Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services

Digital identities and profiles are precious assets. On one hand they enable users to engage in transactions and interactions on the Internet. On the other hand, abuses and leakages of this information could violate the privacy of their owners, sometimes with serious consequences. Nowadays, most of the people have limited understanding of security and privacy polices when applied to their confidential information. In addition, people have little control over the destiny of this information once it has been disclosed to third parties. In most cases this is a matter of trust. This document describes an innovative approach and related mechanisms to enforce users' privacy by putting users in control and making organizations more accountable. We introduce a technical solution based on sticky policies and tracing services that leverages Identifier-based Encryption (IBE) and TCPA technologies. Work is in progress to build a full working prototype.