Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- D13.1: Identity and impact of privacy enhancing technologie.
- D13.1 Addendum: Identity and impact of privacy enhancing technologies.
- D13.3: Study on ID number policies.
- D13.6 Privacy modelling and identity.
- D13.7: Workshop Privacy.
- D14.1: Workshop on Privacy in Business Processes.
- D14.2: Study on Privacy in Business Processes by Identity Management.
- D14.3: Study on the Suitability of Trusted Computing to support Privacy in Business Processes.
- D14.4: Workshop on “From Data Economy to Secure.
- D16.3: Towards requirements for privacy-friendly identity management in eGovernment.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
Introduction
Scope
The objective of this study is to identify privacy threats in business processes with personalised services and to present technical approaches for usage control and transparency mechanisms. These approaches extend user-centric identity management. This study examines single-stage and multi-stage business processes with regard to profiling of customers by service providers. In general, privacy threats identify these scenarios, in particular in multi-stage business processes. In case of an unconscious data collection in ambient intelligence environments, e.g. in sensor networks, the need of implementing data legislation in devices is motivated. The aim is to achieve transparency to customer with regard to the unconscious data collection. Multi-stage business processes realise business models where profiles of customers are externally managed by a special service provider. Examples are loyalty programs and e-health applications with electronic patient records. Process models for modelling privacy-aware business processes are presented. While they assume trust of customers to service providers, current user-centric identity management systems are investigated in detail according to their suitability as a security mechanism for privacy in single-stage and in particular in multi-stage business processes.
In contrast to the FIDIS study on a “structured overview on prototypes and concepts of identity management systems” (deliverable D3.1), the identity management protocols are hereby analysed in detail. As an extension for user-centric identity management, the usage control mechanism DREISAM and the transparency mechanism ‘Data Track’ are presented afterwards. This study concludes with an outlook on further work concerning the verification of a compliant use of disclosed personal data with regard to data protection legislation and the negotiated agreements between customer and service providers.
3 / 38 |