Identity Management Based on P3P
Identity management is a powerful mechanism to enhance user-privacy. In this paper we will examine the idea of an identity management system built atop of an anonymous-communication network. First, we will develop some basic approaches to realize identity management, and we will introduce the Platform for Privacy Preferences Project (P3P) as a standard for exchanging personal data in the World Wide Web. After discussing the feasibility of using P3P as a basis, we will outline some possibilities for designing an identity management system using P3P. For this purpose, other building blocks, especially considering the representation of different kinds of pseudonyms as the core of an identity management system, are described. Finally, we will sketch possible future developments of identity managers.
KeywordsPersonal Data Identity Management User Agent Digital Identity Identity Management System
Unable to display preview. Download preview PDF.
- 1.A P3P Preference Exchange Language (APPEL); Marc Langheinrich (Ed.); W3C Working Draft 20 April 2000; http://www.w3.org/TR/2000/WD-P3P-preferences-20000420 (newer version in the W3C member area: Working Draft 3 October 2000; http://www.w3.org/P3P/Group/Preferences/Drafts/WD-P3P-preferences-20001006.html).
- 2.Oliver Berthold, Hannes Federrath: Identitätsmanagement; in: Helmut Bäumler (Ed.): E-Privacy; Proceedings Summer School of the Independent Centre for Privacy Protection Schleswig-Holstein, August 28, 2000, Kiel; Vieweg, Wiesbaden 2000, 189–204.Google Scholar
- 3.Stefan Brands: Rethinking Public Key Infrastructures and Digital Certificates-Building in Privacy; Thesis; Brands Technologies; 1999; http://www.xs4all.nl/~brands/.
- 4.David Chaum: Security Without Identification: Card Computers to Make Big Brother Obsolete; http://www.chaum.com/articles/Security WthoutIdentification.htm. Original version: Security Without Identification: Transaction Systems to Make Big Brother Obsolete; Communications of the ACM, Vol. 28 No. 10, October 1985; 1030–1044.CrossRefGoogle Scholar
- 5.David Chaum: Showing Credentials without Identification: Transferring Signatures between Unconditionally Unlinkable Pseudonyms; in: J. Seberry/ J. Pieprzyk (Eds.): Advances in Cryptology-AUSCRYPT’ 90, volume 453 of Lecture Notes in Computer Science, 8–11 January, 1990, Sydney, Australia, Springer; 246–264.CrossRefGoogle Scholar
- 6.Roger Clarke: Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice; in: Simone Fischer-Hübner, Gerald Quirchmayr, Louise Yngström (Eds.): User Identification & Privacy Protection: Applications in Public Administration & Electronic Commerce; Kista, Schweden; June 1999; IFIP WG 8.5 and WS 9.6; http://www.anu.edu.au/people/Roger.Clarke/DV/UIPP99.html.
- 7.Lorrie Faith Cranor: Agents of Choice: Tools that Facilitate Notice and Choice about Web Site Data Practices; Proceedings of the 21st International Conference on Privacy and Personal Data Protection; September 13–15, 1999; Hong Kong SAR, China; 19–25; http://www.research.att.com/~lorrie/pubs/hk.pdf.
- 8.Herbert Damker, Ulrich Pordesch, Martin Reichenbach: Personal Reachability and Security Management-Negotiation of Multilateral Security; in: Günter Müller, Kai Rannenberg (Eds.): Multilateral Security in Communications-Technology, Infrastructure, Economy; Proceedings Multilateral Security in Communications, July 16–17, 1999, Stuttgart; Addison-Wesley-Longman, Munich 1999; 95–111.Google Scholar
- 9.John Hagel, Marc Singer: Net Worth: Shaping Markets When Customers Make the Rules; Harvard Business School Press, U.S.; 1999.Google Scholar
- 11.Marit Köhntopp: Identitätsmanagement; 2000; http://www.koehntopp.de/marit/publikationen/idmanage/.
- 12.Anna Lysyanskaya: Pseudonym Systems; Master’s Thesis at the Massachusetts Institute of Technology; June 1999; http://theory.lcs.mit.edu/~cis/theses/anna-sm.ps.gz.
- 13.Andreas Pfitzmann, Marit Köhntopp: Anonymity, Unobservability, and Pseudonymity-A Proposal for Terminology; in this volume.Google Scholar
- 14.Birgit Pfitzmann, Michael Waidner, Andreas Pfitzmann: Secure and Anonymous Electronic Commerce: Providing Legal Certainty in Open Digital Systems Without Compromising Anonymity; IBM Research Report RZ 3232 (#93278) 05/22/00, IBM Research Division, Zurich, May 2000; http://www.semper.org/sirene/publ/PWP00anoEcommerce.ps.gz.
- 15.The Platform for Privacy Preferences 1.0 (P3P1.0) Specification; Massimo Marchiori (Ed.); W3C Candidate Recommendation 15 December 2000; http://www.w3.org/TR/2000/CR-P3P-20001215/.
- 16.Henk van Rossum, Huib Gardeniers, John Borking et al.: Privacy-Enhancing Technologies: The Path to Anonymity, Volume I u. II; Achtergrondstudies en Verkenningen 5a/5b; Registratiekamer, The Netherlands & Information and Privacy Commissioner/Ontario, Canada; August 1995; http://www.ipc.on.ca/english/pubpres/sum pap/papers/anon-e.htm.