Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Published byAlaina Warren Modified over 9 years ago

Similar presentations

Presentation on theme: "Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and."— Presentation transcript:

1 Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and Civil Liberties Office April 2010

2 2 Presentation Outline Success factors for identity federation and relation to privacy Fair Information Practice Principles for Identity Management Systems Core Information Privacy Concerns Privacy Design Considerations

3 Identity Federation Goal  Enable users to securely access data, systems, or applications of another domain seamlessly and without the need for completely redundant user administration 3

4 Identity Federation 4 Technology Identity Management Domain and Individual Privacy Assurances

5 Identity Federation Basis for Success  Agreement on root identities  Trust Between domains Between domain and individual 5

6 Root Identity Agreement  Identity theft risk  Authentication  Social Security Number  Access control 6

7 Domain Trust  Information sharing agreements Purpose and authorities Training Data correction and deletion Breach notification  Baseline security requirements Access credentialing/Access controls Technical safeguards 7

8 Individual Trust  One person, one identity  Accuracy and timeliness  Controlled information sharing  IT Security 8

9 Fair Information Practice Principles 9 Source: Organization for Economic Cooperation and Development PrincipleDescription Security safeguards Personal information should be protected with reasonable security safeguards against risks such as loss or unauthorized access, destruction, use, modification, or disclosure. Openness The public should be informed about privacy policies and practices, and individuals should have ready means of learning about the use of personal information. Individual participation Individuals should have the following rights: to know about the collection of personal information, to access that information, to request correction, and to challenge the denial of those rights. Accountability Individuals controlling the collection or use of personal information should be accountable for taking steps to ensure the implementation of these principles.

10 Fair Information Practice Principles 10 Fair Information Practice Principles for Identity Management Systems PrincipleDescription Diversity and decentralization Resist centralizing identity information or using a single credential for multiple purposes. Proportionality The amount, type, and sensitivity of identity information collected and stored by an identity management system should be consistent with and proportional to the system’s purpose. Privacy by designPrivacy considerations should be incorporated into the identity management system from the outset of the design process.

11 Core Informational Privacy Concerns  Observability The possibility that others (potential observers) will gain information.  Linkability The potential to link between data and an individual as well as potential links between different data sets that can be tied together for further analysis. 11

12 Privacy Design Considerations  Determine whether identity is necessary  Identify risks  Discourage unnecessary linkages  Implement security during design  Adopt trust-enhancing measures 12

13 Thank you! Questions? 13

Download ppt "Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and."

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Operating System Security

Operating System Security
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.
Developing Privacy and Security Standards Allen Briskin Allen Briskin

Developing Privacy and Security Standards Allen Briskin Allen Briskin
Annual Army FOIA/Privacy/Records Management Conference Privacy Leadership – Accountability - Action presented by Samuel P. Jenkins, Director Defense Privacy.

Annual Army FOIA/Privacy/Records Management Conference Privacy Leadership – Accountability - Action presented by Samuel P. Jenkins, Director Defense Privacy.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Information Security Policies and Standards

Information Security Policies and Standards
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.
DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Safeguarding Personally Identifiable Information (PII) Samuel P. Jenkins Director for Privacy Defense Privacy.

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Safeguarding Personally Identifiable Information (PII) Samuel P. Jenkins Director for Privacy Defense Privacy.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.
Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Storage Security and Management: Security Framework

Storage Security and Management: Security Framework
Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program.

Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program.

Similar presentations

Ads by Google