is to establish a common vocabulary for identity management. A major aspect of the work involves identity cards and the creation of national identity registers. 

1. e-Commerce 

E-Commerce consists primarily of distributing, buying, selling and marketing products over electronic systems such as the internet and other computer networks. The major part of e-commerce is concerned with performing financial transactions over banking systems. It is therefore vital that the electronic transfer of identities and information, relating to individuals and organizations, is assured to an appropriate level.