User interfaces in identity management aim at a transparent, comprehensible and context-independent way of dealing with personally identifiable information. The user needs to be able to relate to how his or her virtual identities are used, whether the usage is compliant to their policies and bound to a specific purpose, as well as wheth- er the complete life-cycle is user-controlled. In short: It needs to support the privacy protection goals: transparency, unlinkability and intervenability.
Usable security and privacy is the key to acceptance of any identity system balanc- ing user requirements and requirements of providers of context-aware personalized services. The following paragraphs introduce a user interface design for managing the information and identity life cycle at a smartphone.
The creation of new virtual identities and corresponding profiles is one of the key features of the Personal Information Assistant (PIA); see Fig. 5 (a). Some services rely on one’s real name and address, sometimes on birth date and credit card informa- tion, some services, however, just ask for an email address to verify one's real interest in a white paper or article. So, for different purposes users can define specific contex- tual profiles containing subsets of PII.
Editing such profiles and preferences is illustrated in Fig. 5 (b). Basically, it is an open list of attributes, claims, and credentials that can be reused in different virtual identities and profiles. The goal is that PIA – in addition to predefined ones – can learn new attributes from relying parties. For a first realization it is planned, however, that the user himself establishes links between attributes with the same semantics explicitly. The result will be user defined ontologies; standardized ontologies will be part of future research.
An example of PIA during run-time shows Fig. 6. Part (a) lists the registered people, environments, and services Bob shares personal information with and which are authorized to access certain corresponding profiles. As a prerequisite each of them has downloaded Bob’s LifeApp. Part (b) illustrates the other way around. Details of communication partners Bob has downloaded are presented. Here, the list contains Alice, Bob's wife, his best friend Thomas, his boss, as well as his lovely dog Brutus. How Bob benefits from PIA managing his relationships explain the paragraphs below:
Fig. 5. LifeApp User Interface Mockup – Part 1
1.Alice is Bob‘s wife and as such part of the group family. Bob and Alice share al- most everything from each other’s LifeApps. Bob certainly knows Alice‘s birthday – however, not to forget it the calendar throws a birthday warning. Bob checks Alice‘s favorites in her profile, compares it with his history from last celebrations and agrees with others from family and friends in order to avoid doublings. 2.Bob and Thomas are friends. As friends Bob and Thomas share specific LifeApp
configurations. Thomas recommends a good restaurant from his latest trip and he informs Bob that he got the tickets for the forthcoming football game on Saturday. 3.Bob‘s boss is part of the group company. The LifeApp profile that Bob shares with his boss and other colleagues is pretty restricted. According to his calendar Bob‘s boss in on a business trip. In Bob‘s inbox are five new emails from his boss. A meeting had to be postponed. A new appointment has to be agreed.
4.Brutus is Bob‘s dog and belongs to the group pets. Via Brutus‘ LifeApp Bob has access to vital functions such as breath, pulse, and blood sugar. So, Bob knows that Brutus is sleeping right now. The lifecam offers a stream from the dog‘s place. User interface design is manifold. The mock-up presented above is just one example based on a smartphone layout. Since the logic of the personal information assistant is separated from the presentation layer alternatives such as laptops, desktops, tablets and even smart TVs can be supported efficiently.
8
Conclusion
Life Management Platforms are designed for users to centralize their management of personally identifiable information (PII) for example in Personal Clouds. Manage- ment, here, basically refers to the life cycles of attributes, claims, profiles, and poli- cies in personalized service environments. The introduction of the LifeApp approach into such environments – as proposed in this paper – is a powerful new paradigm to establish new forms of relationships between authorizing users and service providers.
The novelty of the LifeApp approach is the user’s app that can be downloaded by collaboration partners such as other people, Cloud services, and intelligent environ- ments. The LifeApp might contain content such as attributes, profiles, and policies already or (recommended) just references plus access policies to protected informa- tion at personal data stores. At the service provider’s side the LifeApp is able to estab- lish a trusted contact point and a secure channel which enables the user to monitor and control the access to, usage of, and the life cycle of his or her PII. Main advantages for service providers are up-to-date and synchronized authentic user data, avoiding inconsistencies and non-active users, as well as being compliant to data protection regulation when needed (and if integrated into the LifeApp). Note: The concept as- sumes collaboration partners whose business models do not rely on selling PII.
The paper evaluated the LifeApp concept according to the 7 Laws of Identity and could show that the new privacy protection goals transparency, unlinkability and in- tervenability are supported. Therefore, the integration of the LifeApp concept in a Life Management Platform enables developers of personalized service environments to implement privacy by design.
Roadmap for a proof of concept: The mock-up has been partly underpinned by specific implementations already. The UMA protocol has been implemented last year. Currently, as part of a nationally funded project15, first components of the proposed Life Management Platform such as the personal data store are under development and authentication technologies such as OpenID Connect and the new German ID card are supposed to be integrated soon. The implementation of the LifeApp component, finally, is planned for the end of 2013.
References
1. Hansen, M.: Top 10 Mistakes in System Design from a Privacy Perspective and Privacy Protection Goals. In: Camenisch, J., Crispo, B., Fischer-Hübner, S., Leenes, R., Russello, G. (eds.) Privacy and Identity 2011. IFIP AICT, vol. 375, pp. 14–31. Springer, Heidelberg (2012) http://www.csc.kth.se/~buc/PPC/Slides/marit.pdf
2. Rost, M., Bock, K.: Privacy by Design and the New Protection Goals. Datenschutz und Datensicherheit 35, 30–35 (2011), https://www.european-privacy-seal.eu/ results/articles/BockRost-PbD-DPG-en.pdf
3. Hardjono, T. (ed.): User Managed Access (UMA) Profile of OAuth 2.0. IETF Internet- Draft (2013), http://docs.kantarainitiative.org/uma/draft-uma- core.html
4. Cameron, K.: The Laws of Identity (2005), http://www.identityblog.com/ stories/2005/05/13/TheLawsOfIdentity.pdf
5. Albrecht (Rapp.), J.P.: Draft Report on the proposal for a regulation with regard to the processing of personal data and on the free movement of such data (General Data Protec- tion Regulation) (December 2011), http://www.europarl.europa.eu/ meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf 6. Article 29 Data Protection Working Party, Opinion 05/2012 on Cloud Computing (July
2012), http://ec.europa.eu/justice/data-protection/article-29/ documentation/opinion-recommendation/files/2012/wp196_en.pdf 7. González-Tablas, A.I., Alam, M., Hoffmann, M.: An architecture for user-managed loca-
tion sharing in the Future Internet of Services. In: The 4th International Workshop on Trustworthy Internet of People, Things & Services, co-located with the Internet of Things 2010 Conference, Tokyo, Japan, November 29-December 1 (2010), http://www. seg.inf.uc3m.es/papers/2010tiopts.pdf
8. Fischer-Hübner, S., Hoofnagle, C., Krontiris, I., Rannenberg, K., Waidner, M. (eds.): On- line Privacy: Towards Informational Self-Determination on the Internet, http:// drops.dagstuhl.de/opus/volltexte/2011/3205/
15 http://www.aisec.fraunhofer.de/de/kompetenzen/projekte/sealed- cloud.html