Widespread use of cloud computing and other off-shore hosting and processing arrangements make regulation of cross border data one of the most significant issues for regulators around the world. ...Cloud computing has made data storage and access cost effective but it has changed the nature of cross border data. Now data does not have to be stored or processed in another country or transferred across a national border in the traditional sense, to be what we consider to be cross border data. Nevertheless, the notion of physical borders and transfers still pervades thinking on this subject. The European Commission (“EC”) is proposing a new global standard for data transfer to ensure a level of protection for data transferred out of the EU similar to that within the EU. This paper examines the two major international schemes regulating cross-border data, the EU approach and the US approach, and the new EC and US proposals for a global standard. These approaches which are all based on data transfer are contrasted with the new Australian approach which regulates disclosure. The relative merits of the EU, US and Australian approaches are examined in the context of digital identity, rather than just data privacy which is the usual focus, because of the growing significance of digital identity, especially to an individual's ability to be recognized and to transact. The set of information required for transactions which invariably consists of full name, date of birth, gender and a piece of what is referred to as identifying information, has specific functions which transform it from mere information. As is explained in this article, as a set, it literally enables the system to transact. For this reason, it is the most important, and most vulnerable, part of digital identity. Yet while it is deserving of most protection, its significance has been largely under-appreciated. This article considers the issues posed by cross border data regulation in the context of cloud computing, with a focus on transaction identity and the other personal information which make up an individual's digital identity. The author argues that the growing commercial and legal importance of digital identity and its inherent vulnerabilities mandate the need for its more effective protection which is provided by regulation of disclosure, not just transfer.
Recent work in the emerging field of network or digital identity suggests a new approach to the design of informatics systems, in which the individual becomes the guardian of their own personal data, ...and is assisted in controlling access to it by an infrastructure that is aware of roles, such as 'doctor', and relationships, such as 'doctor-patient'.For these purposes, an 'identity' is defined as the history of a relationship between two entities, and thus encompasses not only name and address but also data that would usually be regarded as part of an electronic patient or health record. This paper presents a description of how such a true person-centric architecture might work, and shows how it can be seen as an evolution of current plans in the NHS for a national patient data spine. One application, the electronic transmission of prescriptions, is described in detail. Other applications, both within and without the healthcare field, are described in outline. The implementation of such a person-centric system requires a modest degree of technical innovation, but significant change in organisational and business models. It is suggested that there is a need for one or more not-for-profit trusts, each with a remit to act as host for an individual's digital identity, and as the individual's true agent. Service providers - such as healthcare organisations - will pay the trust for provision of authentication, and for the storage and transmission of a patient's data; the trust in turn will pay implementation partners, such as smart card issuers and providers of communication channels, acting on behalf of the individual.
In this paper the authors analyze the problems and shortcomings of the existing diploma anti-forgery systems, and propose a new diploma anti-forgery system based on digital identities. A digital ...identity is produced through the JUNA lightweight digital signature scheme. It hide the private key of a university, the ID number of a student, the graduating date etc, consists of only 16 alphanumeric characters, and can be printed directly on a diploma page. When a digital identity is verified, it is inputted into a mobile phone by a checker, and then is sent to a unified verification platform which stores public keys of all universities and the informaton of students, and returns the result of "True / False" to the mobile phone. Besides, the new system adds a resident ID number as the security trusted root to a digital identity, which effectively and thoroughly solves the diploma anti-forgery problem with low cost and low environmental pollution.
The introduction of e-government services and applications leads to significant changes in the structure and organization of public administrations. In this paper we analyze a new solution ideated by ...Regione Marche to access electronic services that is the national services card, called Raffaello. Furthermore we explain the difference between a digital identity and a digital citizenship in order to introduce a new framework for e-government authentication: the "e-government identity management framework" composed by shared and standardized services that support specific mechanisms of authentication. We explain the use of the presented framework together with smart cards technologies for the digital citizenship
L'augmentation rapide du nombre de transactions en ligne dans le monde moderne numérique exige la manipulation des informations personnelles des utilisateurs, y compris sa collection, stockage, ...diffusion et utilisation. De telles activités représentent un risque sérieux concernant le respect de la vie privée des informations personnelles. Le travail actuel analyse l'utilisation des architectures d'identité fédérées (AIF) comme une solution appropriée pour simplifier et assurer la gestion des identités numériques dans un environnement de collaboration. Cependant, la contribution principale du projet est la proposition d'un modèle de respect de la vie privée qui complète les mécanismes inhérents de respect de la vie privée de la AIF afin d'être conformes aux principes de respect de la vie privée établis par un cadre législatif. Le modèle de respect de la vie privée définit une architecture modulaire qui fournit les fonctionnalités suivantes : spécifications des conditions de respect de la vie privée, représentation des informations personnelles dans un format de données standard, création et application des politiques en matière de protection de la vie privée et accès aux informations personnelles et registre d'évènement. La praticabilité pour déployer le modèle de respect de la vie privée dans un environnement réel est analysée par un scénario de cas pour le projet mexicain d'e-gouvernement.
The fast growth of the number of on-line transactions in the modern digital world requires the handling of personal information of users, including its collection, storage, use and dissemination. Such activities represent a serious risk regarding the privacy of personal information. The present work analyses the use of Federated Identity Architectures (FIA) as a suitable solution for simplifying and assuring the management of digital identities in a collaborative and distributed environment. However, the main contribution of the project is the proposal of a privacy model that complements the inherent privacy mechanisms of the FIA in order to comply with the privacy principles established by a regulatory framework. The privacy model has a layered and modular architecture that allows providing the following functionalities: specification of privacy requirements, representation of personal information in a standard data format, creation and enforcement of privacy policies and access to personal information and event logs. The feasibility for deploying the privacy model within a real environment is analyzed through a case scenario for the Mexican e-Government project.
We are the middle of a global identity crisis. New notions of identity are made possible in the online world where people eagerly share their personal data and leave ‘digital footprints’. Multiple, ...partial identities emerge distributed across cyberspace divorced from the physical person. The representation of personal characteristics in data sets, together with developing technologies and systems for identity management, in turn change how we are identified. Trustworthy means of electronic identification is now a key issue for business, governments and individuals in the fight against online identity crime. Yet, along with the increasing economic value of digital identity, there are also risks of identity misuse by organisations that mine large data sets for commercial purposes and in some cases by governments. Data proliferation and the non-transparency of processing practices make it impossible for the individual to track and police their use. Potential risks encompass not only threats to our privacy, but also knowledge-engineering that can falsify digital profiles attributed to us with harmful consequences. This panel session will address some of the big challenges around identity in the digital age and what they mean for policy and law (its regulation and protection). Questions for discussion include: What does identity mean today? What types of legal solutions are fit for purpose to protect modern identity interests? What rights, obligations and responsibilities should be associated with our digital identities? Should identity management be regulated and who should be held liable and for what? What should be the role of private and public sectors in identity assurance schemes? What are the global drivers of identity policies? How can due process be ensured where automated technologies affect the rights and concerns of citizens? How can individuals be more empowered to control their identity data and give informed consent to its use? How are biometrics and location-tracking devices used in body surveillance changing the identity landscape?
Digital identity – The legal person? Sullivan, Clare
The computer law and security report,
2009, 2009-1-00, 20090101, Letnik:
25, Številka:
3
Journal Article
This paper examines the concept of digital identity which the author asserts is now evident in the United Kingdom as a consequence of the Identity Cards Act (UK) 2006 and the National Identity Scheme ...it establishes. The nature and functions of the concept, particularly the set of information which constitutes an individual's transactional identity, are examined. The paper then considers the central question of who, or what, is the legal person in a transaction i.e. who or what enters into legal relations. The analysis presents some intriguing results which were almost certainly not envisaged by the legislature. The implications extend beyond the United Kingdom to similar schemes in other jurisdictions, and to countries, like Australia, which may implement such a scheme.
I first heard about a tragedy in Tucson, not from major television news networks, but from a direct message sent by a politically-active friend who was attending the political gathering where a mass ...shooting took place, including the shooting of an Arizona congresswoman, Gabrielle Giffords. While the television news sputtered around trying to offer details (initially wrongly claiming that she was dead, likely from pressure to be the first to report big news), I found myself reading Google News, piecing together Facebook posts, e-mailing friends and reading Twitter updates.
A survey on OpenID identifiers Tapiador, A.; Mendo, A.
2011 7th International Conference on Next Generation Web Services Practices,
2011-Oct.
Conference Proceeding
This article surveys the data attached to OpenID identifiers, as a means to learn the formats and semantics of information currently shared by OpenID users. Identifiers have been harvested from ...websites that support OpenID authentication and publicly display them. They were subsequently analyzed and the results of the analysis show that half of the identifiers belong to custom domains while a quarter rely on their own OpenID provider. Attached information is related to blogging activities principally, in a HTML embedded format. Most common semantics include tagging, personal details and social relationships.
PDF
