An App Approach Towards User Empowerment in Personalized Service Environments
The laws of identity and privacy protection goals are major requirements of user-centric personalized service environments. The goal is that users can send master data, preferences, attributes and claims together with policies to relying parties such as Cloud Services Providers in order to control purpose, usage, and availability of personally identifiable information. In order to meet the requirements and to establish a trusted end point this paper introduces a virtual representation of a user called LifeApp that can be downloaded and installed by relying partners. On the one hand this approach aims at empowering the user to control access, enforce policies, minimize misusage and enjoy – nonetheless – personalized contextual services. On the other hand relying parties benefit from synchronizing data whenever it changes at the user’s or the requester’s side. The advantages are up-to-date and authentic user data, simplified customer relationship management, and if needed compliance to local data protection. The paper introduces the app approach to personalized service environments based on the Kantara-UMA protocol.
KeywordsInternet Identity Management Life Management Platforms Personal Clouds Personally Identifiable Information Privacy by Design User Empowerment Kantara UMA Protocol
Unable to display preview. Download preview PDF.
- 1.Hansen, M.: Top 10 Mistakes in System Design from a Privacy Perspective and Privacy Protection Goals. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IFIP AICT, vol. 375, pp. 14–31. Springer, Heidelberg (2012) http://www.csc.kth.se/~buc/PPC/Slides/marit.pdf CrossRefGoogle Scholar
- 2.Rost, M., Bock, K.: Privacy by Design and the New Protection Goals. Datenschutz und Datensicherheit 35, 30–35 (2011), https://www.european-privacy-seal.eu/results/articles/BockRost-PbD-DPG-en.pdf CrossRefGoogle Scholar
- 3.Hardjono, T. (ed.): User Managed Access (UMA) Profile of OAuth 2.0. IETF Internet-Draft (2013), http://docs.kantarainitiative.org/uma/draft-uma-core.html
- 4.Cameron, K.: The Laws of Identity (2005), http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf
- 5.Albrecht (Rapp.), J.P.: Draft Report on the proposal for a regulation with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) (December 2011), http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf
- 6.Article 29 Data Protection Working Party, Opinion 05/2012 on Cloud Computing (July 2012), http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp196_en.pdf
- 7.González-Tablas, A.I., Alam, M., Hoffmann, M.: An architecture for user-managed location sharing in the Future Internet of Services. In: The 4th International Workshop on Trustworthy Internet of People, Things & Services, co-located with the Internet of Things 2010 Conference, Tokyo, Japan, November 29-December 1 (2010), http://www.seg.inf.uc3m.es/papers/2010tiopts.pdf
- 8.Fischer-Hübner, S., Hoofnagle, C., Krontiris, I., Rannenberg, K., Waidner, M. (eds.): Online Privacy: Towards Informational Self-Determination on the Internet, http://drops.dagstuhl.de/opus/volltexte/2011/3205/