Privacy and Identity Management

Marit Hansen; Ari Schwartz; Alissa Cooper

doi:10.1109/MSP.2008.41

Security&Privacy
2008
Issue No. 2 - March/April
Abstract - Privacy and Identity Management

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Marit Hansen Articles by Ari Schwartz Articles by Alissa Cooper

Privacy and Identity Management

March/April 2008 (vol. 6 no. 2)

pp. 38-45

	ASCII Text	x
	Marit Hansen, Ari Schwartz, Alissa Cooper, "Privacy and Identity Management," IEEE Security & Privacy, vol. 6, no. 2, pp. 38-45, March/April, 2008.

	BibTex	x
	@article{ 10.1109/MSP.2008.41, author = {Marit Hansen and Ari Schwartz and Alissa Cooper}, title = {Privacy and Identity Management}, journal ={IEEE Security & Privacy}, volume = {6}, number = {2}, issn = {1540-7993}, year = {2008}, pages = {38-45}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2008.41}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Privacy and Identity Management IS - 2 SN - 1540-7993 SP38 EP45 EPD - 38-45 A1 - Marit Hansen, A1 - Ari Schwartz, A1 - Alissa Cooper, PY - 2008 KW - privacy KW - identity management KW - Fair Information Practice Principles KW - information storage VL - 6 JA - IEEE Security & Privacy ER -

Marit Hansen, Independent Centre for Privacy Protection

Ari Schwartz, Center for Democracy and Technology

Alissa Cooper, Center for Democracy and Technology

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2008.41

When developing an identity management system, designers must consider the system's purpose and particular privacy needs. A set of guidelines and advice can help them make these determinations.

1. Organization for Economic Cooperation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980; www.oecd.org/document/180,3343,en_2649_34255_1815186_1_1_1_1,00.html .
2. European Commission, EU Data Protection Directive 95/46/EC, Oct. 1995; http://ec.europa.eu/justice_home/fsj/privacy/ lawindex_en.htm.
3. D. Chaum, "Security Without Identification: Transaction Systems to Make Big Brother Obsolete," Comm. ACM, vol. 28, no. 10, Oct. 1985, pp. 1030–1044.
4. B. Pfitzmann, M. Waidner, and A. Pfitzmann, "Secure and Anonymous Electronic Commerce: Providing Legal Certainty in Open Digital Systems without Compromising Anonymity," IBM research report RZ 3232, no. 93278, IBM Research Division, Zurich, May 2000.
5. Commission of the European Communities, Comm. from the Commission to the European Parliament and the Council on Promoting Data Protection by Privacy Enhancing Technologies (PETs), COM(2007) 228 final, May 2007; http://eur-lex.europa.eu/LexUriServ/site/ en/com/2007com2007_0228en01.pdf.
6. A. Cavoukian, "7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age," Office of the Information and Privacy Commissioner/Ontario, Oct. 2006; www.ipc.on.ca/images/Resourcesup-7laws_whitepaper.pdf .
7. K. Cameron, "The Laws of Identity," Microsoft Corp., May 2005; www.identityblog.com?page_id=352.
8. R. Leenes, J. Schallaböck, and M. Hansen, eds., "Privacy and Identity Management for Europe," Prime whitepaper, ver. 2, June 2007; www.prime-project.eu/prime_productswhitepaper .
9. H. Nissenbaum, "Privacy as Contextual Integrity," Washington Law Rev., vol. 79, no. 1, 2004, pp. 119–157.
10. S. Clauß and M. Köhntopp, "Identity Management and its Support of Multilateral Security, Computer Networks, vol. 37, no. 2, 2001, pp. 205–219.
11. A. Pfitzmann and M. Hansen, "Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management—A Consolidated Proposal for Terminology," ver. 0.31, 15 Feb. 2008; http://dud.inf.tu-dresden.deAnon_Terminology.shtml .
12. J. Camenisch and A. Lysyanskaya, "Efficient Nontransferable Anonymous Multishow Credential System with Optional Anonymity Revocation," research report RZ 3295, no. 93341, IBM Research, Nov. 2000.
13. S.A. Brands, Rethinking Public Key Infrastructures and Digital Certificates, MIT Press, 2000.
14. G. Karjoth, M. Schunter, and M. Waidner, "Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data," Proc. 2nd Workshop Privacy Enhancing Technologies (PET 2002), LNCS 2482, Springer, 2002, pp. 69–84.
15. M. Casassa Mont, S. Pearson, and P. Bramhall, Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services, tech. report, Trusted Systems Laboratory, HP Laboratories Bristol, HPL-2003-49, 2003; www.hpl.hp.com/techreports/2003HPL-2003-49.pdf .
16. B. Schneier, Beyond Fear: Thinking Sensibly about Security in an Uncertain World, Springer, 2004.

Index Terms:

privacy, identity management, Fair Information Practice Principles, information storage

Citation:

Marit Hansen, Ari Schwartz, Alissa Cooper, "Privacy and Identity Management," IEEE Security & Privacy, vol. 6, no. 2, pp. 38-45, March-April 2008, doi:10.1109/MSP.2008.41

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.