User-Centric Identity Management: New Trends in Standardization and Regulation

In offering services to individuals, enterprises often deal with a lot of personal information, the improper handling of which creates security risks for both the enterprises and individuals concerned. Authentication procedures usually assume specific behavior on the part of individuals, and this perception becomes a critical part of an enterprise´s security mechanism. Identity management systems are touted as a solution, but even though users and enterprises are stakeholders in the broader conversation about identity management, their interests aren´t necessarily aligned: who´s in control, and whose interests will prevail in ease of conflict? The European Commission-funded Privacy and Identity Management tor Europe project (Prime: www.prime-projeet.eu) proposes a solution driven by the EU Privacy Directive (95/46/EC; http://ec.europa.eu/justice_home/fsj/privacy/law/), which puts the user in control wherever possible. This article focuses on that project and how it interacts with standardization initiatives and international organizations.