2.1 The Laws of Identity
The laws of identity are based on an open blog of the identity community initiated by Kim Cameron (Microsoft) in 2005 and have become an important reference for all identity systems introduced afterwards. They are described in detail in [3] and com- prise (1) User Control and Consent, (2) Minimal Disclosure for a Constraint Use, (3) Justifiable Parties, (4) Directed Identity, (5) Pluralism of Operators and Technologies,
2
Press release: ULD: “Privacy compliant cloud computing is feasible”, 13.07.2012, https://www.datenschutzzentrum.de/presse/20120713-
(6) Human Integration, and (7) Consistent Experience across Contexts. The LifeApp approach will be evaluated against the laws of identity in chapter 6 “Compliance to the Laws of Identity”.
2.2 Relevant Approaches and Concepts
On a conceptual level laws of identity and privacy protection goals are best supported by Vendor Relationship Management (VRM3), Personal Clouds, and Life Manage- ment Platforms4. According to its definition VRM provides customers with both in- dependence from vendors and better means for engaging with vendors, which is a cornerstone of the approach presented in this paper. Personal Clouds provide the necessary functionality of personal data storage; examples are personal.com, my- dex.com, and qiy.com. Only the combination of both, however, enhanced by the us- er’s full control over his personally identifiable information fulfils the characteristic of so called Life Management Platforms5 - see below.
The big picture is also addressed by a number of EU funded projects such as Pri- meLife, ABC4Trust, GINI-SA, and TClouds. PrimeLife6 for example has developed a user-side transparency enhancing tool “which gives the user an overview of what data have been sent to different data controllers and also makes it possible for a data subject to access her personal data and see information on how her data have been processed and whether this was in line with privacy laws and/or negotiated policies.” ABC4Trust7 is a successor of PrimeLife and focuses on attribute based credentials for trust. GINI-SA8 is a support action and “works towards the vision of a Personal Iden- tity Management environment.” TClouds9 finally “develops an advanced cloud infra- structure that can deliver computing and storage that achieves a new level of security, privacy, and resilience.” However, to the author’s knowledge none of them has intro- duced a user represented as an app that can be downloaded yet.
2.3 Authentication, Authorization, and Identity Management
On protocol level the most relevant developments for the LifeApp approach during the last two years are Kantara UMA and OAuth 2.0 (both described in the next para- graph) as well as OpenID Connect10 “a suite of lightweight specifications that provide a framework for identity interactions via REST like APIs.” Additionally, SAML11 provides an underlying XML-based format for exchanging authentication and 3 http://blogs.law.harvard.edu/vrm/ 4 http://www.economist.com/blogs/babbage/2011/11/personal-data 5 http://www.discoveringidentity.com/2012/07/11/life-management- platforms/ 6http://primelife.ercim.eu/ 7 https://abc4trust.eu/ 8http://www.gini-project.eu 9 http://www.tclouds-project.eu/ 10http://openid.net/connect/ 11 https://www.oasis-open.org/committees/download.php/27819/
authorization data between parties; LifeApp benefits from its single-sign-on feature. Higgins12 is relevant because it provides a Personal Data Service (PDS) that lets you control how your personal data is shared with friends and organizations you trust but the framework is still under development. In the future personal clouds might be based on Higgins. Last but not least SCIM13 is a new system for cross-domain identi- ty management and “is designed to make managing user identities in cloud-based applications and services easier.” SCIM will be evaluated in more detail in the next months.
Fig. 1. Kantara UMA Protocol
The integration of LifeApp in a Life Management Platform is based on Kantara UMA. The protocol U(ser) M(anaged) A(ccess) is a powerful authorization protocol specified by Kantara Work Group UMA14 and accepted by IETF (see Fig. 1 and [3]). It is a profile of OAuth 2.0 and implements two OAuth 2.0 cycles; the first cycle spe- cifies and manages the authorization between the authorizing user, the host(s) con- taining protected resources, and the so-called authorization manager; the second cycle defines the sequence of sharing information and enforcing access rights between the host(s), the authorization manager as well as the requester.
The UMA protocol is mainly characterized by the introduction of an independent authorization manager (AM) which will play an important role in the LifeApp approach described in chapter 5. The AM provides a central point of managing access policies to the authorizing user. The user can manage policies of all protected resources in a 12 http://www.eclipse.org/higgins/ 13http://www.simplecloud.info/ 14 http://kantarainitiative.org/confluence/display/uma/Home
standardized and centralized way, which are actually distributed to and stored at hosts such as business networks, location services or document sharing providers. The ad- vantage for hosts is that they can outsource the complete management of granting access rights to protected user resources to the AM.