Privacy and Consent Management

Federating the Next Generation

Abstract

Privacy and Consent Management

User privacy was one of the original design goals of federated access management software in common use today. Now that this software has been in use in the UK for some time, we can take stock of whether this objective has been achieved, and what the consequences are, particularly for service provision. To enable services from multiple providers (for example, JISC Information Environment services) to work together for the benefit of users, a more balanced approach to privacy than is currently being employed by default may be beneficial.

We will look at a number of ways in which the current balance could be modified without compromising user privacy, which is backed by the law. A separate talk covers a possible technological solution enabling identity providers to obtain explicit user consent for releasing personal data automatically. We will instead consider policy approaches that could allow wider release of personal data without confronting users with additional on-screen consent agreements and, importantly, without placing the burden on individual institutional identity provider administrators of making quasi-legal decisions about release of user attributes to large numbers of information service providers that they may not be personally familiar with, which is likely to lead to over-caution.

Presenters

Fiona Culloch

Fiona Culloch is a member of the SDSS access management expert group, based at EDINA. She developed the architecture used by EDINA to integrate its web services with Shibboleth and contributed to co-ordinating the various teams involved in EDINA’s roll-out of federated access in August 2008. Fiona was also a contributor to the recent JISC review of OpenID and worked on the TIES I and II projects, which looked at the use of digital certificates in UK HE/FE. Previously she worked in industry on compilers and real-time operating systems.


Robin Wilton
Robin WiltonRobin Wilton is the founder and director of Future Identity Ltd., an independent company set up in January 2009 to provide structured consultancy on digital identity, privacy and public policy. In the same month, Future Identity completed its first consulting engagement, for a UK central government department.

Since then, Future Identity's client engagements include: work for the world-wide Liberty Alliance consortium on interoperable digital identity (where Robin is Director of Privacy and Public Policy); the UK VOME project (Visualisation and Other Methods of Expression); the European Commission (as an expert reviewer), and a national regulatory body.

Over the last 25 years, Robin's technical background in banking systems, security and cryptography has evolved into leading-edge expertise in identity management, privacy and public policy. He has built a reputation for being able to articulate and balance the various stakeholder interests of technologists, businesspeople and policymakers. He chairs the Privacy and Public Policy Work Group of the Kantara Initiative, and is on the advisory boards of the European PrimeLife Project on privacy and identity management, and the UK's EnCoRe project on Consent and Revocation.

His focus is on the intersection of technology and policy for identity management, with a strong ethical commitment to improving stakeholder privacy outcomes.

Robin's digital footprint:
mail: futureidentity@fastmail.fm
voice:+44 (0)705 005 2931
website: http://futureidentity.eu
blog: http://futureidentity.blogspot.com
twitter: http://twitter.com/futureidentity
OID: http://futureidentity.mp

Bookmark and Share