Copyright 2005 1 Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU

Slides:



Advertisements
Similar presentations
Copyright Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy UNSW and in Computer ANU.
Advertisements

1 Inducements–Call Blocking. Aware of the Service?
Copyright Roger Clarke Xamax Consultancy, Canberra Visiting Professor – Cyberspace Law & Policy UNSW and at the ANU and the Uni. of.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 2 Introduction to XHTML Programming the World Wide Web Fourth edition.
Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.
Copyright Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU
Copyright Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Uni. of Hong Kong, A.N.U. & U.N.S.W.
Copyright, Invitation to Research RESEARCH ETHICS Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, CSIS, Uni of Hong Kong Visiting.
Copyright Digital Privacy Roger Clarke, Xamax Consultancy, Canberra Board Member, Australian Privacy Foundation Visiting Professor, Unis. of.
Copyright, Issues from Internet Technologies 2 – Apps for Collaboration & Subversion Roger Clarke, Xamax Consultancy, Canberra Visiting Prof/Fellow,
Copyright, A Pilot Study of the Effectiveness of Privacy Policy Statements Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor,
Cost Management ACCOUNTING AND CONTROL
Chapter 7 System Models.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1: Introduction to MYOB Accounting Plus
Chapter 1 The Study of Body Function Image PowerPoint
Author: Graeme C. Simsion and Graham C. Witt Chapter 8 Organizing the Data Modeling Task.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
Document #07-2I RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Year 6 mental test 5 second questions
Year 6 mental test 10 second questions
Site Safety Plans PFN ME 35B.
1 Investments Sid Glandon, DBA, CPA Associate Professor of Accounting The University of Texas at El Paso.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
1 CIFTlab1.2 Software for Clinical Diagnostic Laboratories 1.
The Federal Reserve System Chapter 14 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Activity 1………….Why Do You Need A Bank? Activity 2………The Many Services of a Bank Activity 3…The ABCs of a Chequing Account Activity 4………Opening a Chequing.
EU market situation for eggs and poultry Management Committee 20 October 2011.
EU Market Situation for Eggs and Poultry Management Committee 21 June 2012.
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Demand for Audit and Assurance Services Chapter.
2 |SharePoint Saturday New York City
VOORBLAD.
Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Model and Relationships 6 M 1 M M M M M M M M M M M M M M M M
25 seconds left…...
H to shape fully developed personality to shape fully developed personality for successful application in life for successful.
Analyzing Genes and Genomes
Speak Up for Safety Dr. Susan Strauss Harassment & Bullying Consultant November 9, 2012.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Essential Cell Biology
Intracellular Compartments and Transport
PSSA Preparation.
Immunobiology: The Immune System in Health & Disease Sixth Edition
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder Fraud Auditing Chapter 11.
Essential Cell Biology
Immunobiology: The Immune System in Health & Disease Sixth Edition
Energy Generation in Mitochondria and Chlorplasts
Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Security in Banking Emmanuel van de Geer Senior Architect Governance, Risk,
User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa.
Chapter 9: Using Classes and Objects. Understanding Class Concepts Types of classes – Classes that are only application programs with a Main() method.
The Concepts of (Id)entity, Nymity and Authentication Roger Clarke, Xamax Consultancy, Canberra Visiting Professor/Fellow, Unis. of Hong Kong, U.N.S.W.,
Presentation transcript:

Copyright Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU {.html,.ppt} 7th Annual Privacy & Security Conference Victoria BC – 10 February 2006 (Id)entities Management and Nym Management for People not of People

Copyright (Id)entities

Copyright Names Codes Roles

Copyright

Copyright

Copyright Identities Management

Copyright User Access Security for a Single Application

Copyright Single-Organisation Single-SignOn (aka Silo'd) Identity Management

Copyright Multi-Organisation Single-SignOn Identity Management

Copyright Federated Identity Management

Copyright Identities Management for People not of People Did you ever pause to consider that the expression Identity Provider is Arrogant?

Copyright Countermeasures by Individuals Web-Forms can be filled with: pre-recorded data convenient data pseudo-random data false data Personal data can be automatically varied for each remote service, in order to detect data leakage, e.g. spelling-variants, numerical anagrams Personal data can be automatically varied for the same remote service on successive occasions (to pollute the data-store and confuse the userprofile) Users can exchange cookies, resulting in compound profiles rather than profiles that actually reflect an individual user's behaviour

Copyright Identity Management by a User-Selected Intermediary

Copyright User-Device Identity Management

Copyright User-Proxy Identity Management

Copyright The Multi-Mediated Super-Architecture

Copyright Nym Management

Copyright (Id)entities

Copyright Nyms

Copyright Nym One or more attributes of an Identity (represented in transactions and records as one or more data-items) sufficient to distinguish that Identity from other instances of its class but not sufficient to enable association with a specific Entity Pseudonym – association is not made, but possible Anonym – association is not possible

Copyright Some Mainstream Nymous Transactions Barter transactions Visits to Enquiry Counters in government agencies and shops Inspection of publications on library premises Telephone Enquiries Access to Public Documents by electronic means, at a kiosk or over the Internet Cash Transactions, incl. the myriad daily payments for inexpensive goods and services, gambling and road-tolls Voting in secret ballots Treatment at discreet clinics, particularly for sexually transmitted diseases

Copyright Some Important Applications of Nymity Epidemiological Research (HIV/AIDS) Financial Exchanges, including dealing in commodities, stocks, shares, derivatives, and foreign currencies Nominee Trading and Ownership Banking Secrecy, incl. Swiss / Austrian bank accounts Political Speech Artistic Speech Call Centres Counselling Phone-calls with CLI Internet Transactions 'Anonymous' r ers Chaumian eCash

Copyright Common Uses for Nymity Criminal purposes Dissent and sedition Scurrilous rumour- mongering To avoid being found by people who wish to inflict physical harm (e.g. ex- criminal associates, religious zealots, over- enthusiastic fans, obsessive stalkers) To protect the sources of journalists, and whistle- blowers To avoid unjustified exposure of personal data To keep data out of the hands of marketing organisations To prevent government agencies using irrelevant and outdated information

Copyright Nymality aka ('also-known-as'), alias, avatar, character, nickname, nom de guerre, nom de plume, manifestation, moniker, persona, personality, profile, pseudonym, pseudo-identifier, sobriquet, stage-name Cyberpace has adopted, and spawned more: account, alias, avatar, handle, nick, nickname, persona, personality

Copyright Effective Pseudonymity The Necessary Protections Legal Protections Organisational Protections Technical Protections Over-ridability of Protections BUT subject to conditions being satisified, esp. collusion among multiple parties legal authority

Copyright Privacy Enhancing Technologies (PETs) Counter-PITs Savage PETs Gentle PETs Pseudo-PETs

Copyright Savage PETs Deny identity Provide anonymity Genuinely anonymous ('Mixmaster') r ers, web-surfing tools, ePayment mechanisms Privacy Enhancing Technologies (PETs)

Copyright Gentle PETs Seek a balance between nymity and accountability through Protected Pseudonymity Privacy Enhancing Technologies (PETs)

Copyright Some Myths in the Authentication and Identity Management Arena That the only assertions that need to be authenticated are assertions of identity (fact, value, attribute, agency and location) That individuals only have one identity That identity and entity are the same thing That biometric identification: works is inevitable doesnt threaten freedoms will help much will help at all in counter-terrorism

Copyright Roger Clarke, Xamax Consultancy, Canberra Visiting Professor/Fellow, Unis. of Hong Kong, U.N.S.W., ANU {.html,.ppt} 7th Annual Privacy & Security Conference Victoria BC – 10 February 2006 (Id)entities Management and Nym Management for People not of People

Copyright

Copyright Anonymity vs. Pseudonymity Anonymity precludes association of data or a transaction with a particular person Pseudonymity creates barriers to association of data or a transaction with a particular person The barriers are Legal, Organisational and Technical The barriers can be over-ridden BUT conditions apply and are enforced, including: collusion among multiple parties sanctions and enforcement

Copyright Pseudonymous Transactions The Basic Principles Enable communications that do not require the client to identify themselves Conduct no authentication of identifiers leaving clients free to choose their identifier Protect the organisation against default or malperformance by the client (by ensuring that transaction risk is borne by the client)

Copyright Pseudonymous Transactions The Challenge of Continuity Needs for Continuity arise: within the context of a transaction (e.g. repairs under warranty) to associate successive transactions (e.g. loyalty discounts) Although the identifier is a pseudonym: Authentication is unaffected Customers are still Customers

Copyright Pseudonymous Transactions The Challenge of Payments Anonymous Payment Schemes work, e.g. DigiCash, but they have not achieved the breakthrough Schemes based on Credit-Cards dominate Identified credit-card tx undermine pseudonymity Alternatives: sponsor anonymous payments mechanisms separate payment aspects of transactions from the ordering and fulfilment aspects

Copyright Pseudonymous Transactions Potential Conflicts Customer Relationship Management 'Know Your Customer' Policies where organisations have become part of the national security machinery To perform their business functions effectively, organisations need to balance many interests, not simply succumb

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.