User-Centric Privacy-Enhancing Identity Management

Online identities are associated to individuals and improper handling of these identities may therefore affect these individuals. Placing the individual at the center of identity management and empowering them with tools to actively manage their identity may help limit the privacy risks provoked by the information society. As we have argued in the previous chapters, embedding privacy into the design of identity management systems is important. What the actual embodiment of privacy features into IdM encompasses is less clear. The previous chapter has shown a number of data protection principles that have to be observed by any system that handles personal data. These principles are part of the legal requirements for the development of any application that handles personal data, including identity management systems. There are also other sources of requirements. Human computer interaction research, sociological research and economics/business studies can also contribute to defining requirements for privacy-enhancing identity management systems. In the current chapter we focus on results obtained in PRIME research in the fields of law and sociology and human computer interaction that resulted in a set of concrete set of requirements for user-centric privacy-enhancing IdM. A more detailed description of user-focused privacy requirements can be found in PRIME’s Deliverables Framework V3 [PRI08] and Requirements V3 [KDR+08].