The Community for Technology Leaders
RSS Icon
Issue No.02 - March/April (2008 vol.6)
pp: 38-45
Ari Schwartz , Center for Democracy and Technology
Marit Hansen , Independent Centre for Privacy Protection
When developing an identity management system, designers must consider the system's purpose and particular privacy needs. A set of guidelines and advice can help them make these determinations.
privacy, identity management, Fair Information Practice Principles, information storage
Ari Schwartz, Marit Hansen, "Privacy and Identity Management", IEEE Security & Privacy, vol.6, no. 2, pp. 38-45, March/April 2008, doi:10.1109/MSP.2008.41
1. Organization for Economic Cooperation and Development, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980;,3343,en_2649_34255_1815186_1_1_1_1,00.html .
2. European Commission, EU Data Protection Directive 95/46/EC, Oct. 1995; lawindex_en.htm.
3. D. Chaum, "Security Without Identification: Transaction Systems to Make Big Brother Obsolete," Comm. ACM, vol. 28, no. 10, Oct. 1985, pp. 1030–1044.
4. B. Pfitzmann, M. Waidner, and A. Pfitzmann, "Secure and Anonymous Electronic Commerce: Providing Legal Certainty in Open Digital Systems without Compromising Anonymity," IBM research report RZ 3232, no. 93278, IBM Research Division, Zurich, May 2000.
5. Commission of the European Communities, Comm. from the Commission to the European Parliament and the Council on Promoting Data Protection by Privacy Enhancing Technologies (PETs), COM(2007) 228 final, May 2007; en/com/2007com2007_0228en01.pdf.
6. A. Cavoukian, "7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age," Office of the Information and Privacy Commissioner/Ontario, Oct. 2006; .
7. K. Cameron, "The Laws of Identity," Microsoft Corp., May 2005;
8. R. Leenes, J. Schallaböck, and M. Hansen, eds., "Privacy and Identity Management for Europe," Prime whitepaper, ver. 2, June 2007; .
9. H. Nissenbaum, "Privacy as Contextual Integrity," Washington Law Rev., vol. 79, no. 1, 2004, pp. 119–157.
10. S. Clauß and M. Köhntopp, "Identity Management and its Support of Multilateral Security, Computer Networks, vol. 37, no. 2, 2001, pp. 205–219.
11. A. Pfitzmann and M. Hansen, "Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management—A Consolidated Proposal for Terminology," ver. 0.31, 15 Feb. 2008; http://dud.inf.tu-dresden.deAnon_Terminology.shtml .
12. J. Camenisch and A. Lysyanskaya, "Efficient Nontransferable Anonymous Multishow Credential System with Optional Anonymity Revocation," research report RZ 3295, no. 93341, IBM Research, Nov. 2000.
13. S.A. Brands, Rethinking Public Key Infrastructures and Digital Certificates, MIT Press, 2000.
14. G. Karjoth, M. Schunter, and M. Waidner, "Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data," Proc. 2nd Workshop Privacy Enhancing Technologies (PET 2002), LNCS 2482, Springer, 2002, pp. 69–84.
15. M. Casassa Mont, S. Pearson, and P. Bramhall, Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services, tech. report, Trusted Systems Laboratory, HP Laboratories Bristol, HPL-2003-49, 2003; .
16. B. Schneier, Beyond Fear: Thinking Sensibly about Security in an Uncertain World, Springer, 2004.
291 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool