Putting Citizens at the Centre of Identity Management - Towards a Personal Data Services Model Peter...

Putting Citizens at the Centre of Identity Management- Towards a Personal Data Services Model

Peter F BrownOASIS Individual MemberCo-Editor, OASIS Reference Model for Service Oriented ArchitecturesFounder, Pensive.eu

www.XMLbyStealth.net/uid/0089

All content © 2006, Pensive.eu.Check URI in header for most recent and/or authentic version.This file may be copied on condition that it remains complete and intact, including this page.

© Pensive.eu, All Rights Reserved2

OverviewAn attempt to look at the thorny question of personal data management and gain a wider understanding of:

what constitutes “personal data”how it is identified, authenticated, used and managedpolicy concerns regarding privacy and public policy

and propose a way forward consistent with:the idea of eGovernment as central to identity policydata and identity protection legislationpolitical and social imperatives


Transformation

eGovernment must be driven by vision and policy and not by technology

engineers are essential for providing capability and solutionsbut we need more architects and more visionarieswe need to balance public interest with citizen concerns

Examine personal data management in context of:what is technologically, legally and operationally possible;what is politically and socially desirable;what is publicly acceptable

See “The Magic Triangle”


Transformation

eGovernment is more than just “digitising” paper processes

Why an eID card ? rather than eID managementlook at a model for personal data management that doesn’t just

digitise paper processes…


Typical current Model

Family NameGiven NameDate of Birth

N.I. NumberPlace of Birth

…

ID

ID

+

ID

ID

ID

ID

1. A new record (and data sub-set) created from user input without reference to other pre-existing records

2. Data added by a specific authority without reference back to original record 3. A new record is duplicated

from an already secondary source


Citizen still not in controlStill focussed on needs of processNo control over replication of data

Attraction of “centralised” model

ID

ID

+

ID

+

ID

ID

ID

Advantages:Referential integrityCentrally managed

But:There is no single, “Centre”

No system is “all seeing”Doesn’t cover private sector

1. Supplementary data added to source original record and then replicated as needed

2. No record replicated from a secondary source but only through reference to original data set

7

doctor 91%

teacher 87%

professor 74%

judge 72%

Priest 71%TV news reader 66%scientist 65%the police 64%

person in the street 53%pollster 46%civil servant 46%

Trade Union official. 33%business leader 28%Gov. Minister 20%politician 18%journalist 18%

Mori: Year 2003, 2000+ British Adults aged 16+

yourself ??%

Who do you trust with your data?

8

Who do you trust to manage your data?

But who would you trust to “identify” a person?the person themselves?a peer group?a private company?a public authority?

And what guarantees do you have,regarding liability?regarding data security?regarding reliability of the identity

(come to think of it: what is “identify”?)


eID - LiabilityWhen other people manage our

money:there are strong public policy rulesfinancial institutions are tightly

regulatedthere is a clear model of financial

liabilityIf we can do it for money, why not for

Personal Data? Raises some questions…who manages it?who is liable?who really “owns” it?


eID – Data SecurityPersonal data is often processed

without the citizen having control“Processing” of data is based on needs of the process,

not on the needs of the citizenRarely validated with the citizenNo root identity – (small) subset of personal details often

sufficient to “identify” – easy for fraudstersAuthentication models based on per-industry basis not per-

citizen: makes it more unmanageable for the individualCitizen willingness to share their data depends on situation

11

What is “identity”In logic, making the assertion that x = y:

For any x and y, if x and y have all the same properties, then x is identical to y

In eID, the objective of “identifying” some person or thing is not usually to actually “know” who the person is, but rather to identify some selected set of properties needed for some particular purpose:

On the basis that some group of properties presented to us are the same as some identical group of properties, to assert – because they are identical – that they refer to the same person or object:

e.g. to know that x who is presented to a service is the same person as the y that the service already “knows” (has “on file”)

Group of properties does not need to be (cannot be) exhaustive, but rather sufficient for the assertion in the particular context:

e.g. many services do not really need to know “who” someone is, only to know some properties (an address, an age, some other set of personal data and/or characteristics) necessary for the completion of a particular service


Identity in contextIs there a single set of characteristics/properties that is

always sufficient to uniquely identify someone?Is it necessary?Yes, for some public authorities/ public policy reasons but…In many contexts it will be overkill and too expensiveIt will often compromise legitimate concern for privacy

Another approach:provide the set of properties necessary per context - no more,

no less…


Firstly, distinguish between types of personal data:

Data needed to identify (may vary according to level of authentication needed)

Data that can identify (most common approach to identity theft)

Personal Digital Property (from an MP3 to the Deeds of a house…)and provide “double-key” authentication for every element

“eDoc”



…

A different approach…

ID


“eDoc”



…


Secondly, architect personal data “provisioning” as a distinct service:

Personal Data are not just passive “objects” but valuable assets – treat them as such

Even if services are provided by third partiesApply a standard service modelLeave market to provide compliant solutionsLeave citizen to choose provider(s)

and leave public authorities to verify, validate and authenticate root identity when needed

ID


“eDoc”



…


ID

Thirdly, apply SOA principles to personal data management:

“Expose” data and service capabilities only according to need (“service opacity”)

Make data-use transactionalMake transactions idempotentAlways provide execution contextProvide delegation & Mandate ManagementProvide comprehensive auditing of transactions

Personal Data used (and signed?) transactionally


A “Personal SOA”

User-centred eID managementUniversal interoperabilityReliable & Secure

Tax Return 2005Purchase on 25th M…Credit Card statement

Diploma from Uni..Invoice N° 1234…

…

ID

“eDoc”

Single logical (not physical) service

Authenticated transactions with “once-only” use of personal data

Same “eID” can be used cross-border, even with different data elements used according to local requirements

No a priori limit to types of personal data managed….


Some steps in this direction already…“Personal Data Vault” (Irish Government)“Virtual Safe” (French “Mon Service Public”)“Citizen Account” (UK GovConnect)“e-Ja” (Polish private-sector initiative)


A missing element: “data model”No agreement about how personal data is defined…(except by specific industry sectors)little or no public policy inputcertainly no citizen input

…nor how it is managed…accessed and delivered transactionally, as a service

nor by whom…need to separate issues of ownership and custodianship


a “Personal data services model”?

Need for general model and rules for useKeep it simple but extensibleMake it a matter of public policyPossible new initiative at EU level (part of work

programme within “eID Roadmap”):key industry supportSeveral public administrations interested alreadycould be most revolutionary issue in eGovernment and public

policy this decadeSee “The Magic Triangle”


eIdentity – not just for peopleIn an increasingly inter-connected world, we need to clearly identify what we are connecting with digitally:

not just peoplebut also web pages, web servicesdocumentsother digital “artefacts”

Stability of identity is a cornerstone of interoperability, security and public confidence in eGovernment and in eServices in general

Possibly the single most important issue for the “digital world”

“eDoc”ID Identify

Authenticate


Where to now?PolicyNeed for policy support and initiativeNeed for involvement in European Commission’s “eID ad-hoc”

Group and associated support work and pilot projectsBring the “magic triangle” issues into public discourse, with

politicians and civil society

Concentrate on policy pre-requisites and framework (in particular organisational, administrative and legal issues), not on the technologies


Where to now (2)?StandardsDo we push for a “standard”, both as an end in itself and as a

means of getting the issues on the policy agenda?Role of “standards” bodies:

Public SO or Industry Consortium? ISO? CEN? OASIS? Liberty Alliance?

Explicitly EU or global (different data protection cultures)

Concentrate on promoting a user-centred model for personal data encapsulation and servicing


Where to now (3)?Role of Industry:PPP?Possible research project(s)?Proofs of Concept, RFPs and RFCsInput to pilot projects

Concentrate on building momentum among industry players both to promote technologically feasible approaches and reassure the public polity

Putting Citizens at the Centre of Identity Management - Towards a Personal Data Services Model Peter...

Documents

Transcript of Putting Citizens at the Centre of Identity Management - Towards a Personal Data Services Model Peter...