Identity management systems are indispensable in modern networked computing, as they equip data providers with key techniques to avoid the imminent privacy threats intrinsic to such environments. Their rationale is to convey data providers with a sense of control over the disclosure and usage of personal data to varying degree, so that they can take an active role in protecting their privacy. However, we purport the thesis that a holistic sense of control includes not only the regulation of disclosure, as identity management techniques currently do, but must equivalently comprise the supervision of compliance, i.e. credible evidence that data consumers behave according to the policies previously agreed upon. Despite its relevance, supervision has so far not been possible. We introduce the concept of privacy evidence and present the necessary technical building blocks to realise it in dynamic systems.
Chapter PDF
References
R. Accorsi. On the relationship of privacy and secure remote logging in dynamic systems. In S. Fischer-H übner, K. Rannemberg, L. Yngstr öm, and S. Lindskog, editors, Proceedings of the 21st IFIP TC-11 International Security Conference: Security and Privacy in Dynamic Environments, volume 201 of International Federation for Information Processing, pages 329-339. Springer-Verlag, 2006.
R. Accorsi and M. Bernauer. On privacy evidence for UbiComp environments - Broadening the notion of control to improve user acceptance. In A. Bajart, H. Muller, and T. Strang, editors, Proceedings of the 5th Workshop on Privacy in UbiComp, pages 433-438, 2007.
R. Accorsi and A. Hohl. Delegating secure logging in pervasive computing systems. In J. Clark, R. Paige, F. Pollack, and P. Brooke, editors, Proceedings of the 3rd International Conference on Security in Pervasive Computing, volume 3934 of Lecture Notes in Computer Science, pages 58-72. Springer Verlag, 2006.
M. Casassa-Mont, S. Pearson, and P. Bramhall. Towards accountable management of pri-vacy and identity. In E. Snekkenes and D. Gollmann, editors, Proceedings of the European Symposium on Research in Computer Security, volume 2808 of Lecture Notes in Computer Science, pages 146-161. Springer-Verlag, 2003.
M. Froomkin. The death of privacy? Stanford Law Review, 52(5):1461-1543, May 2000.
A. Hohl. Traceable Processing of Personal Data in Remote Services Using TCG. PhD thesis, University of Freiburg, 2006.
S. Jajodia, M. Kudo, and V. Subrahmanian. Provisional authorizations. In A. Ghosh, editor, E-Commerce Security and Privacy, pages 133-159. Kluwer Academic Publishers, 2001.
E. Kenneally. Digital logs - Proof matters. Digital Investigation, 1(2):94-101, June 2004.
G. Müller. Privacy and security in highly dynamic systems. Communications of the ACM, 49(9):28-31, September 2006.
A. Pfitzmann. Multilateral security: Enabling technologies and their evaluation. In G. Müller, editor, Proceedings of the International Conference on Emerging Trends in Information and Communication Security, volume 3995 of Lecture Notes in Computer Science, pages 1-13. Springer-Verlag, 2006.
A. Pretschner, M. Hilty, and D. Basin. Distributed usage control. Communications of the ACM, 49(9):39-44, September 2006.
S. Sackmann, J. Strüker, and R. Accorsi. Personalization in privacy-aware highly dynamic systems. Communications of the ACM, 49(9):32-38, September 2006.
J. Strüker. Der gläserne Kunde im Supermarkt der Zukunft. Wirtschaftsinformatik, 49(1):59-62, January 2007.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 International Federation for Information Processing
About this paper
Cite this paper
Rafael Accorsi (2008). Automated Privacy Audits to Complement the Notion of Control for Identity Management. In: de Leeuw, E., Fischer-Hübner, S., Tseng, J., Borking, J. (eds) Policies and Research in Identity Management. The International Federation for Information Processing, vol 261. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-77996-6_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-77996-6_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-77995-9
Online ISBN: 978-0-387-77996-6
eBook Packages: Computer ScienceComputer Science (R0)