The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003)...
-
Upload
brooke-holmes -
Category
Documents
-
view
215 -
download
0
Transcript of The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003)...
![Page 1: The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649f165503460f94c2ce5e/html5/thumbnails/1.jpg)
The privacy risks and rewards of distributed identity
Conference Presentation (8 September 2003)Surveillance and Privacy 2003, University of New South Wales
Chris Connolly Galexia Consulting
http://consult.galexia.com
![Page 2: The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649f165503460f94c2ce5e/html5/thumbnails/2.jpg)
Overview
What is distributed identity?
Case study – Reach
Case study - Liberty
Privacy issues and privacy management
![Page 3: The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649f165503460f94c2ce5e/html5/thumbnails/3.jpg)
Distributed identity
“Distributed identity is any identity management system which acts as an alternative to a national ID regime or the consolidation of government or sectoral data sets.”
Examples:» Standards
» Federated identity
» Identity broking
» Gateway services
Claimed benefits:» Security – ID fraud/theft and unauthorsied access
» Convenience – single sign on or federated sign on
» Validation – signing of key documents (eg qualifications)
» Privacy? – setting privacy profiles, attribute broking and pseudonymity
![Page 4: The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649f165503460f94c2ce5e/html5/thumbnails/4.jpg)
Case study - Reach
Reach is the Irish model for a single access system for related services (initially public sector)
Users are given discretion over disclosure of personal information (via a Public Services Broker) to individual or multiple agencies
The Public Services Broker is a trusted third party and maintains audit logs of access etc.
Reach operates through the use of a smart card carrying a Personal Public Service Number (PPSN) protected by a PIN
www.reach.ie
![Page 5: The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649f165503460f94c2ce5e/html5/thumbnails/5.jpg)
Case study - Liberty
Liberty is a global standard for federated identity – personal information remains in the hands of the original collector and is shared amongst providers who comply with the standard
Data does not have to be consolidated into a single database
Additional Liberty services include:» Affiliation – the ability to federate with a particular group of affiliated
sites
» Anonymity – the ability to supply certain attributes without disclosing user identities
Potential for use in discrete ‘communities’:» Financial services
» Education
» Health
» Online government
![Page 6: The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649f165503460f94c2ce5e/html5/thumbnails/6.jpg)
‘Whole of Sector’ identity management
Australian initiatives: Education
» Unique client identifier
» Higher Education Identity Management System
» Skills Passport
Health» Electronic health identifier
Government» State based digital certificate developments
» National electronic authentication developments
» Ellison proposals
![Page 7: The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.](https://reader036.fdocuments.in/reader036/viewer/2022082612/56649f165503460f94c2ce5e/html5/thumbnails/7.jpg)
Privacy management
Design» Privacy Impact Assessments
– Help to determine best options – Can also assist in design choices within each selected option– Must include consideration of rejecting the entire initiative
Implementation» Privacy Management Strategies
– Allocate tasks, responsibilities and timelines
Ongoing» Privacy oversight, audits and review