HP Labs developed a fully working demonstrator to illustrate the EnCoRe capabilities (for dynamic consent and privacy management) in the context of the UK Cabinet Office/Identity Assurance Programme. This demonstrator fully leverages the EnCoRe third Technical Architecture [1] and the related HP Labs’s prototype based on the EnCoRe Service Framework [5].
The Identity Assurance Programme [2] aims to deliver a rich ecosystem of services and to use standard federated identity management solutions to enable the relevant interactions between citizens (users), Identity Providers (IdP), the Hub, Attribute Providers and Public/Private Service Providers (PSPs).
Specifically, a citizen, when trying to access an online PSP service, is redirected, via the Hub, to a trusted IdP of choice, where they can be identified and authenticated. The citizen does this by providing their authentication credentials (the type of credentials to be used might change depending on the required level of assurance).
Once authenticated at the IdP site, a Minimum Data Set (MIDS i.e. basic personal data such as name, surname, etc.) necessary to identify the data subject is passed to the Hub that might enrich it by adding additional information retrieved from Attribute Providers. Finally the Hub passes the MIDS data, along with any additional information, to the PSP, for local matching if identities (i.e. local identification/authentication) and to enable the citizen to access the desired services. The goal is to ensure that the asserted identity of a citizen can be successfully used at the PSP site, to identify the citizen based on the locally available information.
It is important to notice that, in the described scenario, lots of personal data can potentially be exchanged between the various stakeholders, related to authentication, matching (MIDS) and business transactions. To make this programme successful, it is important that citizens (data subjects) have control over how their personal data is disclosed between the various stakeholders and subsequently used; they must be allowed to change their consent and related privacy preferences at any time; they must have degrees of assurance that their preferences are enforced by the various stakeholders.
EnCoRe helps to provide citizens with the desired level of control over their personal data and the involved organisations with mechanisms and solutions for enforcing privacy and consent.
The HP Labs’ demonstrator illustrates how this can be achieved in practice, by animating the following key use cases:
-Use Case 1: a citizen (data subject) provides consent for the use of their personal data as MIDS
-Use Case 2: a citizen provides consent for the use of selected Attribute Providers for the MIDS matching process
-Use Case 3: a citizen provides consent for sending / using further Verified Attributes
-Use Case 4: ensuring privacy in transactions through the Hub by using sticky policies
-Use Case 5: changing and propagating data & consent updates
-Use Case 6: a citizen revokes consent for an IdP to hold their data at all
More details about these use cases are available [1].
The demonstrator uses the HP Labs’ EnCoRe Service Framework (and prototype, deployed via an EnCoRe toolbox) within 3 simulated environments: an IdP, the Hub and the Service Provider.
The demonstrator focuses on the viewpoint of end-users (citizens), administrators and employees. It illustrates how dynamic consent and privacy management can be achieved in this context.
HP Labs are available to provide demos to illustrate EnCoRe capabilities in the context of the Identity Assurance scenario and other scenarios.
[1] D2.3 Technical Architecture for the third realized Case Study,, http://www.encore-project.info/deliverables_material/D2_3_EnCoRe_Architecture_V1.0.pdf
[2] UK Cabinet Office, Identity Assurance (IdA) Programme Statements, http://services.parliament.uk/hansard/Commons/ByDate/20110518/writtenministerialstatements/part003.html
[3] D2.1 Technical Architecture for the first realized Case Study, http://www.encore-project.info/deliverables_material/D2.1%20EnCoRe%20Architecture%20V1.0.pdf
[4] D2.2 Technical Architecture for the second realized Case Study, http://www.encore-project.info/deliverables_material/D2_2_EnCoRe_Architecture_V1.0.pdf
[5] EnCoRe, HP Labs Service Framework, http://www.encore-project.info/newsletters/newsletter03/EnCoReAUG2011.html
[6] REST, http://en.wikipedia.org/wiki/Representational_state_transfer
[7] RESTLET, RESTful web framework for Java, http://www.restlet.org/
[8] Siani Pearson, Marco Casassa Mont, Sticky Policies: An Approach for Managing Privacy across Multiple Parties, IEEE Computer Magazine, Volume 44, Number 9, September 2011, 2011
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment