SlideShare a Scribd company logo

User consent for consumer identity (@ISSE2010)

Download as PPT, PDF
W
wegdam

As presented for ISSE 2010, on 7 October 2010 in Berlin.

1 of 23
User consent for consumer identity 7 October 2010, ISSE 2010, Berlin Maarten Wegdam Principal Research @ Novay
Novay? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
An intro to user consent ,[object Object],[object Object],[object Object],[object Object],[object Object]
Case: SURFfederation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],IdP IdP IdP IdP SP SP SP SP hub
State-of-the-art for consent InfoCard (active client)
State-of-the-art for consent OpenID (web-redirect)
User centric SAML? ,[object Object],[object Object],[object Object],[object Object],[object Object]
A step back A complicated trade-off for consent
Privacy attitude [Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor. ISRI technical report, december 2005.]
Approach ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
We decided in our case not to provide per-attribute choice, too difficult to understand. Always ask user before exchanging data 0 Consent
We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement Make the information flow clear 1 Informed
We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate
We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate will be longer
Difficult to do with web-browser without becoming too intrusive… ,[object Object],[object Object],3 Notification
Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents 4 Revocation
Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents 4 Revocation
User study setup ,[object Object],[object Object],[object Object],[object Object],[object Object]
User study outcome ,[object Object],[object Object]
User study – other points ,[object Object],[object Object],[object Object]
Current status ,[object Object],[object Object],[object Object],[object Object]
Closing remarks ,[object Object],[object Object],[object Object],[object Object],[object Object]
THANK YOU ,[object Object],[object Object],[object Object],More information: report: User controlled privacy voor de SURFfederatie (Dutch) report: User controlled privacy voor de SURFfederatie: een gebruikersstudie (Dutch) report: Outcome user controlled privacy pilot, to appear Dec 2010 (English) blog post: http://maarten.wegdam.name/2010/03/11/user-centric-saml/ email: [email_address]

Recommended

Online identity management workshop
Online identity management workshopOnline identity management workshop
Online identity management workshopJISC SSBR
 
The e resource licence
The e resource licenceThe e resource licence
The e resource licenceLouise Penn
 
Uma sec council_june_22_v4
Uma sec council_june_22_v4Uma sec council_june_22_v4
Uma sec council_june_22_v4Domenico Catalano
 
NUCLEAR WASTE MANAGEMENT
NUCLEAR WASTE MANAGEMENTNUCLEAR WASTE MANAGEMENT
NUCLEAR WASTE MANAGEMENTTahir Nawazkhan
 
Powerpoint on environmental issues
Powerpoint on environmental issuesPowerpoint on environmental issues
Powerpoint on environmental issuesMonika Uppal
 
The user perspective on consent for identity federations (TNC 2011)
The user perspective on consent for identity federations (TNC 2011)The user perspective on consent for identity federations (TNC 2011)
The user perspective on consent for identity federations (TNC 2011)wegdam
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCloudIDSummit
 
CIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCloudIDSummit
 

Recommended

Online identity management workshop
Online identity management workshopOnline identity management workshop
Online identity management workshopJISC SSBR
 
The e resource licence
The e resource licenceThe e resource licence
The e resource licenceLouise Penn
 
Uma sec council_june_22_v4
Uma sec council_june_22_v4Uma sec council_june_22_v4
Uma sec council_june_22_v4Domenico Catalano
 
NUCLEAR WASTE MANAGEMENT
NUCLEAR WASTE MANAGEMENTNUCLEAR WASTE MANAGEMENT
NUCLEAR WASTE MANAGEMENTTahir Nawazkhan
 
Powerpoint on environmental issues
Powerpoint on environmental issuesPowerpoint on environmental issues
Powerpoint on environmental issuesMonika Uppal
 
The user perspective on consent for identity federations (TNC 2011)
The user perspective on consent for identity federations (TNC 2011)The user perspective on consent for identity federations (TNC 2011)
The user perspective on consent for identity federations (TNC 2011)wegdam
 
CIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCIS 2015- User-centric Privacy of Identity- Jenn Behrens
CIS 2015- User-centric Privacy of Identity- Jenn BehrensCloudIDSummit
 
CIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCIS13: NSTIC Update and Reports from Pilots
CIS13: NSTIC Update and Reports from PilotsCloudIDSummit
 
Personalized Hypermedia Final Plus3
Personalized Hypermedia Final Plus3Personalized Hypermedia Final Plus3
Personalized Hypermedia Final Plus3Satyajit Das
 
Sampo Kellomäki (Synergetics) @ PIDS seminar
Sampo Kellomäki (Synergetics) @ PIDS seminarSampo Kellomäki (Synergetics) @ PIDS seminar
Sampo Kellomäki (Synergetics) @ PIDS seminarAlmereDataCapital
 
Mobility innovation and unknowns
Mobility innovation and unknownsMobility innovation and unknowns
Mobility innovation and unknownsLisa Marie Martinez
 
2016 02-04-gingell-iot
2016 02-04-gingell-iot2016 02-04-gingell-iot
2016 02-04-gingell-iotgingell
 
Social Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionSocial Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionPeter Coffee
 
Basics of Lean UX
Basics of Lean UXBasics of Lean UX
Basics of Lean UXGopi Thyagarajan
 
Identity federation & user centric identity
Identity federation & user centric identityIdentity federation & user centric identity
Identity federation & user centric identitywegdam
 
Getting your Strategy Right – in a SMAC World!
Getting your Strategy Right – in a SMAC World!Getting your Strategy Right – in a SMAC World!
Getting your Strategy Right – in a SMAC World!Continuity and Resilience
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric IdentityEduserv Foundation
 
Going Lean Way for Better UX
Going Lean Way for Better UXGoing Lean Way for Better UX
Going Lean Way for Better UXWinWire Technologies Inc
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyDMI
 
User & Mobile Centric Identity
User & Mobile Centric IdentityUser & Mobile Centric Identity
User & Mobile Centric Identitywegdam
 
Akash Solanki Portfolio
Akash Solanki PortfolioAkash Solanki Portfolio
Akash Solanki PortfolioAkash Solanki
 
Articulation
Articulation Articulation
Articulation butest
 
Open Source adoption in a Mexicon Second tier Bank
Open Source adoption in a Mexicon Second tier BankOpen Source adoption in a Mexicon Second tier Bank
Open Source adoption in a Mexicon Second tier BankWSO2
 
180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2Sitra the Finnish Innovation Fund
 
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...IRJET Journal
 
Linkedin policy primer
Linkedin policy primerLinkedin policy primer
Linkedin policy primerAnna Dobos
 
Mla Format For Essays Telegraph. Online assignment writing service.
Mla Format For Essays Telegraph. Online assignment writing service.Mla Format For Essays Telegraph. Online assignment writing service.
Mla Format For Essays Telegraph. Online assignment writing service.Ashley Smith
 
2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity management2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity managementshivan82
 
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...wegdam
 
Digital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case studyDigital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case studywegdam
 

More Related Content

Similar to User consent for consumer identity (@ISSE2010)

Personalized Hypermedia Final Plus3
Personalized Hypermedia Final Plus3Personalized Hypermedia Final Plus3
Personalized Hypermedia Final Plus3Satyajit Das
 
Sampo Kellomäki (Synergetics) @ PIDS seminar
Sampo Kellomäki (Synergetics) @ PIDS seminarSampo Kellomäki (Synergetics) @ PIDS seminar
Sampo Kellomäki (Synergetics) @ PIDS seminarAlmereDataCapital
 
Mobility innovation and unknowns
Mobility innovation and unknownsMobility innovation and unknowns
Mobility innovation and unknownsLisa Marie Martinez
 
2016 02-04-gingell-iot
2016 02-04-gingell-iot2016 02-04-gingell-iot
2016 02-04-gingell-iotgingell
 
Social Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionSocial Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionPeter Coffee
 
Identity federation & user centric identity
Identity federation & user centric identityIdentity federation & user centric identity
Identity federation & user centric identitywegdam
 
Getting your Strategy Right – in a SMAC World!
Getting your Strategy Right – in a SMAC World!Getting your Strategy Right – in a SMAC World!
Getting your Strategy Right – in a SMAC World!Continuity and Resilience
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric IdentityEduserv Foundation
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyDMI
 
User & Mobile Centric Identity
User & Mobile Centric IdentityUser & Mobile Centric Identity
User & Mobile Centric Identitywegdam
 
Akash Solanki Portfolio
Akash Solanki PortfolioAkash Solanki Portfolio
Akash Solanki PortfolioAkash Solanki
 
Articulation
Articulation Articulation
Articulation butest
 
Open Source adoption in a Mexicon Second tier Bank
Open Source adoption in a Mexicon Second tier BankOpen Source adoption in a Mexicon Second tier Bank
Open Source adoption in a Mexicon Second tier BankWSO2
 
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...IRJET Journal
 
Linkedin policy primer
Linkedin policy primerLinkedin policy primer
Linkedin policy primerAnna Dobos
 
Mla Format For Essays Telegraph. Online assignment writing service.
Mla Format For Essays Telegraph. Online assignment writing service.Mla Format For Essays Telegraph. Online assignment writing service.
Mla Format For Essays Telegraph. Online assignment writing service.Ashley Smith
 
2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity management2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity managementshivan82
 

Similar to User consent for consumer identity (@ISSE2010) (20)

Personalized Hypermedia Final Plus3
Personalized Hypermedia Final Plus3Personalized Hypermedia Final Plus3
Personalized Hypermedia Final Plus3
 
Sampo Kellomäki (Synergetics) @ PIDS seminar
Sampo Kellomäki (Synergetics) @ PIDS seminarSampo Kellomäki (Synergetics) @ PIDS seminar
Sampo Kellomäki (Synergetics) @ PIDS seminar
 
Mobility innovation and unknowns
Mobility innovation and unknownsMobility innovation and unknowns
Mobility innovation and unknowns
 
2016 02-04-gingell-iot
2016 02-04-gingell-iot2016 02-04-gingell-iot
2016 02-04-gingell-iot
 
Social Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; RevolutionSocial Enterprise: Trust; Vision; Revolution
Social Enterprise: Trust; Vision; Revolution
 
Basics of Lean UX
Basics of Lean UXBasics of Lean UX
Basics of Lean UX
 
Identity federation & user centric identity
Identity federation & user centric identityIdentity federation & user centric identity
Identity federation & user centric identity
 
Getting your Strategy Right – in a SMAC World!
Getting your Strategy Right – in a SMAC World!Getting your Strategy Right – in a SMAC World!
Getting your Strategy Right – in a SMAC World!
 
Opening Up User-Centric Identity
Opening Up User-Centric IdentityOpening Up User-Centric Identity
Opening Up User-Centric Identity
 
Going Lean Way for Better UX
Going Lean Way for Better UXGoing Lean Way for Better UX
Going Lean Way for Better UX
 
Golden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacyGolden Gekko, 10 burning questions on privacy
Golden Gekko, 10 burning questions on privacy
 
User & Mobile Centric Identity
User & Mobile Centric IdentityUser & Mobile Centric Identity
User & Mobile Centric Identity
 
Akash Solanki Portfolio
Akash Solanki PortfolioAkash Solanki Portfolio
Akash Solanki Portfolio
 
Articulation
Articulation Articulation
Articulation
 
Open Source adoption in a Mexicon Second tier Bank
Open Source adoption in a Mexicon Second tier BankOpen Source adoption in a Mexicon Second tier Bank
Open Source adoption in a Mexicon Second tier Bank
 
180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2
 
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...
Location Privacy Protection Mechanisms using Order-Retrievable Encryption for...
 
Linkedin policy primer
Linkedin policy primerLinkedin policy primer
Linkedin policy primer
 
Mla Format For Essays Telegraph. Online assignment writing service.
Mla Format For Essays Telegraph. Online assignment writing service.Mla Format For Essays Telegraph. Online assignment writing service.
Mla Format For Essays Telegraph. Online assignment writing service.
 
2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity management2016 04-26 webinar - consumer-focused identity management
2016 04-26 webinar - consumer-focused identity management
 

More from wegdam

Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...wegdam
 
Digital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case studyDigital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case studywegdam
 
Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...
Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...
Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...wegdam
 
FIDOs place in the identity ecosystem
FIDOs place in the identity ecosystemFIDOs place in the identity ecosystem
FIDOs place in the identity ecosystemwegdam
 
AWARENESS overview @ closing working - context-aware mobile health (March 2008)
AWARENESS overview @ closing working - context-aware mobile health (March 2008)AWARENESS overview @ closing working - context-aware mobile health (March 2008)
AWARENESS overview @ closing working - context-aware mobile health (March 2008)wegdam
 
#SNRD12 Maak student baas over eigen data
#SNRD12 Maak student baas over eigen data#SNRD12 Maak student baas over eigen data
#SNRD12 Maak student baas over eigen datawegdam
 
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobielNovay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobielwegdam
 
Cloud privacy & security - Een verkenning van tools en technieken
Cloud privacy & security - Een verkenning van tools en techniekenCloud privacy & security - Een verkenning van tools en technieken
Cloud privacy & security - Een verkenning van tools en techniekenwegdam
 
XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...
XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...
XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...wegdam
 
Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...
Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...
Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...wegdam
 
Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...
Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...
Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...wegdam
 
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...wegdam
 
User controlled privacy voor de SURFfederatie
User controlled privacy voor de SURFfederatieUser controlled privacy voor de SURFfederatie
User controlled privacy voor de SURFfederatiewegdam
 
cidSafe project, 23 September 2010, for EEMA event
cidSafe project, 23 September 2010, for EEMA eventcidSafe project, 23 September 2010, for EEMA event
cidSafe project, 23 September 2010, for EEMA eventwegdam
 
2de cid safe netwerkbijeenkomst (Dutch, 29
2de cid safe netwerkbijeenkomst (Dutch, 292de cid safe netwerkbijeenkomst (Dutch, 29
2de cid safe netwerkbijeenkomst (Dutch, 29wegdam
 
cidSafe project overview (in Dutch!!!)
cidSafe project overview (in Dutch!!!)cidSafe project overview (in Dutch!!!)
cidSafe project overview (in Dutch!!!)wegdam
 
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...wegdam
 
OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)
OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)
OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)wegdam
 
Using ePassports for online authentication - ICT Delta 2010
Using ePassports for online authentication - ICT Delta 2010Using ePassports for online authentication - ICT Delta 2010
Using ePassports for online authentication - ICT Delta 2010wegdam
 
Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009wegdam
 

More from wegdam (20)

Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
Van irisscan tot kontafdruk- biometrische authenticatie anno 2017 - Heliview ...
 
Digital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case studyDigital onboarding: selfie-check with passport, a case study
Digital onboarding: selfie-check with passport, a case study
 
Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...
Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...
Banken als identiteitsproviders (BankID, eID Stelsel) - PIMN / ECP bijeenkoms...
 
FIDOs place in the identity ecosystem
FIDOs place in the identity ecosystemFIDOs place in the identity ecosystem
FIDOs place in the identity ecosystem
 
AWARENESS overview @ closing working - context-aware mobile health (March 2008)
AWARENESS overview @ closing working - context-aware mobile health (March 2008)AWARENESS overview @ closing working - context-aware mobile health (March 2008)
AWARENESS overview @ closing working - context-aware mobile health (March 2008)
 
#SNRD12 Maak student baas over eigen data
#SNRD12 Maak student baas over eigen data#SNRD12 Maak student baas over eigen data
#SNRD12 Maak student baas over eigen data
 
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobielNovay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
Novay Tuesday Update - Digitale identiteiten: herbruikbaar en mobiel
 
Cloud privacy & security - Een verkenning van tools en technieken
Cloud privacy & security - Een verkenning van tools en techniekenCloud privacy & security - Een verkenning van tools en technieken
Cloud privacy & security - Een verkenning van tools en technieken
 
XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...
XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...
XACML pilot at a large Dutch bank, Using XACML to implement context-enhanced ...
 
Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...
Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...
Identiteit & Authenticatie voor UMCs SIG Informatie Beveiliging IAM themadag ...
 
Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...
Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...
Digitale identiteiten: vertrouwen, identity providers en de toekomst (Novay T...
 
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...
Consumer and Citizen Identities: Government Issued or Trust Frameworks? (Euro...
 
User controlled privacy voor de SURFfederatie
User controlled privacy voor de SURFfederatieUser controlled privacy voor de SURFfederatie
User controlled privacy voor de SURFfederatie
 
cidSafe project, 23 September 2010, for EEMA event
cidSafe project, 23 September 2010, for EEMA eventcidSafe project, 23 September 2010, for EEMA event
cidSafe project, 23 September 2010, for EEMA event
 
2de cid safe netwerkbijeenkomst (Dutch, 29
2de cid safe netwerkbijeenkomst (Dutch, 292de cid safe netwerkbijeenkomst (Dutch, 29
2de cid safe netwerkbijeenkomst (Dutch, 29
 
cidSafe project overview (in Dutch!!!)
cidSafe project overview (in Dutch!!!)cidSafe project overview (in Dutch!!!)
cidSafe project overview (in Dutch!!!)
 
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
Consumer Identity: a Dutch Perspective on Benefits, Issues and Next Steps (EI...
 
OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)
OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)
OpenIdplus.nl Proof of Concept uitkomsten (in Dutch)
 
Using ePassports for online authentication - ICT Delta 2010
Using ePassports for online authentication - ICT Delta 2010Using ePassports for online authentication - ICT Delta 2010
Using ePassports for online authentication - ICT Delta 2010
 
Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009Consumer identity @ Tuesday Update on 1 December 2009
Consumer identity @ Tuesday Update on 1 December 2009
 

User consent for consumer identity (@ISSE2010)

  • 1. User consent for consumer identity 7 October 2010, ISSE 2010, Berlin Maarten Wegdam Principal Research @ Novay
  • 2.
  • 3.
  • 4.
  • 5. State-of-the-art for consent InfoCard (active client)
  • 6. State-of-the-art for consent OpenID (web-redirect)
  • 7.
  • 8. A step back A complicated trade-off for consent
  • 9. Privacy attitude [Privacy indexes: a survey of Westin’s studies. Kumaraguru, Faith Cranor. ISRI technical report, december 2005.]
  • 10.
  • 11. We decided in our case not to provide per-attribute choice, too difficult to understand. Always ask user before exchanging data 0 Consent
  • 12. We show actual value of information, explain the federation and role of SURFnet, and link to privacy statement Make the information flow clear 1 Informed
  • 13. We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate
  • 14. We decided to only have ‘timed’ automation, people forget… Enable providing consent for future log-ins 2 Automate will be longer
  • 15.
  • 16. Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents 4 Revocation
  • 17. Including what attributes are included in consent, but no log. Provide overview and allow revocation of provided consents 4 Revocation
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.