Identity Management In A Federated EnvironmentIdentity Protection and Management ConferencePresented by

Samuel P. Jenkins, Director

Defense Privacy and Civil Liberties Office

April 2010

2

Presentation Outline

Success factors for identity federation and relation to privacy

Fair Information Practice Principles for Identity Management Systems

Core Information Privacy Concerns Privacy Design Considerations

Identity Federation Goal

Enable users to securely access data, systems, or applications of another domain seamlessly and without the need for completely redundant user administration

3

Identity Federation

4

Domain and Individual Privacy

Assurances

Identity Federation Basis for Success

Agreement on root identities Trust

Between domains Between domain and individual

5

Root Identity Agreement Identity theft risk Authentication Social Security Number Access control

6

Domain Trust Information sharing agreements

Purpose and authorities Training Data correction and deletion Breach notification

Baseline security requirements Access credentialing/Access controls Technical safeguards

7

Individual Trust One person, one identity Accuracy and timeliness Controlled information sharing IT Security

8

Fair Information Practice Principles

9

Source: Organization for Economic Cooperation and Development

Principle Description

Security safeguards Personal information should be protected with reasonable security safeguards against risks such as loss or unauthorized access, destruction, use, modification, or disclosure.

Openness

The public should be informed about privacy policies and practices, and individuals should have ready means of learning about the use of personal information.

Individual participation Individuals should have the following rights: to know about the collection of personal information, to access that information, to request correction, and to challenge the denial of those rights.

Accountability

Individuals controlling the collection or use of personal information should be accountable for taking steps to ensure the implementation of these principles.

Fair Information Practice Principles

10

Fair Information Practice Principles

for Identity Management Systems

Principle DescriptionDiversity and decentralization

Resist centralizing identity information or using a single credential for multiple purposes.

Proportionality

The amount, type, and sensitivity of identity information collected and stored by an identity management system should be consistent with and proportional to the system’s purpose.

Privacy by design Privacy considerations should be incorporated into the identity management system from the outset of the design process.

Core Informational Privacy Concerns

Observability The possibility that others (potential

observers) will gain information. Linkability

The potential to link between data and an individual as well as potential links between different data sets that can be tied together for further analysis.

11

Privacy Design Considerations

Determine whether identity is necessary

Identify risks Discourage unnecessary linkages Implement security during design Adopt trust-enhancing measures

12

Thank you!

Questions?

13