uri: putting citizens at the centre of identity management towards a “personal data services...

URI: www.pensive.eu/uid/0128

Putting Citizens at the Centre of Identity Management

www.oasis-open.org

Towards a “Personal Data Services Model”

Peter F BrownFounder, Pensive.euChair, “eGovernment Focus group”, CEN (European Standards Agency)Co-Editor, OASIS Reference Model for Service Oriented Architectures

All content © 2007, Pensive.eu.Check URI in header for most recent and/or authentic version.This file may be copied on condition that it remains complete and intact, including this page.

2 © Pensive.eu, All Rights Reserved

OverviewAn attempt to look at the thorny question of personal data management and gain a wider understanding of:

►what constitutes “personal data”►how it is identified, authenticated, used and managed►policy concerns regarding privacy and public policy

and propose a way forward consistent with:►the idea of eGovernment as central to identity policy►data and identity protection legislation►political and social imperatives


TransformationeGovernment must be driven by vision and policy and not by technology►engineers are essential for providing capability and solutions►but we need more architects and more visionaries►we need to balance public interest with citizen concerns

Examine personal data management in context of:►what is technologically, legally and operationally possible;►what is politically and socially desirable;►what is publicly acceptable

See “The Magic Triangle”


TransformationeGovernment is more than just “digitising” paper processes►Why an eID card ? rather than eID management►look at a model for personal data management that doesn’t just digitise paper processes…


Typical current Model

Family NameGiven Name

Date of Birth

N.I. Number

Place of Birth

…

ID

ID

+

ID

ID

ID

ID

1. A new record (and data sub-set) created from user input without reference to other pre-existing records

2. Data added by a specific authority without reference back to original record 3. A new record is duplicated

from an already secondary source


►Citizen still not in control►Still focussed on needs of process►No control over replication of data

Attraction of “centralised” model

ID

ID

+

ID

IDID

+

ID

Advantages:►Referential integrity►Centrally managedBut:►There is no single, “Centre”

►No system is “all seeing”►Doesn’t cover private sector

1. Supplementary data added to source original record and then replicated as needed

2. No record replicated from a secondary source but only through reference to original data set


Doctor 91%

Teacher 87%

Professor 74%

Judge 72%

Priest 71%TV news reader 66%Scientist 65%Police Officer 64%“Person in the street” 53%Pollster 46%Civil Servant 46%

Trade Union official 33%Business Leader 28%Government Minister 20%Politician 18%Journalist 18%

Yourself ??%

Who do you trust with your data?

Mori: Year 2003, 2000+ British Adults aged 16+


Who do you trust to manage your data? ►But who would you trust to “identify” a person?

►the person themselves?►a peer group?►a private company?►a public authority?

►And what guarantees do you have,►regarding liability?►regarding data security?►regarding reliability of the identity(come to think of it: what does “identify” mean and imply?)


eID - Liability►When other people manage our money:

►there are strong public policy rules►financial institutions are tightly regulated►there is a clear model of financial liability

►If we can do it for money, why not for Personal Data? Raises some questions…

►who manages it?►who is liable?►who really “owns” it?


eID – Data Security►Personal data is often processed without the citizen having control►“Processing” of data is based on needs of the process, not on the needs of the citizen

►Rarely validated with the citizen►No root identity – (small) subset of personal details often sufficient to “identify” – easy for fraudsters►Authentication models based on per-industry basis not per-citizen: makes it more unmanageable for the individual►Citizen willingness to share their data depends on situation


What is “identity”►In logic, making the assertion that x = y:

For any x and y, if x and y have all the same properties, then x is identical to y

►In eID, the objective of “identifying” some person or thing is not usually to actually “know” who the person is, but rather to identify some selected set of properties needed for some particular purpose:

►On the basis that some group of properties presented to us are the same as some identical group of properties, to assert – because they are identical – that they refer to the same person or object:

►e.g. to know that x who is presented to a service is the same person as the y that the service already “knows” (has “on file”)

►A group of properties does not need to be (cannot be) exhaustive, but rather sufficient for the assertion in the particular context:

►e.g. many services do not really need to know “who” someone is, only to know some properties (an address, an age, some other set of personal data and/or characteristics) necessary for the completion of a particular service


Identity in context►Is there a single set of characteristics/properties that is always sufficient to uniquely identify someone?►Is it necessary?

►Yes, for some public authorities/ public policy reasons but…►In many contexts it will be overkill and too expensive►It will often compromise legitimate concern for privacy

►Another approach:►provide the set of properties necessary per context - no more, no less…


A different approach…

Firstly, distinguish between types of personal data:►Data needed to identify (may vary according to level of authentication needed)►Data that can identify (most common approach to identity theft)►Personal Digital Property (from an MP3 to the Deeds of a house…)and provide “double-key” authentication for every element

“eDoc”

Family NameGiven NameDate of Birth

N.I. NumberPlace of Birth

…

ID


“eDoc”



…

A different approach…

Secondly, architect personal data “provisioning” as a distinct service:►Personal Data are not just passive “objects” but valuable assets – treat them as such►Even if services are provided by third parties►Apply a standard service model►Leave market to provide compliant solutions►Leave citizen to choose provider(s)

and leave public authorities to verify, validate and authenticate root identity when needed

ID


“eDoc”



…

A different approach…ID

Thirdly, apply SOA principles to personal data management:►“Expose” data and service capabilities only according to need (“service opacity”)►Make data-use transactional►Make transactions idempotent►Always provide execution context►Provide delegation & Mandate Management►Provide comprehensive auditing of transactions

Personal Data used (and signed?) transactionally


A “Personal SOA”►No a-priori limit to types of data managed►A single logical (but not necessarily physical) service►Authenticated transactions, with possibility of “read-once-and-dispose” use of personal data►User-centred eID management►Universal interoperability►Reliable and secure


Some steps in this direction already…►“Personal Data Vault” (Irish Government)►“Virtual Safe” (French “Mon Service Public”)►“Citizen Account” (UK GovConnect)►“e-Ja” (Polish private-sector initiative)


A missing element: “data model”►No agreement about how personal data is defined…

►(except by specific industry sectors)►little or no public policy input►certainly no citizen input

►…nor how it is managed…►accessed and delivered transactionally, as a service

►nor by whom…►need to separate issues of ownership and custodianship


a “Personal data services model”?►Need for general model and rules for use►Keep it simple but extensible►Make it a matter of public policy►Possible new initiative at EU level (part of work programme within “eID Roadmap”):

►key industry support►Several public administrations interested already►could be most revolutionary issue in eGovernment and public policy this decade

See “The Magic Triangle”


eIdentity – not just for peopleIn an increasingly inter-connected world, we need to clearly identify what we are connecting with digitally:►not just people►but also web pages, web services►documents►other digital “artefacts”

Stability of identity is a cornerstone of interoperability, security and public confidence in eGovernment and in eServices in general►Possibly the single most important issue for the “digital world”

“eDoc”

IDIdentify

Authenticate


Where to now?►Policy

►Need for policy support and initiative►Need for involvement in European Commission’s “eID ad-hoc” Group and associated support work and pilot projects►Bring the “magic triangle” issues into public discourse, with politicians and civil society

Concentrate on policy pre-requisites and framework (in particular organisational, administrative and legal issues), not on the technologies


Where to now (2)?►Standards

►Do we push for a “standard”, both as an end in itself and as a means of getting the issues on the policy agenda?►Role of “standards” bodies:

►Public SO or Industry Consortium? ISO? CEN? OASIS? Liberty Alliance?►Explicitly EU or global (different data protection cultures)

Concentrate on promoting a user-centred model for personal data encapsulation and servicing


Where to now (3)?►Role of Industry:

►PPP?►Possible research project(s)?►Proofs of Concept, RFPs and RFCs►Input to pilot projects

Concentrate on building momentum among industry players both to promote technologically feasible approaches and reassure the public polity

URI: www.pensive.eu/uid/0128

Putting Citizens at the Centre of Identity Management

Towards a “Personal Data Services Model”

[email protected]/uid/0128

uri: putting citizens at the centre of identity management towards a “personal data services...

Documents