This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Privacy and Identity Management
March/April 2008 (vol. 6 no. 2)
pp. 38-45
Marit Hansen, Independent Centre for Privacy Protection
Ari Schwartz, Center for Democracy and Technology
Alissa Cooper, Center for Democracy and Technology
When developing an identity management system, designers must consider the system's purpose and particular privacy needs. A set of guidelines and advice can help them make these determinations.

1. Organization for Economic Cooperation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980; www.oecd.org/document/180,3343,en_2649_34255_1815186_1_1_1_1,00.html .
2. European Commission, EU Data Protection Directive 95/46/EC, Oct. 1995; http://ec.europa.eu/justice_home/fsj/privacy/ lawindex_en.htm.
3. D. Chaum, "Security Without Identification: Transaction Systems to Make Big Brother Obsolete," Comm. ACM, vol. 28, no. 10, Oct. 1985, pp. 1030–1044.
4. B. Pfitzmann, M. Waidner, and A. Pfitzmann, "Secure and Anonymous Electronic Commerce: Providing Legal Certainty in Open Digital Systems without Compromising Anonymity," IBM research report RZ 3232, no. 93278, IBM Research Division, Zurich, May 2000.
5. Commission of the European Communities, Comm. from the Commission to the European Parliament and the Council on Promoting Data Protection by Privacy Enhancing Technologies (PETs), COM(2007) 228 final, May 2007; http://eur-lex.europa.eu/LexUriServ/site/ en/com/2007com2007_0228en01.pdf.
6. A. Cavoukian, "7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age," Office of the Information and Privacy Commissioner/Ontario, Oct. 2006; www.ipc.on.ca/images/Resourcesup-7laws_whitepaper.pdf .
7. K. Cameron, "The Laws of Identity," Microsoft Corp., May 2005; www.identityblog.com?page_id=352.
8. R. Leenes, J. Schallaböck, and M. Hansen, eds., "Privacy and Identity Management for Europe," Prime whitepaper, ver. 2, June 2007; www.prime-project.eu/prime_productswhitepaper .
9. H. Nissenbaum, "Privacy as Contextual Integrity," Washington Law Rev., vol. 79, no. 1, 2004, pp. 119–157.
10. S. Clauß and M. Köhntopp, "Identity Management and its Support of Multilateral Security, Computer Networks, vol. 37, no. 2, 2001, pp. 205–219.
11. A. Pfitzmann and M. Hansen, "Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management—A Consolidated Proposal for Terminology," ver. 0.31, 15 Feb. 2008; http://dud.inf.tu-dresden.deAnon_Terminology.shtml .
12. J. Camenisch and A. Lysyanskaya, "Efficient Nontransferable Anonymous Multishow Credential System with Optional Anonymity Revocation," research report RZ 3295, no. 93341, IBM Research, Nov. 2000.
13. S.A. Brands, Rethinking Public Key Infrastructures and Digital Certificates, MIT Press, 2000.
14. G. Karjoth, M. Schunter, and M. Waidner, "Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data," Proc. 2nd Workshop Privacy Enhancing Technologies (PET 2002), LNCS 2482, Springer, 2002, pp. 69–84.
15. M. Casassa Mont, S. Pearson, and P. Bramhall, Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services, tech. report, Trusted Systems Laboratory, HP Laboratories Bristol, HPL-2003-49, 2003; www.hpl.hp.com/techreports/2003HPL-2003-49.pdf .
16. B. Schneier, Beyond Fear: Thinking Sensibly about Security in an Uncertain World, Springer, 2004.

Index Terms:
privacy, identity management, Fair Information Practice Principles, information storage
Citation:
Marit Hansen, Ari Schwartz, Alissa Cooper, "Privacy and Identity Management," IEEE Security & Privacy, vol. 6, no. 2, pp. 38-45, March-April 2008, doi:10.1109/MSP.2008.41
Usage of this product signifies your acceptance of the Terms of Use.