Trust and Internet Identity Meeting Europe
11-14 Feb 2019: Workshops and Unconference

TIIME 2015 Session 17: Privacy by Design in Federated Identity Management (FIM) + State of the art of PbD

Convener: Berit Skjernaa

Abstract: FIM, while solving important problems of remote entity authentication, introduces new privacy risks, like new possibilities of linking private data sets and new opportunities for user profiling. We will discuss privacy by design requirements, transpose them into specific architectural requirementsand and evaluate a number of FIM models that have been proposed to mitigate these risks.

Tags: Privacy by Design

Notes

We are currently making a survey regarding the adoption of Privacy by Design in Danish companies for the Danish Business Authority and would like input to what the status is throughout Europe, what are the obstacles, what are the commercial benefits, who does a good job, and what is and can be done to push the adoption.

What are the incentives and why is privacy... I would come to the conclusion to think about things like privacy in the systems we are building.

I would like to show you what we found out privacy and privacy by design means in particularly in the field of identity management. 

From general provision reduced to requirements for identity systems. 

Privacy risks related to FM, linkability and observability as two general problems, linkability is that basically two SPs should not be able to know that they are dealing with the same IDP. The worst thing to do is to make join identifiers.