tirsdag den 3. februar 2009

User Centric Identity Management

During 2009 the New Danish Digital Signature will be rolled out; already before availability, critics have stated that it seems to be complicated to install and to use. Usage requires a one-time code to be entered, and there is no single recommended or secure external media to ensure mobility.

However, the major advantage of the new Digital Signature is that it is a cross-sector solution supported by the public and by the financial sector. But, as I have stated earlier, it’s usability in my eyes is limited because it does not give the citizens any new kind of Identity Card.

The requirements for an electronic identity is increasing, not least because of the explosion of the take-up of social networks – both by NGO’s, companies, media, private citizens and now also more and more by the public sector. These networks holds some part of the individual’s profile and rightfully need to be protected – but maybe not using the full power of a qualified digital certificate.

In some countries the public sector have ambitions to set up a ‘one stop shopping’ portal for access to all public services; in US the primary purpose is to ensure and control who is allowed inside, in a number of European countries the aim is to increase use of on line services with a minimum of user inconvenience by setting up a centrally managed authorization and control system – single sign on.

But why should everybody need to use a strong certification for accessing everyday type of information or standard services, where only the citizenship, maybe age, sometimes postal number, is of importance?

It was interesting to note that the German law on digital identities offered a user-centric way of controlling how much PII (Personally Identifiable Information), each citizen would like to reveal.

So my suggestion is that a web 2.0 enabled World will require user centric identity management, not a centralized monolithic control mechanism. Yes, access to personalized health information requires a real strong identification. But does participation in a chat room concerning the local city planning aspects? Hardly.

IBM’s Zurich Laboratory has been one of the driving forces in a consortium - consisting of 20 scientific institutions as well as private companies - called PRIME - PRIME - Privacy and Identity Management for Europe :

“PRIME aimed to develop a working prototype of a privacy-enhancing Identity Management System. To foster market adoption, novel solutions for managing identities had been demonstrated in challenging real-world scenarios, e.g., from Internet Communication, Airline Passenger Processes, Location-Based Services and Collaborative e-Learning.”

As such the project was extremely successful and in 2008 it was awarded the award of IPPA - International Association of Privacy Professionals – for it’s novel approach to user centric ID Management.

From the PRIME Homepage:

“The success of PRIME is evidenced by the number of offspring projects, including “PrimeLife”, PICOS and PrivacyOS—bringing privacy high up on the European research agenda. “PrimeLife”, also coordinated by IBM’s Zurich Research Lab, is the direct successor project of PRIME and aims at empowering users to manage and control their personal data and privacy throughout their entire lifetimes, whenever they participate in Web 2.0 technologies, such as social networks or virtual communities, which raise substantial new privacy challenges.”

IBM Zurich’s major contribution to the project is the solution called IDEMIX, somewhat misleading mentioned as ‘anonymous authentication’. The main author of IdeMIX, Jan Camenisch from IBM Research Center, in his presentation describes that the idea is to have the user control how much PII to reveal by having one secret, private key but multiple public keys signifying different levels of PII. In fact, the term Pseudonymity would have been more appropriate.

User-centric identity systems (sometimes referred to as Identity 2.0) are an attempt to put the

control back into the user's hands. In this way a user gains consent as to what information

about them is disclosed to which sites and for what purpose. One of the other benefits of user-centric identity systems is that they can be loosely coupled relationships. The relying party does not necessarily need to have a pre-existing trust relationship with the identity provider (be it a managed identity provider or self-issued). This arrangement allows for a non-password-based account bootstrapping process, which is easier for both users and

relying parties.

Currently there are 3 standards available that supports this type of User Centric Identity Management (also supported by IBM’s Tivoli Federated Identity Manager):

Microsoft Windows Cardspace

Identity Selector (Eclipse Higgins Project) (The one used by IdeMIX)


If you look carefully at these 3 solutions, it seems that the Eclipse-based solution holds the best potential for an a multi-level open, future oriented standard. OpenID is a practical ID-solution, but does not offer the granularity and level of ID revealed that is characteristic for IdeMIX and the Eclipse solution.

One of the reasons for stating this is also that the eclipse solution has been used as a foundation to develop a new generation XML-based policy management solutions – XACML - eXtensiveAccess Control Markup Language which is ideal for developing and implementing privacy and security policies in existing applications without change.

This is typically a problem when you have large, complex database transaction systems, like health service solutions. Patients’ data are protected (HIPAA or similar compliance regulations) and must not be revealed unless consent has been obtained. This can then be combined with a multi-level user centric identity management model, so that consent from a patient (with highest level of identification proof) stating that ‘any doctor’ could be allowed access, or even make access granular, so that basic health information could be revealed to any person employed by the health sector.

This example illustrate that the whole idea of User Centric ID management first and foremost is to help the citizen obtain control of her own data – and make this control a practical and easy tool.

In Europe the Commission has begun preparation to renew and re-design the Data Privacy and Protection Directive from 94, which many now considers outdated. It is highly likely that a revision will further strengthen the need for user centricity, ownership and control over personal data.

Ingen kommentarer: