European Workshop on Trust & Identity

In cooperation with GeantLogo184x80

Session 26 <MAPPING identity, Internet governance and lawful privacy> (13:30/Room K1)

Convener: Thomas Warwaris

Abstract: Private and commercial Internet users are increasingly awareof their communication data being an immaterial public good. Recentdevelopments show, this also leads to rising distrust. One of the key issues, to regain thistrust, could be a change in identity management, so that internetgovernance regains control and its ability to create rules andsafeguards. Can we outline such a system?

Tags: Privacy, Internet Governance

Notes

2 steps:

  1. What I see as a possible perspective of future policies.
  2. Discussion on the relation to identity management


Angela Merkel:
"Personal data is the gold of the future". A sentence that makes sense, looking at the hopes in that market.

Combing that with mining laws: Personal data is not owned by the person, shouldn't be controlled by the person: It is a resource to the public. Pretty normal situation in the mining law.

Side note: Special mining contracts: We already have something similar: "security domains" like healthcare, pub.transport.

Another aspect: Anonymity:

Commissioner Oettinger: "whoever is transporting data has to take responsibility for it"

This will lead into more pressure on ISPs to be able to de-anonymize access.

One issue is the misuse of "anonymous services", but it is nearly impossible to get rid of these kind of services without a global contract. The only possible move forward is to go after the other end.

What will happen is that we will see pressure for de-anonymisation. What I've seen now is that the identity providing could be one of the tools of the trade, regulating of access to services. The landscape now is based on, IDPs slapped on the side of existing entities, which are already managing that data and turned them into IDPs. But being an. IDP does not seem to be a sustainable business model.

Question to the participants:

How could IDPs fit into that scenario and how could they provide the Internet uses with pseudonymity? Anonymity? Should we begin thinking differently how an IDP should look like?

Tom: Reveal some possible future scenario. We have an IDP. By default it provides a subject identifier. Should the University of Chicago continue to supply? Applications that we offer, people of all over are able to access but on-boarding students bring different identity to the services. The practice we've build throughout the years comes back.

Cannot really be an answer, depends on really what you can do. The banking sector starts becoming interested in IDPs. The IDPs know so much. The banks want to collect info about potential customers. One possibility would be to have a different IDP, which serves anonymously, like a proxy IDP which is independent from the bank. Data protection rules should be implemented.

Identity value, preventional management. It's possible to do only one of those now. To offer IDP servers as a service? Which model would be true? Realistic - more important larger commercial services moving into those market services.

Identity provider and the Service Provider both see which services are accessed?

National research institutions- build identity federation on top. What kind of a Chinese wall do they have inside?

  • The network provider has the identity and the identity provider as well.
  • Proxy models that the IDP won't know which servers are used
  • The security incidents.


Internet access. Not bank accessing, nor government, just simple commenting on a webpage. People can choose their ISP? Less restrictions.

The banks are no longer the favourite trusted IDP. Why did it not evolve? It doesn't have that much to do with trust. If you want to go to IRS ... a couple of years ago they started working on a profile ... added to the documents. Every time you are authenticated they need to charge you. The banks locked us from doing that.

In Finland: the banks wanted to have a strong verification, but the government opposed it. In the law it says that you use strong allegation to create another? A new government method. Internet providers are on top, they have 70% of the world’s population.