SlideShare a Scribd company logo

Privacy in Business Processes by User-Centric Identity Management

S
Sven Wohlgemuth

This document summarizes a presentation on privacy in business processes through user-centric identity management. It discusses challenges with 1:n and 1:n:m relationships where personal data is disclosed to multiple services. Two approaches are described: single sign-on and anonymous credentials. Neither fully addresses issues like linkability, non-transferability of data, and misuse of credentials. The document then proposes an approach called DREISAM that uses anonymous credentials and proxy credentials to enable delegation of rights over personal data while preserving user privacy. It outlines the work of WP14 in studying privacy requirements for identity management and business processes.

1 of 21
Download to read offline
FIDIS Research Event 2006, Budapest Sven Wohlgemuth Albert-Ludwig University Freiburg, Germany Privacy in Business Processes by User-centric Identity Management
FIDIS - Future of Identity in the Information Society (No. 507512) 11.09.2006 2 Agenda I. Scenario: Personalized Services and Business Processes II. Example: Data Economy in Business Processes III. WP14: Areas of Work
FIDIS - Future of Identity in the Information Society (No. 507512) 11.09.2006 3 I. Personalized Services and 
 Business Processes Objectives of an attacker: • Tracing user • Misusing user‘s attributes I want a holiday trip, here are my attributes User Holiday trip Service 1 1:n To known service Challenge: Trust in Service 1? U wants a car, Here is what I know of U Car 1:n:m To unknown service(s)U = profile Service 2 user profiles
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 4 Survey for Germany (ECE IV)
 Most Important Barriers for Personalized Services 0 % 25 % 50 % 75 % 100 % 20,700 %20,700 %18,100 %15,800 %15,984 % 12,012 % 58,400 %56,700 % 47,700 %49,800 %46,753 % 44,344 % 20,900 %22,600 % 34,200 %34,400 %37,263 % 43,644 % high medium no Costly integration in processes Expected neg. reaction since privacy violation Doubts wrt. data protection laws Low customer acceptance Other legal doubts Pot. loss of reputation http://www.telematik.uni-freiburg.de/ece.php
FIDIS - Future of Identity in the Information Society (No. 507512) 5 Car? Driving licence? Privacy Attacks
 1:n Relationships Privacy: User is able to to determine on the disclosure and use of his own personal data. I want a holiday trip, here are my attributes User Holiday trip Service 1Service 1 1:n To known service U = profile 11.09.2006
FIDIS - Future of Identity in the Information Society (No. 507512) 5 Car? Driving licence? Threat: Misuse of personal data by services Driving
 licence Stella Freiburger
 Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Motorbike Claudia Freiburger Harley Davidson IP: 132.15.16.3 Car Stella Freibuger VW Beetle IP: 132.15.16.3 Privacy Attacks
 1:n Relationships Privacy: User is able to to determine on the disclosure and use of his own personal data. I want a holiday trip, here are my attributes User Holiday trip Service 1Service 1 1:n To known service U = profile 11.09.2006
Driving licence? Car? Car Car Stella Freiburger VW Beetle IP: 132.15.16.3 Driving
 licence Stella Freiburger Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Vacation trip? Privacy Attacks
 1:n:m Relationships I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2Service 2 user profiles
Driving licence? Informational self-determination? Driving
 Licence Stella Freibuger
 Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Holiday Stella Freiburger VW Beetle ... IP: 132.15.16.3 Car? Car Car Stella Freiburger VW Beetle IP: 132.15.16.3 Driving
 licence Stella Freiburger Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Vacation trip? Privacy Attacks
 1:n:m Relationships I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2Service 2 user profiles
FIDIS - Future of Identity in the Information Society (No. 507512) 7 II. Problem: Data Economy Identity management and multi-staged business processes □ Single Sign On: central or several CA
 (Microsoft .NET Passport or Liberty Alliance) □ Partial identities
 (Freiburg iManager) □ Anonymous credentials
 (IBM idemix) 11.09.2006
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 8 Case 1: Single Sign-On
 1:n:m Relationships 3: Authentification 1: Request for booking 1: Request for car 2: Redirection 4: Connect 5: Request for pers. data: driving licence 7: Allow / deny access 8: Booking confirmation 6: Pers. data: driving licence
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 8 Case 1: Single Sign-On
 1:n:m Relationships • Proxy needs secret token of user for authentication ➔ Linkability + Misuse • CA is in every authentication involved ➔ Linkability 3: Authentification 1: Request for booking 1: Request for car 2: Redirection 4: Connect 5: Request for pers. data: driving licence 7: Allow / deny access 8: Booking confirmation 6: Pers. data: driving licence
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 9 Stella 543ag I am Stella Dig. driving licence I am 543ag Booking confirmation • Non-Transferability Mechanismen:
 All credentials and pseudonyms are based on one secret key kMax Car for 543ag Car CA certifies personal data and issues anonymous credentials skStella Case 2: Anonymous Credentials
 1:n:m Relationships
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 9 Stella 543ag I am Stella Dig. driving licence I am 543ag Booking confirmation • Non-Transferability Mechanismen:
 All credentials and pseudonyms are based on one secret key kMax Car for 543ag Car • Proxy requires secret key kStella for showing credential ! Delegation of all credentials: misuse is possible ! Fraud: Revealing anonymity of the user kStella CA certifies personal data and issues anonymous credentials skStella Case 2: Anonymous Credentials
 1:n:m Relationships
Additional criteria for 1:n:m relationships: Delegation of rights on personal data • Integrity of an authorization • Delegation of „least privilege” • Preventing misuse of delegated authorizations • Restricting re-delegation of delegated authorizations • Revoking delegated authorizations • Distinguishing user and proxy Criteria for 1:n relationships: • Showing personal data depending on service • Non-linkability of transactions • Authentication without revealing identifying data • Non-repudiation of user‘s transactions • Revealing identity of cheating users Criteria for 1:n and 1:n:m Relationships
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 11 Idea: Authorization for purpose-based transfer of personal data as a credential
 (Proxy Credential) Unobservability by: – Anonymous credentials – Pseudonyms – CA signs Proxy Credential Purpose-based: – Logging of delegation and use by
 CA and end service Limit: – User cannot enforce restrictions
 of a delegated authorization – Observability if servíce needs
 identifying data of the user Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management, ETRICS 2006. DREISAM
 Unlinkable Delegation of Rights
(Mechanisms of PKI + anonymous credentials) • Integrity of an authorization • Delegation of „least privilege“ • Preventing misuse of delegated authorizations • Restricting re-delegation of delegated authorizations • Revoking delegated authorizations • Distinguishing user and proxy DREISAM: Evaluation Criteria for a self-determined disclosure of personal data: • Showing personal data depending on service • Non-linkabiltiy of transactions • Authentication without revealing identifying data • Non-repudiation of user‘s transactions • Revealing identity of cheating users (Partial identity) (Pseudonyms and anonymity service) (Zero-Knowledge Proof) (Protocol run of showing a credential) (De-anonymization party) (Anonymous credential + CA) (One-show anony. credential + Audit) (Audit) (Proxy Credential) (Protocol of showing a credential + CA)
Verifying Use of Personal Data:
 Certified Service □ Information flow: Verified sandbox at service provider □ Peer: Attestated service access points of sandbox □ Presumption: TPM and CA infrastructure service OS hardware service OS hardware Service ProviderUser service OS hardware service OS hardware Privacy CA SoftwareCA Hohl, A., Lowis, L., Zugenmaier, A.: Look who's talking - Authenticated Service Access Points. travel agency untrusted area trusted end device
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 14 III. WP 14: Areas of Work I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2 user profiles Identity management Identity management extended by protocols, TC, … D14.2: Study on privacy in business processes by identity management D14.3: Study on the suitability of trusted computing to support
 privacy policies in business processes Identification of privacy requirements for identity management relating to the use of disclosed personal data Objective:
FIDIS - Future of Identity in the Information Society (No. 507512) 15 • Non-Programmed Norms Safe harbor, regulations EU, self-determination politeness, respect • Programmed Norms P3P, EPAL, … • Privacy Tools - Distrust in partner - Control service‘s system
 behavior or knowledge about it - User-controlled only Approach of WP14 Privacy Principles Privacy Policy Privacy Tools Prevent misuse (Access Control) Identify misuse (Audit) Prevent profiling (Anonymity services) Minimize profiling (IMS) 11.09.2006
FIDIS - Future of Identity in the Information Society (No. 507512) 16 Workshop Agenda – Monday Session 1 14:15-16:15 14:15-14:45 Sven Wohlgemuth (ALU-FR): Privacy in Business Processes by User-centric Identity Management 14:45-15:15 Mireille Hildebrandt (VUB): The user-centric narrative of AmI: smart marketing or citizen empowerment? 15:15-15:45 Günter Karjoth (IBM): Achieving Transparency by Applying an Enterprise Privacy Architecture 15:45-16:15 Simone Fischer-Hübner (KU): The "Data Track" for increasing transparency for end users 16:15-16:30 Coffee Break Session 2 16:30-18:30 16:30-17:00 Ammar Alkassar (SIRRIX): Employing Trusted Computing for User-Friendly Business-Processes 17:00-17:30 Stefan Köpsell (TUD): Overview of Trusted Computing and possible Applications for Business Processes with Delegates 17:30-18:00 Richard Cissée (TUB): Privacy-preserving Information Filtering 18:00-18:30 Sven Wohlgemuth (ALU-FR): Further steps to D14.2, D14.3 and to 4th work plan 11.09.2006
FIDIS - Future of Identity in the Information Society (No. 507512) 17 Workshop Agenda – Tuesday Session 3 13:45-15:15 13:45-14:15 Martin Meints (ICPP): Compliance in Enterprises - how can Trends in IT-Security successfully be transfered to Data Protection? 14:15-14:45 Laurent Bussard (Microsoft): TBA 14:45-15:15 Pieter Ribbers (Tilburg University): Privacy and Business Processes: the approach in PRIME 11.09.2006

Recommended

Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
Sven Wohlgemuth
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
Ubisecure
 
Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User Group
Joel Rader, CISSP
 
Nursecoin technology platform overview
Nursecoin technology platform overviewNursecoin technology platform overview
Nursecoin technology platform overview
Cyrus Maaghul
 
Identity Trust Framework Survey
Identity Trust Framework SurveyIdentity Trust Framework Survey
Identity Trust Framework Survey
adremllc
 
Velociter Case Studeis (Smart Card Project)
Velociter Case Studeis (Smart Card Project)Velociter Case Studeis (Smart Card Project)
Velociter Case Studeis (Smart Card Project)
prathikb
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
Ubisecure
 
Bin list tool
Bin list toolBin list tool
Bin list tool
albinamuro2
 

Recommended

Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
Sven Wohlgemuth
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
Ubisecure
 
Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User Group
Joel Rader, CISSP
 
Nursecoin technology platform overview
Nursecoin technology platform overviewNursecoin technology platform overview
Nursecoin technology platform overview
Cyrus Maaghul
 
Identity Trust Framework Survey
Identity Trust Framework SurveyIdentity Trust Framework Survey
Identity Trust Framework Survey
adremllc
 
Velociter Case Studeis (Smart Card Project)
Velociter Case Studeis (Smart Card Project)Velociter Case Studeis (Smart Card Project)
Velociter Case Studeis (Smart Card Project)
prathikb
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
Ubisecure
 
Bin list tool
Bin list toolBin list tool
Bin list tool
albinamuro2
 
Brazil3- Forbes
Brazil3- ForbesBrazil3- Forbes
Brazil3- Forbes
FLORENCE LILTI
 
Research paper UAVs2012
Research paper UAVs2012Research paper UAVs2012
Research paper UAVs2012
Jan Miller
 
Создание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной средыСоздание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной среды
Taisiya Mukii
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
Sven Wohlgemuth
 
Грипп и пневмония
Грипп и пневмонияГрипп и пневмония
Грипп и пневмония
sk1ll
 
karpets2015
karpets2015karpets2015
karpets2015
Andrei Vainer
 
Conditional 0 and 1
Conditional 0 and 1Conditional 0 and 1
Conditional 0 and 1
juan pablo vinchery
 
2 Recommendation letters
2 Recommendation letters2 Recommendation letters
2 Recommendation lettersVan Anh Nguyen Ngoc
 
THESIS 2013 copy
THESIS 2013 copyTHESIS 2013 copy
THESIS 2013 copy
Van Anh Nguyen Ngoc
 
BS ABM 2014
BS ABM 2014BS ABM 2014
BS ABM 2014
Andrei Vainer
 
معلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايهمعلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايه
hakmhamdy
 
2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog
Robert J Rodrick Jr.
 
Modern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and TreatmentModern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and Treatment
tabirsir
 
Cartel educativo
Cartel educativoCartel educativo
Cartel educativo
Sathya Casasola
 
Aquasomes
AquasomesAquasomes
Aquasomes
Sagar Savale
 
Nano carriers in cancer treatment
Nano carriers in cancer treatment Nano carriers in cancer treatment
Nano carriers in cancer treatment
venkatesh swamy
 
Drug delivery via nanocapsules
Drug delivery via nanocapsules Drug delivery via nanocapsules
Drug delivery via nanocapsules
tabirsir
 
Smart sms
Smart sms Smart sms
Smart sms
Mohamed Ali Salem ,MBA,PMP,Scrum
 
Sovereign identity
Sovereign identitySovereign identity
Sovereign identity
I am currently looking for a good job with a great company!
 
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
gueste4e93e3
 
UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015
Jerry Fishenden
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 

More Related Content

Viewers also liked

Brazil3- Forbes
Brazil3- ForbesBrazil3- Forbes
Brazil3- Forbes
FLORENCE LILTI
 
Research paper UAVs2012
Research paper UAVs2012Research paper UAVs2012
Research paper UAVs2012
Jan Miller
 
Создание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной средыСоздание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной среды
Taisiya Mukii
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
Sven Wohlgemuth
 
Грипп и пневмония
Грипп и пневмонияГрипп и пневмония
Грипп и пневмония
sk1ll
 
karpets2015
karpets2015karpets2015
karpets2015
Andrei Vainer
 
Conditional 0 and 1
Conditional 0 and 1Conditional 0 and 1
Conditional 0 and 1
juan pablo vinchery
 
THESIS 2013 copy
THESIS 2013 copyTHESIS 2013 copy
THESIS 2013 copy
Van Anh Nguyen Ngoc
 
BS ABM 2014
BS ABM 2014BS ABM 2014
BS ABM 2014
Andrei Vainer
 
معلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايهمعلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايه
hakmhamdy
 
2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog
Robert J Rodrick Jr.
 
Modern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and TreatmentModern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and Treatment
tabirsir
 
Cartel educativo
Cartel educativoCartel educativo
Cartel educativo
Sathya Casasola
 
Aquasomes
AquasomesAquasomes
Aquasomes
Sagar Savale
 
Nano carriers in cancer treatment
Nano carriers in cancer treatment Nano carriers in cancer treatment
Nano carriers in cancer treatment
venkatesh swamy
 
Drug delivery via nanocapsules
Drug delivery via nanocapsules Drug delivery via nanocapsules
Drug delivery via nanocapsules
tabirsir
 

Viewers also liked (17)

Brazil3- Forbes
Brazil3- ForbesBrazil3- Forbes
Brazil3- Forbes
 
Research paper UAVs2012
Research paper UAVs2012Research paper UAVs2012
Research paper UAVs2012
 
Создание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной средыСоздание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной среды
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
 
Грипп и пневмония
Грипп и пневмонияГрипп и пневмония
Грипп и пневмония
 
karpets2015
karpets2015karpets2015
karpets2015
 
Conditional 0 and 1
Conditional 0 and 1Conditional 0 and 1
Conditional 0 and 1
 
2 Recommendation letters
2 Recommendation letters2 Recommendation letters
2 Recommendation letters
 
THESIS 2013 copy
THESIS 2013 copyTHESIS 2013 copy
THESIS 2013 copy
 
BS ABM 2014
BS ABM 2014BS ABM 2014
BS ABM 2014
 
معلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايهمعلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايه
 
2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog
 
Modern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and TreatmentModern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and Treatment
 
Cartel educativo
Cartel educativoCartel educativo
Cartel educativo
 
Aquasomes
AquasomesAquasomes
Aquasomes
 
Nano carriers in cancer treatment
Nano carriers in cancer treatment Nano carriers in cancer treatment
Nano carriers in cancer treatment
 
Drug delivery via nanocapsules
Drug delivery via nanocapsules Drug delivery via nanocapsules
Drug delivery via nanocapsules
 

Similar to Privacy in Business Processes by User-Centric Identity Management

Smart sms
Smart sms Smart sms
Smart sms
Mohamed Ali Salem ,MBA,PMP,Scrum
 
Sovereign identity
Sovereign identitySovereign identity
Sovereign identity
I am currently looking for a good job with a great company!
 
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
gueste4e93e3
 
UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015
Jerry Fishenden
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
XEventsHospitality
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
WAFAA AL SALMAN
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
FIDO Alliance
 
X-Road as a Platform to Exchange MyData
X-Road as a Platform to Exchange MyDataX-Road as a Platform to Exchange MyData
X-Road as a Platform to Exchange MyData
Petteri Kivimäki
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Mike Schwartz
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
Lisa Olive
 
180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2
Sitra the Finnish Innovation Fund
 
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENTBUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
ForgeRock
 
Chapter 2.ppt
Chapter 2.pptChapter 2.ppt
Chapter 2.ppt
OMDINA1
 
Trondheim20070508_OECDf
Trondheim20070508_OECDfTrondheim20070508_OECDf
Trondheim20070508_OECDf
fnfzone
 
apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...
apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...
apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...
apidays
 
IIW-11 Pseudonyms for Privacy
IIW-11 Pseudonyms for PrivacyIIW-11 Pseudonyms for Privacy
IIW-11 Pseudonyms for Privacy
JayUnger
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock
 
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License PresentantionOpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
MikeLeszcz
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
Avirot Mitamura
 
IDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things LandscapeIDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things Landscape
kantarainitiative
 

Similar to Privacy in Business Processes by User-Centric Identity Management (20)

Smart sms
Smart sms Smart sms
Smart sms
 
Sovereign identity
Sovereign identitySovereign identity
Sovereign identity
 
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
 
UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 
X-Road as a Platform to Exchange MyData
X-Road as a Platform to Exchange MyDataX-Road as a Platform to Exchange MyData
X-Road as a Platform to Exchange MyData
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2
 
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENTBUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
 
Chapter 2.ppt
Chapter 2.pptChapter 2.ppt
Chapter 2.ppt
 
Trondheim20070508_OECDf
Trondheim20070508_OECDfTrondheim20070508_OECDf
Trondheim20070508_OECDf
 
apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...
apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...
apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...
 
IIW-11 Pseudonyms for Privacy
IIW-11 Pseudonyms for PrivacyIIW-11 Pseudonyms for Privacy
IIW-11 Pseudonyms for Privacy
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License PresentantionOpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
IDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things LandscapeIDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things Landscape
 

More from Sven Wohlgemuth

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
Sven Wohlgemuth
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with Blockchain
Sven Wohlgemuth
 
Secure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSecure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with Blockchains
Sven Wohlgemuth
 
個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)
Sven Wohlgemuth
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Sven Wohlgemuth
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process Mining
Sven Wohlgemuth
 
EN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieEN 6.3: 4 Kryptographie
EN 6.3: 4 Kryptographie
Sven Wohlgemuth
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 Sicherheitsmodelle
Sven Wohlgemuth
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
Sven Wohlgemuth
 
Privacy in e-Health
Privacy in e-HealthPrivacy in e-Health
Privacy in e-Health
Sven Wohlgemuth
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
Sven Wohlgemuth
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
Sven Wohlgemuth
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal Information
Sven Wohlgemuth
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009
Sven Wohlgemuth
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in Dienstenetzen
Sven Wohlgemuth
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity Management
Sven Wohlgemuth
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Sven Wohlgemuth
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable Security
Sven Wohlgemuth
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten Welt
Sven Wohlgemuth
 
Solutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySolutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and Usability
Sven Wohlgemuth
 

More from Sven Wohlgemuth (20)

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with Blockchain
 
Secure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSecure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with Blockchains
 
個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process Mining
 
EN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieEN 6.3: 4 Kryptographie
EN 6.3: 4 Kryptographie
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 Sicherheitsmodelle
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
 
Privacy in e-Health
Privacy in e-HealthPrivacy in e-Health
Privacy in e-Health
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal Information
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in Dienstenetzen
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity Management
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable Security
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten Welt
 
Solutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySolutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and Usability
 

Recently uploaded

Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
saathvikreddy2003
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 

Recently uploaded (19)

Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 

Privacy in Business Processes by User-Centric Identity Management

  • 1. FIDIS Research Event 2006, Budapest Sven Wohlgemuth Albert-Ludwig University Freiburg, Germany Privacy in Business Processes by User-centric Identity Management
  • 2. FIDIS - Future of Identity in the Information Society (No. 507512) 11.09.2006 2 Agenda I. Scenario: Personalized Services and Business Processes II. Example: Data Economy in Business Processes III. WP14: Areas of Work
  • 3. FIDIS - Future of Identity in the Information Society (No. 507512) 11.09.2006 3 I. Personalized Services and 
 Business Processes Objectives of an attacker: • Tracing user • Misusing user‘s attributes I want a holiday trip, here are my attributes User Holiday trip Service 1 1:n To known service Challenge: Trust in Service 1? U wants a car, Here is what I know of U Car 1:n:m To unknown service(s)U = profile Service 2 user profiles
  • 4. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 4 Survey for Germany (ECE IV)
 Most Important Barriers for Personalized Services 0 % 25 % 50 % 75 % 100 % 20,700 %20,700 %18,100 %15,800 %15,984 % 12,012 % 58,400 %56,700 % 47,700 %49,800 %46,753 % 44,344 % 20,900 %22,600 % 34,200 %34,400 %37,263 % 43,644 % high medium no Costly integration in processes Expected neg. reaction since privacy violation Doubts wrt. data protection laws Low customer acceptance Other legal doubts Pot. loss of reputation http://www.telematik.uni-freiburg.de/ece.php
  • 5. FIDIS - Future of Identity in the Information Society (No. 507512) 5 Car? Driving licence? Privacy Attacks
 1:n Relationships Privacy: User is able to to determine on the disclosure and use of his own personal data. I want a holiday trip, here are my attributes User Holiday trip Service 1Service 1 1:n To known service U = profile 11.09.2006
  • 6. FIDIS - Future of Identity in the Information Society (No. 507512) 5 Car? Driving licence? Threat: Misuse of personal data by services Driving
 licence Stella Freiburger
 Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Motorbike Claudia Freiburger Harley Davidson IP: 132.15.16.3 Car Stella Freibuger VW Beetle IP: 132.15.16.3 Privacy Attacks
 1:n Relationships Privacy: User is able to to determine on the disclosure and use of his own personal data. I want a holiday trip, here are my attributes User Holiday trip Service 1Service 1 1:n To known service U = profile 11.09.2006
  • 7. Driving licence? Car? Car Car Stella Freiburger VW Beetle IP: 132.15.16.3 Driving
 licence Stella Freiburger Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Vacation trip? Privacy Attacks
 1:n:m Relationships I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2Service 2 user profiles
  • 8. Driving licence? Informational self-determination? Driving
 Licence Stella Freibuger
 Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Holiday Stella Freiburger VW Beetle ... IP: 132.15.16.3 Car? Car Car Stella Freiburger VW Beetle IP: 132.15.16.3 Driving
 licence Stella Freiburger Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Vacation trip? Privacy Attacks
 1:n:m Relationships I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2Service 2 user profiles
  • 9. FIDIS - Future of Identity in the Information Society (No. 507512) 7 II. Problem: Data Economy Identity management and multi-staged business processes □ Single Sign On: central or several CA
 (Microsoft .NET Passport or Liberty Alliance) □ Partial identities
 (Freiburg iManager) □ Anonymous credentials
 (IBM idemix) 11.09.2006
  • 10. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 8 Case 1: Single Sign-On
 1:n:m Relationships 3: Authentification 1: Request for booking 1: Request for car 2: Redirection 4: Connect 5: Request for pers. data: driving licence 7: Allow / deny access 8: Booking confirmation 6: Pers. data: driving licence
  • 11. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 8 Case 1: Single Sign-On
 1:n:m Relationships • Proxy needs secret token of user for authentication ➔ Linkability + Misuse • CA is in every authentication involved ➔ Linkability 3: Authentification 1: Request for booking 1: Request for car 2: Redirection 4: Connect 5: Request for pers. data: driving licence 7: Allow / deny access 8: Booking confirmation 6: Pers. data: driving licence
  • 12. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 9 Stella 543ag I am Stella Dig. driving licence I am 543ag Booking confirmation • Non-Transferability Mechanismen:
 All credentials and pseudonyms are based on one secret key kMax Car for 543ag Car CA certifies personal data and issues anonymous credentials skStella Case 2: Anonymous Credentials
 1:n:m Relationships
  • 13. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 9 Stella 543ag I am Stella Dig. driving licence I am 543ag Booking confirmation • Non-Transferability Mechanismen:
 All credentials and pseudonyms are based on one secret key kMax Car for 543ag Car • Proxy requires secret key kStella for showing credential ! Delegation of all credentials: misuse is possible ! Fraud: Revealing anonymity of the user kStella CA certifies personal data and issues anonymous credentials skStella Case 2: Anonymous Credentials
 1:n:m Relationships
  • 14. Additional criteria for 1:n:m relationships: Delegation of rights on personal data • Integrity of an authorization • Delegation of „least privilege” • Preventing misuse of delegated authorizations • Restricting re-delegation of delegated authorizations • Revoking delegated authorizations • Distinguishing user and proxy Criteria for 1:n relationships: • Showing personal data depending on service • Non-linkability of transactions • Authentication without revealing identifying data • Non-repudiation of user‘s transactions • Revealing identity of cheating users Criteria for 1:n and 1:n:m Relationships
  • 15. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 11 Idea: Authorization for purpose-based transfer of personal data as a credential
 (Proxy Credential) Unobservability by: – Anonymous credentials – Pseudonyms – CA signs Proxy Credential Purpose-based: – Logging of delegation and use by
 CA and end service Limit: – User cannot enforce restrictions
 of a delegated authorization – Observability if servíce needs
 identifying data of the user Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management, ETRICS 2006. DREISAM
 Unlinkable Delegation of Rights
  • 16. (Mechanisms of PKI + anonymous credentials) • Integrity of an authorization • Delegation of „least privilege“ • Preventing misuse of delegated authorizations • Restricting re-delegation of delegated authorizations • Revoking delegated authorizations • Distinguishing user and proxy DREISAM: Evaluation Criteria for a self-determined disclosure of personal data: • Showing personal data depending on service • Non-linkabiltiy of transactions • Authentication without revealing identifying data • Non-repudiation of user‘s transactions • Revealing identity of cheating users (Partial identity) (Pseudonyms and anonymity service) (Zero-Knowledge Proof) (Protocol run of showing a credential) (De-anonymization party) (Anonymous credential + CA) (One-show anony. credential + Audit) (Audit) (Proxy Credential) (Protocol of showing a credential + CA)
  • 17. Verifying Use of Personal Data:
 Certified Service □ Information flow: Verified sandbox at service provider □ Peer: Attestated service access points of sandbox □ Presumption: TPM and CA infrastructure service OS hardware service OS hardware Service ProviderUser service OS hardware service OS hardware Privacy CA SoftwareCA Hohl, A., Lowis, L., Zugenmaier, A.: Look who's talking - Authenticated Service Access Points. travel agency untrusted area trusted end device
  • 18. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 14 III. WP 14: Areas of Work I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2 user profiles Identity management Identity management extended by protocols, TC, … D14.2: Study on privacy in business processes by identity management D14.3: Study on the suitability of trusted computing to support
 privacy policies in business processes Identification of privacy requirements for identity management relating to the use of disclosed personal data Objective:
  • 19. FIDIS - Future of Identity in the Information Society (No. 507512) 15 • Non-Programmed Norms Safe harbor, regulations EU, self-determination politeness, respect • Programmed Norms P3P, EPAL, … • Privacy Tools - Distrust in partner - Control service‘s system
 behavior or knowledge about it - User-controlled only Approach of WP14 Privacy Principles Privacy Policy Privacy Tools Prevent misuse (Access Control) Identify misuse (Audit) Prevent profiling (Anonymity services) Minimize profiling (IMS) 11.09.2006
  • 20. FIDIS - Future of Identity in the Information Society (No. 507512) 16 Workshop Agenda – Monday Session 1 14:15-16:15 14:15-14:45 Sven Wohlgemuth (ALU-FR): Privacy in Business Processes by User-centric Identity Management 14:45-15:15 Mireille Hildebrandt (VUB): The user-centric narrative of AmI: smart marketing or citizen empowerment? 15:15-15:45 Günter Karjoth (IBM): Achieving Transparency by Applying an Enterprise Privacy Architecture 15:45-16:15 Simone Fischer-Hübner (KU): The "Data Track" for increasing transparency for end users 16:15-16:30 Coffee Break Session 2 16:30-18:30 16:30-17:00 Ammar Alkassar (SIRRIX): Employing Trusted Computing for User-Friendly Business-Processes 17:00-17:30 Stefan Köpsell (TUD): Overview of Trusted Computing and possible Applications for Business Processes with Delegates 17:30-18:00 Richard Cissée (TUB): Privacy-preserving Information Filtering 18:00-18:30 Sven Wohlgemuth (ALU-FR): Further steps to D14.2, D14.3 and to 4th work plan 11.09.2006
  • 21. FIDIS - Future of Identity in the Information Society (No. 507512) 17 Workshop Agenda – Tuesday Session 3 13:45-15:15 13:45-14:15 Martin Meints (ICPP): Compliance in Enterprises - how can Trends in IT-Security successfully be transfered to Data Protection? 14:15-14:45 Laurent Bussard (Microsoft): TBA 14:45-15:15 Pieter Ribbers (Tilburg University): Privacy and Business Processes: the approach in PRIME 11.09.2006