Implementability of the Identity Management Part in Pfitzmann/Hansen s Terminology for a Complex Digital World

Size: px

Start display at page:

Download "Implementability of the Identity Management Part in Pfitzmann/Hansen s Terminology for a Complex Digital World"

Irma Small
6 years ago
Views:

Identity Management Part in Pfitzmann/Hansen s Terminology for a

1 Faculty of Computer Science, Institute of Architecture of Systems, Chair of Data Security and Data Protection Implementability of the Identity Management Part in Pfitzmann/Hansen s Terminology for a Complex Digital World Manuela Berg, Katrin Borcea-Pfitzmann Helsingborg,

2 Goal computer-mediated interaction between individuals using a description of a complex digital world identifying objects for acting entities needed for applications definition of privacy TU Dresden, Implementability of Terminology 2 / 37

3 01 The Problem Set 02 Problems Arising from the Terminology 03 Separating the Digital World from the Physical World 04 Definition of Privacy 05 Summary and Further Research TU Dresden, Implementability of Terminology 3 / 37

4 01 The Problem Set The Complex Digital World TU Dresden, Implementability of Terminology 4 / 37

5 Traditional Sender-Receiver Model one sender one receiver flow of data fixed time TU Dresden, Implementability of Terminology 5 / 37

6 Why not only the Sender-Receiver Model? Who are the senders and the receivers? 1. focus on individuals 2. individuals and their representations TU Dresden, Implementability of Terminology 6 / 37

7 Why not only the Sender-Receiver Model? Who are the senders and the receivers? How many senders and receivers? TU Dresden, Implementability of Terminology 7 / 37

8 Why not only the Sender-Receiver Model? Who are the senders and the receivers? How many senders and receivers? Which duration of time? TU Dresden, Implementability of Terminology 8 / 37

9 Why not only the Sender-Receiver Model? Who are the senders and the receivers? How many senders and receivers? Which duration of time? Which kind of relationship between senders and receivers? not necessarily flow of data roles not fixed different quality and quantity TU Dresden, Implementability of Terminology 9 / 37

10 Why not only the Sender-Receiver Model? Who are the senders and the receivers? How many senders and receivers? Which duration of time? Which kind of relationship between senders and receivers? not necessarily flow of data roles not fixed different quality and quantity What about different situations? TU Dresden, Implementability of Terminology 10 / 37

11 Comparison Sender-Receiver Model Sender and receiver Fixed time Data flow as relationship One-to-one relationships No interest in situations Complex Digital World Not necessarily fixed senders and receivers Dynamic time possible Different qualities and quantities of relationships Many-to-many relationships Situations might make the difference TU Dresden, Implementability of Terminology 11 / 37

12 01 The Problem Set [Pfitzmann/Hansen] TU Dresden, Implementability of Terminology 12 / 37

13 The Terminology [Pfitzmann/Hansen 2000]: Anonymity, unobservability, and pseudonymity - a proposal for terminology 1st publication [Pfitzmann/Hansen 2010]: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management continuously evolving TU Dresden, Implementability of Terminology 13 / 37

14 Definition of subject A subject is a possibly acting entity such as, e.g., a human being (i.e., a natural person), a legal person, or a computer. Definitions of Anonymity Identity based on subject (and individual person) TU Dresden, Implementability of Terminology 14 / 37

15 02 Problems Arising from the Terminology Anonymity TU Dresden, Implementability of Terminology 15 / 37

16 Definition of anonymity [Pfitzmann/Hansen] Anonymity of a subject from an attacker's perspective means that the attacker cannot sufficiently identify the subject within a set of subjects, the anonymity set. TU Dresden, Implementability of Terminology 16 / 37

17 1. Anonymity of an individual in a set of individuals - as in the definition 2. Anonymity of a digital representation in a set of digital representations - contained in the definition - not distinguishable from Anonymity in the sense of unlinkability between an individual and his digital representations anonymization in the German law for data protection 3 (6) [BDSG] : act of making personal data anonymous as the transformation of personal data in a way to make it difficult or impossible to link personal data to the individual. TU Dresden, Implementability of Terminology 17 / 37

18 02 Problems Arising from the Terminology Identity TU Dresden, Implementability of Terminology 18 / 37

19 [Pfitzmann/Hansen 2010]: An identity is any subset of attribute values of an individual person which sufficiently identifies this individual person within any set of persons. Necessary design decision What is contained in the identity? Are perceptions contained in the identity? -perception of an individual about others -perception of others about the individual When are identities equal (or sufficiently equal)? Who establishes an identity? TU Dresden, Implementability of Terminology 19 / 37

20 Identity as socio-centric concept Means that each identity is omnipresent Unique individual characterization Identity as ego-centric concept More appropriate for interaction between individuals Perceptions included as attributes TU Dresden, Implementability of Terminology 20 / 37

21 02 Problems Arising from the Terminology Privacy TU Dresden, Implementability of Terminology 21 / 37

22 Definition of Privacy [Westin 67]: Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. claim individuals, groups, or institutions information others situations TU Dresden, Implementability of Terminology 22 / 37

23 03 Separating the Digital World from the Physical World TU Dresden, Implementability of Terminology 23 / 37

24 Data and Information [Dict]: Data is a group of symbols or continuous functions which become information due to known or supposed agreements. Data is supposed to be processed and are the result of processing. Information is the knowledge about states and events in the real world. TU Dresden, Implementability of Terminology 24 / 37

25 Entities, Oge() and Ego() Digital entities as pure data (in the digital world) Physical entities as collection of information (in the physical world) Oge(): information data Ego(): data information Perceptions as part of the entities TU Dresden, Implementability of Terminology 25 / 37

26 04 Definition of Privacy TU Dresden, Implementability of Terminology 26 / 37

27 Definition of Privacy Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. TU Dresden, Implementability of Terminology 27 / 37

28 Definition of Privacy Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. claim result of negotiating and enforcing TU Dresden, Implementability of Terminology 28 / 37

29 Definition of Privacy Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. claim individuals, groups, or institutions result of negotiating and enforcing physical entity TU Dresden, Implementability of Terminology 29 / 37

30 Definition of Privacy Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. claim individuals, groups, or institutions information result of negotiating and enforcing physical entity data TU Dresden, Implementability of Terminology 30 / 37

31 Definition of Privacy Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. claim individuals, groups, or institutions information others result of negotiating and enforcing physical entity data whom TU Dresden, Implementability of Terminology 31 / 37

32 Definition of Privacy Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. claim individuals, groups, or institutions information others situations result of negotiating and enforcing physical entity data whom in which context TU Dresden, Implementability of Terminology 32 / 37

33 04 Summary and Further Research TU Dresden, Implementability of Terminology 33 / 37

34 Entities, Oge() and Ego() TU Dresden, Implementability of Terminology 34 / 37

35 Definition of Privacy Privacy of a physical entity is the result of negotiating and enforcing when, how, to what extent, and in which context which of its data is disclosed to whom.! Identity management as one consequence of the definition of privacy TU Dresden, Implementability of Terminology 35 / 37

36 Further Research Partial identities Organizations and groups Dynamics based on time Anonymity based on separation of physical and digital world Privacy definition: direct/indirect enclosing, encryption and data TU Dresden, Implementability of Terminology 36 / 37

37 Faculty of Computer Science, Institute of Architecture of Systems, Chair of Data Security and Data Protection Implementability of the Identity Management Part in Pfitzmann/Hansen s Terminology for a Complex Digital World Thank you for your attention!

38 References [Pfitzmann/Hansen 2000]: Pfitzmann, M. Köhntopp (Hansen): Anonymity, unobservability, and pseudonymity - a proposal for terminology. In H. Federrath (editor): Workshop on Design Issues in Anonymity and Unobservability. Volume 2009 of Lecture Notes in Computer Science., Springer (2000), pages 1-9 [Pfitzmann/Hansen 2010]: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. dud.inf.tu-dresden.de/anon/terminology.shtml [Version v0.33 of April 8, 2010]. [BDSG]: Bundesdatenschutzgesetz: Erster Abschnitt. (1990) (version ) [Dict]: Schneider, U., Werner, D.: Taschenbuch der Informatik. 4. edn., Fachbuchverlag, Leipzig (2001) [Westin 67]: Westin, A.F.: Privacy and Freedom. Atheneum, New York (1967) TU Dresden, Implementability of Terminology Folie 38 von XYZ

- A CONSOLIDATED PROPOSAL FOR TERMINOLOGY

ANONYMITY, UNLINKABILITY, UNDETECTABILITY, UNOBSERVABILITY, PSEUDONYMITY, AND IDENTITY MANAGEMENT - A CONSOLIDATED PROPOSAL FOR TERMINOLOGY Andreas Pfitzmann and Marit Hansen Version v0.31, Feb. 15, 2008