SlideShare ist ein Scribd-Unternehmen logo

Privacy in Business Processes by User-Centric Identity Management

S
Sven Wohlgemuth

This document summarizes a presentation on privacy in business processes through user-centric identity management. It discusses challenges with 1:n and 1:n:m relationships where personal data is disclosed to multiple services. Two approaches are described: single sign-on and anonymous credentials. Neither fully addresses issues like linkability, non-transferability of data, and misuse of credentials. The document then proposes an approach called DREISAM that uses anonymous credentials and proxy credentials to enable delegation of rights over personal data while preserving user privacy. It outlines the work of WP14 in studying privacy requirements for identity management and business processes.

Internet
1 von 21
Downloaden Sie, um offline zu lesen
FIDIS Research Event 2006, Budapest Sven Wohlgemuth Albert-Ludwig University Freiburg, Germany Privacy in Business Processes by User-centric Identity Management
FIDIS - Future of Identity in the Information Society (No. 507512) 11.09.2006 2 Agenda I. Scenario: Personalized Services and Business Processes II. Example: Data Economy in Business Processes III. WP14: Areas of Work
FIDIS - Future of Identity in the Information Society (No. 507512) 11.09.2006 3 I. Personalized Services and 
 Business Processes Objectives of an attacker: • Tracing user • Misusing user‘s attributes I want a holiday trip, here are my attributes User Holiday trip Service 1 1:n To known service Challenge: Trust in Service 1? U wants a car, Here is what I know of U Car 1:n:m To unknown service(s)U = profile Service 2 user profiles
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 4 Survey for Germany (ECE IV)
 Most Important Barriers for Personalized Services 0 % 25 % 50 % 75 % 100 % 20,700 %20,700 %18,100 %15,800 %15,984 % 12,012 % 58,400 %56,700 % 47,700 %49,800 %46,753 % 44,344 % 20,900 %22,600 % 34,200 %34,400 %37,263 % 43,644 % high medium no Costly integration in processes Expected neg. reaction since privacy violation Doubts wrt. data protection laws Low customer acceptance Other legal doubts Pot. loss of reputation http://www.telematik.uni-freiburg.de/ece.php
FIDIS - Future of Identity in the Information Society (No. 507512) 5 Car? Driving licence? Privacy Attacks
 1:n Relationships Privacy: User is able to to determine on the disclosure and use of his own personal data. I want a holiday trip, here are my attributes User Holiday trip Service 1Service 1 1:n To known service U = profile 11.09.2006
FIDIS - Future of Identity in the Information Society (No. 507512) 5 Car? Driving licence? Threat: Misuse of personal data by services Driving
 licence Stella Freiburger
 Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Motorbike Claudia Freiburger Harley Davidson IP: 132.15.16.3 Car Stella Freibuger VW Beetle IP: 132.15.16.3 Privacy Attacks
 1:n Relationships Privacy: User is able to to determine on the disclosure and use of his own personal data. I want a holiday trip, here are my attributes User Holiday trip Service 1Service 1 1:n To known service U = profile 11.09.2006
Driving licence? Car? Car Car Stella Freiburger VW Beetle IP: 132.15.16.3 Driving
 licence Stella Freiburger Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Vacation trip? Privacy Attacks
 1:n:m Relationships I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2Service 2 user profiles
Driving licence? Informational self-determination? Driving
 Licence Stella Freibuger
 Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Holiday Stella Freiburger VW Beetle ... IP: 132.15.16.3 Car? Car Car Stella Freiburger VW Beetle IP: 132.15.16.3 Driving
 licence Stella Freiburger Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Vacation trip? Privacy Attacks
 1:n:m Relationships I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2Service 2 user profiles
FIDIS - Future of Identity in the Information Society (No. 507512) 7 II. Problem: Data Economy Identity management and multi-staged business processes □ Single Sign On: central or several CA
 (Microsoft .NET Passport or Liberty Alliance) □ Partial identities
 (Freiburg iManager) □ Anonymous credentials
 (IBM idemix) 11.09.2006
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 8 Case 1: Single Sign-On
 1:n:m Relationships 3: Authentification 1: Request for booking 1: Request for car 2: Redirection 4: Connect 5: Request for pers. data: driving licence 7: Allow / deny access 8: Booking confirmation 6: Pers. data: driving licence
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 8 Case 1: Single Sign-On
 1:n:m Relationships • Proxy needs secret token of user for authentication ➔ Linkability + Misuse • CA is in every authentication involved ➔ Linkability 3: Authentification 1: Request for booking 1: Request for car 2: Redirection 4: Connect 5: Request for pers. data: driving licence 7: Allow / deny access 8: Booking confirmation 6: Pers. data: driving licence
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 9 Stella 543ag I am Stella Dig. driving licence I am 543ag Booking confirmation • Non-Transferability Mechanismen:
 All credentials and pseudonyms are based on one secret key kMax Car for 543ag Car CA certifies personal data and issues anonymous credentials skStella Case 2: Anonymous Credentials
 1:n:m Relationships
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 9 Stella 543ag I am Stella Dig. driving licence I am 543ag Booking confirmation • Non-Transferability Mechanismen:
 All credentials and pseudonyms are based on one secret key kMax Car for 543ag Car • Proxy requires secret key kStella for showing credential ! Delegation of all credentials: misuse is possible ! Fraud: Revealing anonymity of the user kStella CA certifies personal data and issues anonymous credentials skStella Case 2: Anonymous Credentials
 1:n:m Relationships
Additional criteria for 1:n:m relationships: Delegation of rights on personal data • Integrity of an authorization • Delegation of „least privilege” • Preventing misuse of delegated authorizations • Restricting re-delegation of delegated authorizations • Revoking delegated authorizations • Distinguishing user and proxy Criteria for 1:n relationships: • Showing personal data depending on service • Non-linkability of transactions • Authentication without revealing identifying data • Non-repudiation of user‘s transactions • Revealing identity of cheating users Criteria for 1:n and 1:n:m Relationships
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 11 Idea: Authorization for purpose-based transfer of personal data as a credential
 (Proxy Credential) Unobservability by: – Anonymous credentials – Pseudonyms – CA signs Proxy Credential Purpose-based: – Logging of delegation and use by
 CA and end service Limit: – User cannot enforce restrictions
 of a delegated authorization – Observability if servíce needs
 identifying data of the user Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management, ETRICS 2006. DREISAM
 Unlinkable Delegation of Rights
(Mechanisms of PKI + anonymous credentials) • Integrity of an authorization • Delegation of „least privilege“ • Preventing misuse of delegated authorizations • Restricting re-delegation of delegated authorizations • Revoking delegated authorizations • Distinguishing user and proxy DREISAM: Evaluation Criteria for a self-determined disclosure of personal data: • Showing personal data depending on service • Non-linkabiltiy of transactions • Authentication without revealing identifying data • Non-repudiation of user‘s transactions • Revealing identity of cheating users (Partial identity) (Pseudonyms and anonymity service) (Zero-Knowledge Proof) (Protocol run of showing a credential) (De-anonymization party) (Anonymous credential + CA) (One-show anony. credential + Audit) (Audit) (Proxy Credential) (Protocol of showing a credential + CA)
Verifying Use of Personal Data:
 Certified Service □ Information flow: Verified sandbox at service provider □ Peer: Attestated service access points of sandbox □ Presumption: TPM and CA infrastructure service OS hardware service OS hardware Service ProviderUser service OS hardware service OS hardware Privacy CA SoftwareCA Hohl, A., Lowis, L., Zugenmaier, A.: Look who's talking - Authenticated Service Access Points. travel agency untrusted area trusted end device
FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 14 III. WP 14: Areas of Work I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2 user profiles Identity management Identity management extended by protocols, TC, … D14.2: Study on privacy in business processes by identity management D14.3: Study on the suitability of trusted computing to support
 privacy policies in business processes Identification of privacy requirements for identity management relating to the use of disclosed personal data Objective:
FIDIS - Future of Identity in the Information Society (No. 507512) 15 • Non-Programmed Norms Safe harbor, regulations EU, self-determination politeness, respect • Programmed Norms P3P, EPAL, … • Privacy Tools - Distrust in partner - Control service‘s system
 behavior or knowledge about it - User-controlled only Approach of WP14 Privacy Principles Privacy Policy Privacy Tools Prevent misuse (Access Control) Identify misuse (Audit) Prevent profiling (Anonymity services) Minimize profiling (IMS) 11.09.2006
FIDIS - Future of Identity in the Information Society (No. 507512) 16 Workshop Agenda – Monday Session 1 14:15-16:15 14:15-14:45 Sven Wohlgemuth (ALU-FR): Privacy in Business Processes by User-centric Identity Management 14:45-15:15 Mireille Hildebrandt (VUB): The user-centric narrative of AmI: smart marketing or citizen empowerment? 15:15-15:45 Günter Karjoth (IBM): Achieving Transparency by Applying an Enterprise Privacy Architecture 15:45-16:15 Simone Fischer-Hübner (KU): The "Data Track" for increasing transparency for end users 16:15-16:30 Coffee Break Session 2 16:30-18:30 16:30-17:00 Ammar Alkassar (SIRRIX): Employing Trusted Computing for User-Friendly Business-Processes 17:00-17:30 Stefan Köpsell (TUD): Overview of Trusted Computing and possible Applications for Business Processes with Delegates 17:30-18:00 Richard Cissée (TUB): Privacy-preserving Information Filtering 18:00-18:30 Sven Wohlgemuth (ALU-FR): Further steps to D14.2, D14.3 and to 4th work plan 11.09.2006
FIDIS - Future of Identity in the Information Society (No. 507512) 17 Workshop Agenda – Tuesday Session 3 13:45-15:15 13:45-14:15 Martin Meints (ICPP): Compliance in Enterprises - how can Trends in IT-Security successfully be transfered to Data Protection? 14:15-14:45 Laurent Bussard (Microsoft): TBA 14:45-15:15 Pieter Ribbers (Tilburg University): Privacy and Business Processes: the approach in PRIME 11.09.2006

Empfohlen

Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
Sven Wohlgemuth
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
Ubisecure
 
Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User Group
Joel Rader, CISSP
 
Nursecoin technology platform overview
Nursecoin technology platform overviewNursecoin technology platform overview
Nursecoin technology platform overview
Cyrus Maaghul
 
Identity Trust Framework Survey
Identity Trust Framework SurveyIdentity Trust Framework Survey
Identity Trust Framework Survey
adremllc
 
Velociter Case Studeis (Smart Card Project)
Velociter Case Studeis (Smart Card Project)Velociter Case Studeis (Smart Card Project)
Velociter Case Studeis (Smart Card Project)
prathikb
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
Ubisecure
 
Bin list tool
Bin list toolBin list tool
Bin list tool
albinamuro2
 

Empfohlen

Privacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity ManagementPrivacy in Business Processes by User-Centric Identity Management
Privacy in Business Processes by User-Centric Identity Management
Sven Wohlgemuth
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
Ubisecure
 
Lessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User GroupLessons Learned from Federal ICAM - User Group
Lessons Learned from Federal ICAM - User Group
Joel Rader, CISSP
 
Nursecoin technology platform overview
Nursecoin technology platform overviewNursecoin technology platform overview
Nursecoin technology platform overview
Cyrus Maaghul
 
Identity Trust Framework Survey
Identity Trust Framework SurveyIdentity Trust Framework Survey
Identity Trust Framework Survey
adremllc
 
Velociter Case Studeis (Smart Card Project)
Velociter Case Studeis (Smart Card Project)Velociter Case Studeis (Smart Card Project)
Velociter Case Studeis (Smart Card Project)
prathikb
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
Ubisecure
 
Bin list tool
Bin list toolBin list tool
Bin list tool
albinamuro2
 
Brazil3- Forbes
Brazil3- ForbesBrazil3- Forbes
Brazil3- Forbes
FLORENCE LILTI
 
Research paper UAVs2012
Research paper UAVs2012Research paper UAVs2012
Research paper UAVs2012
Jan Miller
 
Создание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной средыСоздание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной среды
Taisiya Mukii
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
Sven Wohlgemuth
 
Грипп и пневмония
Грипп и пневмонияГрипп и пневмония
Грипп и пневмония
sk1ll
 
karpets2015
karpets2015karpets2015
karpets2015
Andrei Vainer
 
Conditional 0 and 1
Conditional 0 and 1Conditional 0 and 1
Conditional 0 and 1
juan pablo vinchery
 
2 Recommendation letters
2 Recommendation letters2 Recommendation letters
2 Recommendation letters
Van Anh Nguyen Ngoc
 
THESIS 2013 copy
THESIS 2013 copyTHESIS 2013 copy
THESIS 2013 copy
Van Anh Nguyen Ngoc
 
BS ABM 2014
BS ABM 2014BS ABM 2014
BS ABM 2014
Andrei Vainer
 
معلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايهمعلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايه
hakmhamdy
 
English vocabulary
English vocabularyEnglish vocabulary
English vocabulary
gguzman76
 
2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog
Robert J Rodrick Jr.
 
Modern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and TreatmentModern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and Treatment
tabirsir
 
Cartel educativo
Cartel educativoCartel educativo
Cartel educativo
Sathya Casasola
 
Aquasomes
AquasomesAquasomes
Aquasomes
Sagar Savale
 
Nano carriers in cancer treatment
Nano carriers in cancer treatment Nano carriers in cancer treatment
Nano carriers in cancer treatment
venkatesh swamy
 
Drug delivery via nanocapsules
Drug delivery via nanocapsules Drug delivery via nanocapsules
Drug delivery via nanocapsules
tabirsir
 
Smart sms
Smart sms Smart sms
Smart sms
Mohamed Ali Salem ,MBA,PMP,Scrum
 
Sovereign identity
Sovereign identitySovereign identity
Sovereign identity
I am currently looking for a good job with a great company!
 
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
gueste4e93e3
 
UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015
Jerry Fishenden
 

Weitere ähnliche Inhalte

Andere mochten auch

Research paper UAVs2012
Research paper UAVs2012Research paper UAVs2012
Research paper UAVs2012
Jan Miller
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
Sven Wohlgemuth
 
2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog
Robert J Rodrick Jr.
 

Andere mochten auch (18)

Brazil3- Forbes
Brazil3- ForbesBrazil3- Forbes
Brazil3- Forbes
 
Research paper UAVs2012
Research paper UAVs2012Research paper UAVs2012
Research paper UAVs2012
 
Создание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной средыСоздание рефлексивно-гуманистической образовательной среды
Создание рефлексивно-гуманистической образовательной среды
 
On Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health RecordsOn Privacy in Medical Services with Electronic Health Records
On Privacy in Medical Services with Electronic Health Records
 
Грипп и пневмония
Грипп и пневмонияГрипп и пневмония
Грипп и пневмония
 
karpets2015
karpets2015karpets2015
karpets2015
 
Conditional 0 and 1
Conditional 0 and 1Conditional 0 and 1
Conditional 0 and 1
 
2 Recommendation letters
2 Recommendation letters2 Recommendation letters
2 Recommendation letters
 
THESIS 2013 copy
THESIS 2013 copyTHESIS 2013 copy
THESIS 2013 copy
 
BS ABM 2014
BS ABM 2014BS ABM 2014
BS ABM 2014
 
معلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايهمعلومات عن الهاكر وطرق الحمايه
معلومات عن الهاكر وطرق الحمايه
 
English vocabulary
English vocabularyEnglish vocabulary
English vocabulary
 
2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog2016ProductCatalogcolorFinalProductionCatalog
2016ProductCatalogcolorFinalProductionCatalog
 
Modern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and TreatmentModern Nanostructures for Diagnosis and Treatment
Modern Nanostructures for Diagnosis and Treatment
 
Cartel educativo
Cartel educativoCartel educativo
Cartel educativo
 
Aquasomes
AquasomesAquasomes
Aquasomes
 
Nano carriers in cancer treatment
Nano carriers in cancer treatment Nano carriers in cancer treatment
Nano carriers in cancer treatment
 
Drug delivery via nanocapsules
Drug delivery via nanocapsules Drug delivery via nanocapsules
Drug delivery via nanocapsules
 

Ähnlich wie Privacy in Business Processes by User-Centric Identity Management

The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
gueste4e93e3
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Mike Schwartz
 
Trondheim20070508_OECDf
Trondheim20070508_OECDfTrondheim20070508_OECDf
Trondheim20070508_OECDf
fnfzone
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock
 

Ähnlich wie Privacy in Business Processes by User-Centric Identity Management (20)

Smart sms
Smart sms Smart sms
Smart sms
 
Sovereign identity
Sovereign identitySovereign identity
Sovereign identity
 
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
 
UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015UK Government identity initiatives since the late 1990s - IDnext 2015
UK Government identity initiatives since the late 1990s - IDnext 2015
 
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
FIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in GermanyFIDO, Strong Authentication and elD in Germany
FIDO, Strong Authentication and elD in Germany
 
X-Road as a Platform to Exchange MyData
X-Road as a Platform to Exchange MyDataX-Road as a Platform to Exchange MyData
X-Road as a Platform to Exchange MyData
 
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...
 
Cryptograpy Exam
Cryptograpy ExamCryptograpy Exam
Cryptograpy Exam
 
180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2
 
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENTBUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
BUSINESS CASES AND IDENTITY RELATIONSHIP MANAGEMENT
 
Chapter 2.ppt
Chapter 2.pptChapter 2.ppt
Chapter 2.ppt
 
Trondheim20070508_OECDf
Trondheim20070508_OECDfTrondheim20070508_OECDf
Trondheim20070508_OECDf
 
apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...
apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...
apidays LIVE Hong Kong 2021 - Federated Learning for Banking by Isaac Wong, W...
 
IIW-11 Pseudonyms for Privacy
IIW-11 Pseudonyms for PrivacyIIW-11 Pseudonyms for Privacy
IIW-11 Pseudonyms for Privacy
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License PresentantionOpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
IDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things LandscapeIDoT: Challenges from the IDentities of Things Landscape
IDoT: Challenges from the IDentities of Things Landscape
 

Mehr von Sven Wohlgemuth

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
Sven Wohlgemuth
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with Blockchain
Sven Wohlgemuth
 
Secure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSecure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with Blockchains
Sven Wohlgemuth
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Sven Wohlgemuth
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process Mining
Sven Wohlgemuth
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
Sven Wohlgemuth
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal Information
Sven Wohlgemuth
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009
Sven Wohlgemuth
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in Dienstenetzen
Sven Wohlgemuth
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity Management
Sven Wohlgemuth
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Sven Wohlgemuth
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable Security
Sven Wohlgemuth
 

Mehr von Sven Wohlgemuth (20)

A Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity ManagementA Secure Decision-Support Scheme for Self-Sovereign Identity Management
A Secure Decision-Support Scheme for Self-Sovereign Identity Management
 
Competitive Compliance with Blockchain
Competitive Compliance with BlockchainCompetitive Compliance with Blockchain
Competitive Compliance with Blockchain
 
Secure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with BlockchainsSecure Sharing of Design Information with Blockchains
Secure Sharing of Design Information with Blockchains
 
個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information) 個人情報の有効活用を可能にする (Enabling effective use of personal information)
個人情報の有効活用を可能にする (Enabling effective use of personal information)
 
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve PrivacyTagging Disclosure of Personal Data to Third Parties to Preserve Privacy
Tagging Disclosure of Personal Data to Third Parties to Preserve Privacy
 
Privacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process MiningPrivacy-Enhancing Trust Infrastructure for Process Mining
Privacy-Enhancing Trust Infrastructure for Process Mining
 
EN 6.3: 4 Kryptographie
EN 6.3: 4 KryptographieEN 6.3: 4 Kryptographie
EN 6.3: 4 Kryptographie
 
EN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 SicherheitsmodelleEN 6.3: 3 Sicherheitsmodelle
EN 6.3: 3 Sicherheitsmodelle
 
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
WP14 Workshop "From Data Economy to Secure Logging as a Step towards Transpar...
 
Privacy in e-Health
Privacy in e-HealthPrivacy in e-Health
Privacy in e-Health
 
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-SicherheitsmanagementEN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
EN 6.3: 2 IT-Compliance und IT-Sicherheitsmanagement
 
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer DatenschutzEN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
EN 6.3: 1 IT-Sicherheit und Technischer Datenschutz
 
Privacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal InformationPrivacy with Secondary Use of Personal Information
Privacy with Secondary Use of Personal Information
 
International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009International Workshop on Information Systems for Social Innovation (ISSI) 2009
International Workshop on Information Systems for Social Innovation (ISSI) 2009
 
Durchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in DienstenetzenDurchsetzung von Privacy Policies in Dienstenetzen
Durchsetzung von Privacy Policies in Dienstenetzen
 
Privacy in Business Processes by Identity Management
Privacy in Business Processes by Identity ManagementPrivacy in Business Processes by Identity Management
Privacy in Business Processes by Identity Management
 
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und ImplementierungSchlüsselverwaltung - Objektorientierter Entwurf und Implementierung
Schlüsselverwaltung - Objektorientierter Entwurf und Implementierung
 
Resilience by Usable Security
Resilience by Usable SecurityResilience by Usable Security
Resilience by Usable Security
 
Sicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten WeltSicherheit in einer vernetzten Welt
Sicherheit in einer vernetzten Welt
 
Solutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and UsabilitySolutions for Coping with Privacy and Usability
Solutions for Coping with Privacy and Usability
 

Kürzlich hochgeladen

2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
tanu pandey
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Chandigarh Call girls 9053900678 Call girls in Chandigarh
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
@Chandigarh #call #Girls 9053900678 @Call #Girls in @Punjab 9053900678
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
SUHANI PANDEY
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
soniya singh
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
nirzagarg
 

Kürzlich hochgeladen (20)

2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
Pirangut | Call Girls Pune Phone No 8005736733 Elite Escort Service Available...
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 

Privacy in Business Processes by User-Centric Identity Management

  • 1. FIDIS Research Event 2006, Budapest Sven Wohlgemuth Albert-Ludwig University Freiburg, Germany Privacy in Business Processes by User-centric Identity Management
  • 2. FIDIS - Future of Identity in the Information Society (No. 507512) 11.09.2006 2 Agenda I. Scenario: Personalized Services and Business Processes II. Example: Data Economy in Business Processes III. WP14: Areas of Work
  • 3. FIDIS - Future of Identity in the Information Society (No. 507512) 11.09.2006 3 I. Personalized Services and 
 Business Processes Objectives of an attacker: • Tracing user • Misusing user‘s attributes I want a holiday trip, here are my attributes User Holiday trip Service 1 1:n To known service Challenge: Trust in Service 1? U wants a car, Here is what I know of U Car 1:n:m To unknown service(s)U = profile Service 2 user profiles
  • 4. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 4 Survey for Germany (ECE IV)
 Most Important Barriers for Personalized Services 0 % 25 % 50 % 75 % 100 % 20,700 %20,700 %18,100 %15,800 %15,984 % 12,012 % 58,400 %56,700 % 47,700 %49,800 %46,753 % 44,344 % 20,900 %22,600 % 34,200 %34,400 %37,263 % 43,644 % high medium no Costly integration in processes Expected neg. reaction since privacy violation Doubts wrt. data protection laws Low customer acceptance Other legal doubts Pot. loss of reputation http://www.telematik.uni-freiburg.de/ece.php
  • 5. FIDIS - Future of Identity in the Information Society (No. 507512) 5 Car? Driving licence? Privacy Attacks
 1:n Relationships Privacy: User is able to to determine on the disclosure and use of his own personal data. I want a holiday trip, here are my attributes User Holiday trip Service 1Service 1 1:n To known service U = profile 11.09.2006
  • 6. FIDIS - Future of Identity in the Information Society (No. 507512) 5 Car? Driving licence? Threat: Misuse of personal data by services Driving
 licence Stella Freiburger
 Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Motorbike Claudia Freiburger Harley Davidson IP: 132.15.16.3 Car Stella Freibuger VW Beetle IP: 132.15.16.3 Privacy Attacks
 1:n Relationships Privacy: User is able to to determine on the disclosure and use of his own personal data. I want a holiday trip, here are my attributes User Holiday trip Service 1Service 1 1:n To known service U = profile 11.09.2006
  • 7. Driving licence? Car? Car Car Stella Freiburger VW Beetle IP: 132.15.16.3 Driving
 licence Stella Freiburger Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Vacation trip? Privacy Attacks
 1:n:m Relationships I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2Service 2 user profiles
  • 8. Driving licence? Informational self-determination? Driving
 Licence Stella Freibuger
 Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Holiday Stella Freiburger VW Beetle ... IP: 132.15.16.3 Car? Car Car Stella Freiburger VW Beetle IP: 132.15.16.3 Driving
 licence Stella Freiburger Classes: ABE
 Friedrichstr. 50
 D-79098 Freiburg
 Germany
 IP: 132.15.16.3 Vacation trip? Privacy Attacks
 1:n:m Relationships I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2Service 2 user profiles
  • 9. FIDIS - Future of Identity in the Information Society (No. 507512) 7 II. Problem: Data Economy Identity management and multi-staged business processes □ Single Sign On: central or several CA
 (Microsoft .NET Passport or Liberty Alliance) □ Partial identities
 (Freiburg iManager) □ Anonymous credentials
 (IBM idemix) 11.09.2006
  • 10. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 8 Case 1: Single Sign-On
 1:n:m Relationships 3: Authentification 1: Request for booking 1: Request for car 2: Redirection 4: Connect 5: Request for pers. data: driving licence 7: Allow / deny access 8: Booking confirmation 6: Pers. data: driving licence
  • 11. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 8 Case 1: Single Sign-On
 1:n:m Relationships • Proxy needs secret token of user for authentication ➔ Linkability + Misuse • CA is in every authentication involved ➔ Linkability 3: Authentification 1: Request for booking 1: Request for car 2: Redirection 4: Connect 5: Request for pers. data: driving licence 7: Allow / deny access 8: Booking confirmation 6: Pers. data: driving licence
  • 12. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 9 Stella 543ag I am Stella Dig. driving licence I am 543ag Booking confirmation • Non-Transferability Mechanismen:
 All credentials and pseudonyms are based on one secret key kMax Car for 543ag Car CA certifies personal data and issues anonymous credentials skStella Case 2: Anonymous Credentials
 1:n:m Relationships
  • 13. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 9 Stella 543ag I am Stella Dig. driving licence I am 543ag Booking confirmation • Non-Transferability Mechanismen:
 All credentials and pseudonyms are based on one secret key kMax Car for 543ag Car • Proxy requires secret key kStella for showing credential ! Delegation of all credentials: misuse is possible ! Fraud: Revealing anonymity of the user kStella CA certifies personal data and issues anonymous credentials skStella Case 2: Anonymous Credentials
 1:n:m Relationships
  • 14. Additional criteria for 1:n:m relationships: Delegation of rights on personal data • Integrity of an authorization • Delegation of „least privilege” • Preventing misuse of delegated authorizations • Restricting re-delegation of delegated authorizations • Revoking delegated authorizations • Distinguishing user and proxy Criteria for 1:n relationships: • Showing personal data depending on service • Non-linkability of transactions • Authentication without revealing identifying data • Non-repudiation of user‘s transactions • Revealing identity of cheating users Criteria for 1:n and 1:n:m Relationships
  • 15. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 11 Idea: Authorization for purpose-based transfer of personal data as a credential
 (Proxy Credential) Unobservability by: – Anonymous credentials – Pseudonyms – CA signs Proxy Credential Purpose-based: – Logging of delegation and use by
 CA and end service Limit: – User cannot enforce restrictions
 of a delegated authorization – Observability if servíce needs
 identifying data of the user Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management, ETRICS 2006. DREISAM
 Unlinkable Delegation of Rights
  • 16. (Mechanisms of PKI + anonymous credentials) • Integrity of an authorization • Delegation of „least privilege“ • Preventing misuse of delegated authorizations • Restricting re-delegation of delegated authorizations • Revoking delegated authorizations • Distinguishing user and proxy DREISAM: Evaluation Criteria for a self-determined disclosure of personal data: • Showing personal data depending on service • Non-linkabiltiy of transactions • Authentication without revealing identifying data • Non-repudiation of user‘s transactions • Revealing identity of cheating users (Partial identity) (Pseudonyms and anonymity service) (Zero-Knowledge Proof) (Protocol run of showing a credential) (De-anonymization party) (Anonymous credential + CA) (One-show anony. credential + Audit) (Audit) (Proxy Credential) (Protocol of showing a credential + CA)
  • 17. Verifying Use of Personal Data:
 Certified Service □ Information flow: Verified sandbox at service provider □ Peer: Attestated service access points of sandbox □ Presumption: TPM and CA infrastructure service OS hardware service OS hardware Service ProviderUser service OS hardware service OS hardware Privacy CA SoftwareCA Hohl, A., Lowis, L., Zugenmaier, A.: Look who's talking - Authenticated Service Access Points. travel agency untrusted area trusted end device
  • 18. FIDIS - Future of Identity in the Information Society (No. 507512) 16.05.16 14 III. WP 14: Areas of Work I want a holiday trip, here are my attributes U wants a car, Here is what I know of U User CarHoliday trip Service 1 1:n 1:n:m To known service To unknown service(s)U = profile Service 2 user profiles Identity management Identity management extended by protocols, TC, … D14.2: Study on privacy in business processes by identity management D14.3: Study on the suitability of trusted computing to support
 privacy policies in business processes Identification of privacy requirements for identity management relating to the use of disclosed personal data Objective:
  • 19. FIDIS - Future of Identity in the Information Society (No. 507512) 15 • Non-Programmed Norms Safe harbor, regulations EU, self-determination politeness, respect • Programmed Norms P3P, EPAL, … • Privacy Tools - Distrust in partner - Control service‘s system
 behavior or knowledge about it - User-controlled only Approach of WP14 Privacy Principles Privacy Policy Privacy Tools Prevent misuse (Access Control) Identify misuse (Audit) Prevent profiling (Anonymity services) Minimize profiling (IMS) 11.09.2006
  • 20. FIDIS - Future of Identity in the Information Society (No. 507512) 16 Workshop Agenda – Monday Session 1 14:15-16:15 14:15-14:45 Sven Wohlgemuth (ALU-FR): Privacy in Business Processes by User-centric Identity Management 14:45-15:15 Mireille Hildebrandt (VUB): The user-centric narrative of AmI: smart marketing or citizen empowerment? 15:15-15:45 Günter Karjoth (IBM): Achieving Transparency by Applying an Enterprise Privacy Architecture 15:45-16:15 Simone Fischer-Hübner (KU): The "Data Track" for increasing transparency for end users 16:15-16:30 Coffee Break Session 2 16:30-18:30 16:30-17:00 Ammar Alkassar (SIRRIX): Employing Trusted Computing for User-Friendly Business-Processes 17:00-17:30 Stefan Köpsell (TUD): Overview of Trusted Computing and possible Applications for Business Processes with Delegates 17:30-18:00 Richard Cissée (TUB): Privacy-preserving Information Filtering 18:00-18:30 Sven Wohlgemuth (ALU-FR): Further steps to D14.2, D14.3 and to 4th work plan 11.09.2006
  • 21. FIDIS - Future of Identity in the Information Society (No. 507512) 17 Workshop Agenda – Tuesday Session 3 13:45-15:15 13:45-14:15 Martin Meints (ICPP): Compliance in Enterprises - how can Trends in IT-Security successfully be transfered to Data Protection? 14:15-14:45 Laurent Bussard (Microsoft): TBA 14:45-15:15 Pieter Ribbers (Tilburg University): Privacy and Business Processes: the approach in PRIME 11.09.2006