FIDIS IST-2006
Business Models and Identity
Date: 23/11/2006 (9.00-10.30) ÔÇö Room: Room 204
Enterprises and governmental agencies process personal data of their clients for, e.g., personalised services and to get access to services as a proxy for them. By the directives 95/46/EC & 2002/58/EC, the EC has defined data protection and security principles in order to regulate the processing of personal data. User centric identity management (IdM) empowers clients in controlling the disclosure of their personal data to organisations. For information chains as found in multi-staged processes IdM may lead to a big-brother phenomenon. Clients have to trust organisations that they process personal data according to their privacy and security policies, along the chain of participating parties. This workshop aims at these challenges and discusses first approaches for privacy enhancing technologies (PET) & trusted computing (TC) and their use in current and future business & governmental process models. The workshop itself will be jointly organised by the FIDIS, OpenTC, and PRIME project.
Web site: http://www.fidis.net
Coordinator: Denis ROYER
Resources
- Prelimary work: Security and Privacy in Future Business Services (15 Kb)
- Privacy with Delegation of Rights by Identity Management (670 Kb)
Spotlights
Comments
36 Comments:
User-Controlled Identity Management
Give input from the user's perspective, in particular on user-controlled identity management
Project Manager
I am interested in collaboration to advance the state of the art in privacy-enhancing identity management technologies across the spectrum of trust models (from weak trust to strong trust) and to create better understandings of the economic and social aspects that will determine their popular acceptability and business viability.
Multilateral Secure ID-Management for Ambient-aware Mobile Services
Representing the research department 'Secure Mobile Systems' at Fraunhofer SIT I am specifically interested in developing multilateral secure platforms for service delivery and identity management in the context of future ambient intelligence.
From my point of view it is most important to concern implications to security and privacy at the very beginning. Therfore, concepts of multilateral security and security by design have to be introduced to those platforms in order to gain sustainable user acceptance and business success.
EU Projects Coordinator
Creating an "Information Society for All" requires that the internet become a "safer place" ÔÇô for business, for privacy and for protection of vulnerable users. What technical means under development have a realistic chance of providing more "safety"? Can this technology guarantee "safety" or are the requirements so heavy that practical solutions will not be available any time soon? Or can technology never be the whole answer because this is really a socio-technical problem which requires complementary socio-legal solutions? What are the potential contributions of mandatory technical controls, legal measures and self-regulation?
Coordinator OpenTC (Open Trusted Computing IP)
Plan to attend and will be available for questions
User trust and empowerment
User trust and empowerment (in terms of control of their data) are areas that must be addressed thoroughly when talking about identity and business models for systems. This session will be a valuable forum for discussing these topics. Please visit www.securitytaskforce.eu and read more about these important topics and provide input to the consultation forum, which is running at present.
Project Manager
Having co-edited a FIDIS-study on identity management systems (IMS) presenting a first analysis of markets for different types of IMS I can contribute existing problems (gaps) and potential elements for successful integration especially of user control in identity management in business models. The contribution takes the results of current research in the area of technology acceptance models (success factors for technology acceptance by users) into account.
Privacy in multi-stage business processes by identity management
Plan to attend and would like to present the problem for privacy by identity management in multi-stage business processes with the corresponding further research issues
Identity issues, use cases and business dimension
I am interested to know about use cases of identity related issue, as well as of the Business dimension of Identity Management. I am a participant of the FIDIS NoE, and involved in the better understanding of the Identity Concepts and implications.
Mobile Aspects of Business Models and Identity
With Mobile Phones and SIM cards being prbably the most "popular" pieces of IT the aspect of Mobile Identities is of major importance.
Partner in OpenTC
Interested to learn comments on the OpenTC-project
Privacy through user-controlled access to identity data
Protecting the privacy of users is a challenging problem for identity management systems. An identity management system can only achieve that if it gives users complete control over their identity data. However, none of the existing solutions offers this possibility.
Head of VIP - Virtual Identity and Privacy - www.vip.ch
As a member of the FIDIS consortium, I am particulary interested in business models in relation with identities. For example, how to incorporate in the business models shared identities (pseudonyms or virtual identities shared by several subjects).
Forensic Science
This workshop is indeed interesting and as (former) WP-leader of the forensic implication part of the FIDIS workpackage of forensic implications, the link with evidence extracted from these systems should also be handled.
Professor at Karlstad University, Computer Science Department
I am interested in the discussion of application scenarios for user-centric IDM including economic drivers for them.
OpenTC Member
Interested in DRM & Privacy (anonymity).
Important Topic
Needs to be intensified. Will be interested in getting additional input by others.
Automated security testing in OpenTC
Partner in OpenTC. Introduction of the Flinder test tool, experiences within OpenTC project.
-
Member of OPENTC.
Workpackageleader
Interested to learn comments on the OpenTC-project
User-centric Trusted Computing
As Johathan Poritz emphasised during the last ACM SAC TRECK track ( http://www.trustcomp.org/treck/ ), trusted computing should be use to know the user's security state and not what the user is running. I hope that OpenTC will allow us to move towards a user-centric trusted computing. I plan to attend this workshop.
Privacy Friendly IDM for eGovernment
eGovernment heavily relies on the reuse and exchange of personal data. IDM is thereby a crucial component, for example to make sure that only authorized users get access to the protected data resources.
Appropriate business models need to be investigated to know what drives governments to incorporate privacy and data protection requirements in their IDM architecture, to a greater or lesser extent.
Expression of interest.
Plan to attend.
Participation
I plan to attend this session.
OpenTC partner
interested in collecting external comments about OpenTC
User-centric and interoperable eID
R&D activities within my organization concentrate among others on user-centric, interoperable and technologically neutral eID. Therefore I am interested in a discussion with representatives of running European projects in the field of IdM with respect to the current status in IdM solutions, their interoperability and privacy and security policies.
Interest in User Unique Local Identification, Characterization and Authorization
In a global, open and merged meshup of data, applications, devices and nets we believe that the solution is an UNIQUE and LOCAL file. Nowadays seems the most feasible and convenient is that the users manage this ULICA file and define the access through Internet.
We would be very pleased to discover the SoA and discuss and explore the future trends.
Director, European Programmes
My company is involved in the field of ID management
Ms
plan to attend
Model-Based Characterization of Situation-Based Access Control of Patient Data
Protecting the privacy of health information is an important issue that has gained tremendous significance with the advance of Electronic Health Records (EHRs). However, EHRs ease access to data that can be considered as sensitive and need to be protected. To support data protection, EHRs systems adopt the ÔÇ£need-to-knowÔÇØ principle that allows data revealing only if it is relevant and necessary to the encounter between the caregiver (data-requestor) and the patient. This principle can be carried out via Role-Based Access Control model, where the roles of the data-requestors and the requested data-items are defined. However, we found scenarios of health data disclosure that include characteristics that cannot be expressed by this model (e.g., the relationship between the patient and the secretary of the hospital-unit where the patient is hospitalized). Our goal is to develop a more complete model. In the presentation I will introduce our model-based approach to access control via situation recognition.
S21Sec R&D Projects
Extention of the capacity managemtn to the Identity Management infrastructure. Interoperability
Interest in the session
I'm very interested to participate
Interest
Can not attend but will appreciate to get some feedback.
Cross-border Identity Services
This is a very interesting opportunities to discuss the participating projects' experience in constraints on the provision of interoperable identity services across borders, such as those provided by the architecture of the GUIDE project. This is an area only lightly touched upon by the GUIDE project so it should be interesting to see what other experiences have been
I will attend
Expression of interest
While security and identity information are important topics on their own, one really should consider them from the point of view of business models as well as they pretty much define their applicability and acceptance (and not f