European Workshop on Trust & Identity

In cooperation with GeantLogo184x80

Session 33 <User-Centric within enterprise> (14:15/Room K3)

Convener: Raimund Wilhemer

Abstract: What is the business case for suer-centricity in an enterprise

Tags: User-centric IDM


The reason I want to specify it: it is becoming a “modern word”. If you look at the enterprise, there are some restrictions. In Austrian and German law there are a restriction for e-mailing without a permission etc. The mailbox is on a back-up and there no user centric implementation on it. Within cloud services outside of your company.


What is your definition on user centric in the enterprise?

Aud 1: for me it doesn’t make any sense.

Aud 2: are we talking about even though you are employee you are a person that has some right towards the employer? User centric identity is one line in the whole list.

Example: smart card, the owner is the enterprise, it has no pin but it might have a solution to get into it

What is user centric?

Aud 1: Your citizen identity (private), not connected to any enterprise.

C: User centric is possible within enterprise if there is an external one.

Aud 1: It is illegal to read the mail but they have the access to it. The illegal is to use the access to use it.

Aud 2: If you have a folder “private” on your computer, the employer is not allowed to read it.

C: Example of a colleague who left the company and didn’t give a handover.

Aud 3: Still corporate identity but you need a law for it. Using company mail for private use.

C: PKI - you do a certification of a public key. If it is in the possession of an entrepreneur, is he allowed to use it?

Aud 2: There are many limitations for the control. The enterprise is limited by law. Enterprise can destroy the identity when the person is leaving the company. For example:People bringing their user centric “things” into the enterprise. So using your centric identity within the enterprise is possible but not the other way around (in this context). A smartphone is usually connected to your civil identity (through icloud etc.) It is your identity that you are bringing to the enterprise. If an enterprise creates the identity than it is owned by the enterprise but it is not a user centric/ civil identity.

Aud 2: Nowadays we may have multiple identities.

Aud 4: I do only have one identity, I use indeed different attributes but I do think that there is only one identity.

Is there some definition of user centric?

Aud 2: There are many definitions. I wrote a paper about and distilled my own definition. Also: Kim Cameron (Microsoft)


C: So the user centric identity within the enterprise is not possible.

It is whether user centric or enterprise identity.

The employee might bring his user centric identity to the enterprise.