European Workshop on Trust & Identity

In cooperation with GeantLogo184x80

Session 17 <Privacy by Design in Federated Identity Management (FIM) + State of the art of PbD> (14:415/Room K2) – NO NOTES

Convener: Berit Skjernaa

Abstract: FIM, while solving important problems of remote entity authentication, introduces new privacy risks, like new possibilities of linking private data sets and new opportunities for user profiling. We will discuss privacy by design requirements, transpose them into specific architectural requirementsand and evaluate a number of FIM models that have been proposed to mitigate these risks.

Tags: Privacy by Design

Notes

We are currently making a survey regarding the adoption of Privacy by Design in Danish companies for the Danish Business Authority and would like input to what the status is throughout Europe, what are the obstacles, what are the commercial benefits, who does a good job, and what is and can be done to push the adoption.

What are the incentives and why is privacy... I would come to the conclusion to think about things like privacy in the systems we are building.

I would like to show you what we found out privacy and privacy by design means in particularly in the field of identity management. 

From general provision reduced to requirements for identity systems. 

Privacy risks related to FM, linkability and observability as two general problems, linkability is that basically two SPs should not be able to know that they are dealing with the same IDP. The worst thing to do is to make join identifiers.