Automated Privacy Audits to Complement the Notion of Control for Identity Management
نویسنده
چکیده
Identity management systems are indispensable in modern networked computing, as they equip data providers with key techniques to avoid the imminent privacy threats intrinsic to such environments. Their rationale is to convey data providers with a sense of control over the disclosure and usage of personal data to varying degree, so that they can take an active role in protecting their privacy. However, we purport the thesis that a holistic sense of control includes not only the regulation of disclosure, as identity management techniques currently do, but must equivalently comprise the supervision of compliance, i.e. credible evidence that data consumers behave according to the policies previously agreed upon. Despite its relevance, supervision has so far not been possible. We introduce the concept of privacy evidence and present the necessary technical building blocks to realise it in dynamic systems.
منابع مشابه
A centralized privacy-preserving framework for online social networks
There are some critical privacy concerns in the current online social networks (OSNs). Users' information is disclosed to different entities that they were not supposed to access. Furthermore, the notion of friendship is inadequate in OSNs since the degree of social relationships between users dynamically changes over the time. Additionally, users may define similar privacy settings for their f...
متن کاملEvaluation of Unified Security, Trust and Privacy Framework (UnifiedSTPF) for Federated Identity and Access Management (FIAM) Mode
Federated identity and access management systems such as Shibboleth may symbolize a boost: (i) to bring the efficiency and effectiveness in collaboration for governments, enterprises and academia, and (iii) conserve the home domain user's identity privacy in a privacy-enhanced fashion. However, the consternation is about the absence of a trusted computing based mutual trust and security es...
متن کاملInvestigating Effect of Auditor's Professional Identity on the Competitive Nature of Clients, According to the Auditor's Experience
The professional identity of auditors is considered to be a behavioral and psychological feature that can be very effective in improving the quality of audits, helping to improve the level of corporate transparency and reducing the company's information asymmetry. Strengthening the strategic position of the investors in the capital market. The purpose of this Investigating Effect of Auditor's P...
متن کاملPrivacy Issues in Cross-Border Identity Management Systems: Pan-European Case
The paper presents a Pan-European Identity Management System that was developed through the concerted efforts of several European research initiatives, and identifies gaps in the privacy protection mechanisms, which occur because privacy is considered strictly from the EU Data Protection regulation perspective. Privacy protection problems are identified, and measures to eliminate them are outli...
متن کاملDigital Identity Protection - Concepts and Issues
Tools and techniques for digital identity management represent an important technology for enabling transactions and interactions across the Internet. Because identity information is often privacy sensitive, it is important that suitable privacy and security techniques be adopted for its protection. In this paper we discuss relevant concepts and issues and survey an approach based on the notion...
متن کامل