Since then, little has changed – at least in the commercial “Identity Management” world … This is particularly true in federated identity management contexts, where great deal of efforts have been spent in enabling smooth single-sign-on capabilities and ways to exchange information (or possibly minimise the exchanged information …) but little has been done to “convey” preferences and policies along with data – when this data is exchanged (for example, between a user and a Data Receiver/Identity Provider, between an Identity Provider to a Service Provider or between two Identity Providers).
To make progress in this direction it is necessary to:
- Enable users to provide their (privacy) preferences in a more explicitly and fine grained way (e.g. in terms of consent, disclosure list, deletion, notification, etc.);
- Enable enterprise back-end Identity Management solutions to manage the association of preferences and (data handling) policies to data and keep them into account during data processing steps;
- Enable the exchange of data along with associated preferences/policies;
- Introduce accountability, tracing and auditing mechanisms.
No comments:
Post a Comment