Title: STRUCTURE AND CONTENT

Structure and Content

This study is organised in four parts: 

1. Part 1: Privacy threats in business processes with personalised services 

2. Part 2: Privacy-aware business process design and identity management

3. Part 3: Approaches for identity management extensions for business processes

4. Part 4: Conclusion and outlook 

Part one introduces two scenarios for business processes with personalised services: single-stage business processes and multi-stage business processes, with service providers acting on behalf of their customers. The aim of part two is to derive security requirements for identity management which preserve customer’s privacy with regard to his informational self-determination, i.e. a customer is able to decide on the disclosure and use of his personal data. Furthermore, part two investigates on process models for inventing privacy in business processes and on the current security mechanism for private data: identity management. Current user-centric identity management systems classified concerning the trust model are considered and applied on both types of business processes. Part three presents two approaches for identity management which partially fills this gap by a credential-based usage control mechanism and a transparency instrument for customers in order to retrace their data disclosure and profiles at service providers. Part four concludes this document and gives an outlook to further work, in order to verify the trustworthiness of the participating service providers and certification authorities.