Title :
User-Centric Identity Management: New Trends in Standardization and Regulation
Author :
Bramhall, Pete ; Hansen, Marit ; Rannenberg, Kai ; Roessler, Thomas
Author_Institution :
Hewlett- Packard Labs., Palo Alto
Abstract :
In offering services to individuals, enterprises often deal with a lot of personal information, the improper handling of which creates security risks for both the enterprises and individuals concerned. Authentication procedures usually assume specific behavior on the part of individuals, and this perception becomes a critical part of an enterprise´s security mechanism. Identity management systems are touted as a solution, but even though users and enterprises are stakeholders in the broader conversation about identity management, their interests aren´t necessarily aligned: who´s in control, and whose interests will prevail in ease of conflict? The European Commission-funded Privacy and Identity Management tor Europe project (Prime: www.prime-projeet.eu) proposes a solution driven by the EU Privacy Directive (95/46/EC; http://ec.europa.eu/justice_home/fsj/privacy/law/), which puts the user in control wherever possible. This article focuses on that project and how it interacts with standardization initiatives and international organizations.
Keywords :
authorisation; data privacy; legislation; risk management; EU Privacy Directive; European Commission; Privacy and Identity Management tor Europe project; authentication; enterprise security; international organizations; personal information; regulation; security risk handling; standardization; user-centric identity management; Authentication; IEC; ISO; Identity management systems; Information security; Privacy; Project management; Standardization; Standards publication; Technology management; EU Privacy Directive; IdM; Prime; identity management; identity-management system; privacy; privacy-enhancing technologies;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2007.99
