The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.

Slides:

Advertisements

Similar presentations

KC-ROLO Project Kidderminster College Repository Of Learning Objects Graham Mason & Ed Beddows.

Advertisements

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

Stephen Upton – 2 June 2005EURIM Personal Identity Working Group Secure identity – a personal view Stephen Upton Office: Mobile:

EURIM Personal Identity Group Data Sharing Model for Public Services 13 th January 2005 Jim Lound © Experian Ltd 2005.

1 The Challenges of Creating an Identity Management Infrastructure for the University of California David Walker Karl Heins Office of the President University.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Ms Joyce Tam, Principal Assistant Secretary for Information Technology and Broadcasting Presentation on Multi-application Smart ID Card to the Information.

Campus Based Authentication & The Project Presented By: Tim Cameron National Council of Higher Education Loan Programs.

Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Department of Labor HSPD-12

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

GRANT MANAGEMENT SEMINAR

Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.

Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.

Outsourcing Policy & Procedures An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Aligning Health Information Standards Development with the National eHealth Agenda HEALTH INFORMATION MANAGEMENT ASSOCIATION OF AUSTRALIA LIMITED 26 September.

Federating Identity Management in the Government of Canada Identity North Conference November 20 th 2012 Presented by: Rita Whittle Senior Director, Cyber.

Republic of Sudan Ministry of Telecoms & Information Technology National Committee for Digital Certification ELECTRONIC ID IN ONLINE ADMISSION FOR UNIVERSITIES.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Non-immigration Applications for Incorporation into the Smart ID Card Information Technology and Broadcasting Bureau 20 December 2001.

Directories and PKI Keith Hazelton Senior IT Architect, UW-Madison PKI Summit, Snowmass, 9-Aug-01.

E-Business and E-Commerce

Service Organization Control (SOC) Reporting Options and Information

Becoming A Customer SICOR Securities, Inc.. How? In order to establish the client (customer) relationship between yourself, as a registered representative.

BUSINESS SEGMENTAUDIENCEDATE AUSTRALIAN TAXATION OFFICE - UPDATE Australian Taxation Office Update OASIS TaxXML Technical Committee September.

Internet Security for Small & Medium Business Week 6

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.

Payment Gateways for e-Government services 24 May 2007

Challenges to a Canadian Identity Policy: Learning from International Experiences Krista Boa, Andrew Clement & Gus Hosein Identity Project - Canada 7th.

Elements of Trust Framework for Cyber Identity & Access Services CYBER TRUST FRAMEWORK Service Agreement Trust Framework Provider Identity Providers Credential.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Garry Compton Manager Government Authentication ANTA Workshop 05/08/03 Canberra, Australia An update on Commonwealth Authentication.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

Financial Services Privacy - the interaction of the privacy and financial services regulatory systems Chris Connolly Financial Services Consumer Policy.

Privacy Impact Assessments Iain Bourne, Group Manager, Policy Delivery Information Commissioner’s Office, UK Workshop on data protection and the internet:

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

Identity in the Virtual World: Creating Virtual Certainty David L. Wasley Information Resources & Communications UC Office of the President.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

Higher Education PKI Summit Meeting August 8, 2001 The ABA PAG Rodney J. Petersen, J.D. Director, Policy and Planning Office of Information Technology.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information.

New Developments in Access Management: Setting the Scene Alan Robiette JISC Development Group JISC-CNI Conference, June 2002.

Session 52-1 Session 52 E-Signature: Implications of the E-SIGN Legislation for Student Aid 1.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

E-Authentication & Authorization Presentation to the EA2 Task Force March 6, 2007.

2003 © SWITCH Authentication and Authorisation Infrastructure - AAI Christoph Graf Project Leader AAI SWITCH.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health

ESign Aashutosh.

Authentication.

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

U.S. Federal e-Authentication Initiative

European Citizens’ Initiative, Commission regulation proposal Focus on IT aspects Jérôme Stefanini DIGIT.B.2 05/06/2018.

E-Lock ProSigner ProSigner means “Professional Signer” signifying the software that can apply legally enforceable Advanced electronic signatures to electronic.

Mary Montoya, CIO Bogi Malecki, Project Manager

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Appropriate Access InCommon Identity Assurance Profiles

Colorado “Protections For Consumer Data Privacy” Law

Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8

Presentation transcript:

The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South Wales Chris Connolly Galexia Consulting

Overview What is distributed identity? Case study – Reach Case study - Liberty Privacy issues and privacy management

Distributed identity “Distributed identity is any identity management system which acts as an alternative to a national ID regime or the consolidation of government or sectoral data sets.” Examples: »Standards »Federated identity »Identity broking »Gateway services Claimed benefits: »Security – ID fraud/theft and unauthorsied access »Convenience – single sign on or federated sign on »Validation – signing of key documents (eg qualifications) »Privacy? – setting privacy profiles, attribute broking and pseudonymity

Case study - Reach Reach is the Irish model for a single access system for related services (initially public sector) Users are given discretion over disclosure of personal information (via a Public Services Broker) to individual or multiple agencies The Public Services Broker is a trusted third party and maintains audit logs of access etc. Reach operates through the use of a smart card carrying a Personal Public Service Number (PPSN) protected by a PIN

Case study - Liberty Liberty is a global standard for federated identity – personal information remains in the hands of the original collector and is shared amongst providers who comply with the standard Data does not have to be consolidated into a single database Additional Liberty services include: »Affiliation – the ability to federate with a particular group of affiliated sites »Anonymity – the ability to supply certain attributes without disclosing user identities Potential for use in discrete ‘communities’: »Financial services »Education »Health »Online government

‘Whole of Sector’ identity management Australian initiatives: Education »Unique client identifier »Higher Education Identity Management System »Skills Passport Health »Electronic health identifier Government »State based digital certificate developments »National electronic authentication developments »Ellison proposals

Privacy management Design »Privacy Impact Assessments –Help to determine best options –Can also assist in design choices within each selected option –Must include consideration of rejecting the entire initiative Implementation »Privacy Management Strategies –Allocate tasks, responsibilities and timelines Ongoing »Privacy oversight, audits and review