![Sample our Law journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5942/TOC-Subject-Sample-2021-Law.jpg"})
Abstract
In the real world, we usually identify persons by their appearance, voice, and so on. If this is not sufficient, identity cards are used. In the virtual world the situation is different. The basic concepts of the internet provide for unique identification of devices, not of their users. Hence, some kind of identity management system is required, which can be provided either by the state or by the private sector. Official electronic identity schemes, such as the Austrian Citizen Card, are being established in more and more countries. The carrier media of the Citizen Card is a smart card but, since 2009, the mobile phone signature is offered as a more comfortable alternative. However, much more widespread than that are simple user accounts with passwords, one for each individual service. This system has significant flaws. A solution can be provided by the concept of identity federation: an ‘identity ecosystem’ can be established in which a user can choose among several identity providers, authorise them to identify him towards service providers, authorise attribute providers to provide particular qualified user information to a service provider, etc. In this paper the different concepts mentioned above are elaborated and their interrelations and legal difficulties are described.
Notes
Hansen, M., Schwartz, A., and Cooper, A. 2008. Privacy and identity management. IEEE Security & Privacy 6, no. 2: 38.
Hansen, M., and Meints, M. 2006. Digitale Identitäten – Überblick und aktuelle Trends. Datenschutz und Datensicherheit 30: 543.
Pfitzmann, A., and Hansen, M. A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management Version v0.34. Dresden: Technische Universität Dresden. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml (last accessed 15 July 2012).
Hötzendorfer, W., and Schweighofer, E. 2012. Die Identitätskrise des Internet. In Transformation of legal languages. Proceedings of the 15th International Legal Informatics Symposium, eds. E. Schweighofer, F. Kummer, W. Hötzendorfer, 429. Wien: [email protected].
Jøsang, A., Zomai, M., and Suriadi S. 2007. Usability and privacy in identity management architectures. In ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68, eds. L. Brankovic, P. Coddington, J.F. Roddick, C. Steketee, J.R. Warren, and A. Wendelborn, 147. Darlinghurst: Australian Computer Society, Inc.
On the security aspects of password authentication see Birch, D.G. 2007. Digital identity management: perspectives on the technological, business and social implications, 82. Aldershot: Gower Publishing; and Gutmann, P. 2012. Engineering security, 467. Book Draft, May 2012, http://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf (last accessed 15 July 2012).
DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures, OJ L 13, 19.1.2000, p. 12.
REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market, COM (2012) 238/2.
Borges, G. 2010. Der neue Personalausweis und der elektronische Identitätsnachweis. Neue Juristische Wochenschrift (NJW): 3334.
(Austrian) E-Government Act (Bundesgesetz über Regelungen zur Erleichterung des elektronischen Verkehrs mit öffentlichen Stellen), Federal Gazette I No. 10/2004, as last amended Federal Gazette I No. 111/2010. Electronically available at: http://www.ris.bka.gv.at.
Schweighofer, E. 2010. Sind Handysignaturen qualifizierte elektronische Signaturen? In Fachtagung Verwaltungsinformatik FTVI Fachtagung Rechtsinformatik FTRI 2010, Arbeitsberichte. eds. M. Wimmer et al., 78. Koblenz: Universität Koblenz-Landau.
Schweighofer, E., and Hötzendorfer, W. 2012. Elektronische Identitäten – Öffentliche und private Initiativen. In Auf dem Weg zu einer offenen, smarten und vernetzten Verwaltungskultur, Lecture Notes in Informatics (LNI) – Proceedings, eds. J. von Lucke, Ch.P. Geiger, S. Kaiser, E. Schweighofer, M.A. Wimmer, 137, Bonn: Gesellschaft für Informatik.
NSTIC. 2011. NSTIC strategy document. The White House, http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf (last accessed: 15 July 2012).
American Bar Association (ABA). 2011. Identity management legal task force confidential discussion DRAFT—December 30, 2011, http://apps.americanbar.org/dch/committee.cfm?com=CL320041http://apps.americanbar.org/dch/committee.cfm?com=CL320041 (last accessed: 15 July 2012).
NSTIC. 2011. NSTIC strategy document. The White House, http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf (last accessed: 15 July 2012), 21.
Olsen, Th., and Mahler, T. 2007. Identity management and data protection law: Risk, responsibility and compliance in ‘Circles of Trust’ – Part I + II. Computer Law & Security Report 23: 342–351, 415–426.
Sheckler, V. 2012. Liberty alliance contractual framework outline for circles of trust. Liberty Alliance Project, http://www.projectliberty.org/liberty/content/download/2962/19808/file/Liberty%20Legal%20Frameworks.pdf (last accessed15 July 2012).
American Bar Association (ABA). 2011. Identity management legal task force confidential discussion DRAFT—December 30, 2011, http://apps.americanbar.org/dch/committee.cfm?com=CL320041http://apps.americanbar.org/dch/committee.cfm?com=CL320041 (last accessed: 15 July 2012). Part 1.
American Bar Association (ABA). 2011. Identity management legal task force confidential discussion DRAFT—December 30, 2011, http://apps.americanbar.org/dch/committee.cfm?com=CL320041http://apps.americanbar.org/dch/committee.cfm?com=CL320041 (last accessed 15 July 2012). Part 1, 49.
American Bar Association (ABA). 2011. Identity management legal task force confidential discussion DRAFT—December 30, 2011, http://apps.americanbar.org/dch/committee.cfm?com=CL320041http://apps.americanbar.org/dch/committee.cfm?com=CL320041 (last accessed 15 July 2012). Part 1, 38.
American Bar Association (ABA). 2011. Identity management legal task force confidential discussion DRAFT—December 30, 2011, http://apps.americanbar.org/dch/committee.cfm?com=CL320041http://apps.americanbar.org/dch/committee.cfm?com=CL320041 (last accessed 15 July 2012). Part 1, 26.
American Bar Association (ABA). 2011. Identity management legal task force confidential discussion DRAFT—December 30, 2011, http://apps.americanbar.org/dch/committee.cfm?com=CL320041http://apps.americanbar.org/dch/committee.cfm?com=CL320041 (lastly accessed: 15 July 2012). Part 3: Solving the Legal Challenges of Online Identity Management.
NSTIC. 2011. NSTIC strategy document. The White House, http://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf (last accessed 15 July 2012).
Mahler, T. Forthcoming. Governance models for interoperable electronic identities. Journal of International Commercial Law and Technology (JICTL) University of Oslo Faculty of Law Research Paper No. 2011-37.