Privacy Implications of User-Centric Identity Management Systems Plaza Suites 1 and 2, Riverbank Park Plaza Hotel
The ability of Internet users to manage identity
relationships with diverse organisations is a prerequisite to further
development of e-commerce and efficient delivery of government services
online. However a rising tide of information security threats, from
phishing and spoofing attacks on the user, to large scale breaches of
centralised repositories of identity information, suggests that new
approaches are needed which can empower the individual to take more
control of how their personal information is used online.
For a number of years there has been growing interest in industry and research
communities in the concept of "user-centric" identity management systems. The
EU PRIME research project has been exploring how advanced cryptographic
techniques can be holistically integrated to achieve practical and usable
improvements in privacy protection. Liberty Alliance has developed a set of
specifications for federated identity-based Web services. Microsoft has
proposed architectural principles ("7 Laws of Identity") to support convergence
towards an inter-operable, secure, and privacy-enhancing "Identity Metasystem".
What are the regulatory implications of user-centric models of identity and
what is the impact of such architectures on privacy?
This panel will explore these issues with contributions from major industry
players and independent experts, providing a technical perspective on some of
the policy issues raised. The session will be open to all attending the 28th
International Privacy Commissioner's conference.
Chair: (IIS Partners, and former Privacy Commissioner of