DOCSLIB.ORG

Privacy & Federated Authentication and Identity Management in The

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Privacy & Federated Authentication and Identity Management in The Nederlandse Organisatie voor toegepast-natuurwetenschappelijk onderzoek / Netherlands Organisation for Applied Scientific Research Brassersplein 2 P.O. Box 5050 2600 GB Delft The Netherlands TNO report T +31 15 285 70 00 F +31 15 285 70 57 [email protected] Privacy & federated authentication and identity management in the infoservice society Date 1 October 2007 Author(s) Gabriela Bodea & Marc van Lieshout Assignor TNO Reviewer Dr.Ir. J.G.E. Olk, TNO ICT Project number 035.31600 Report number 34564 Classification report Title FAIM deliverable: Privacy & federated authentication and identity management in the infoservice society Number of pages 54 (incl. appendices) Number of appendices 5 All rights reserved. No part of this report may be reproduced and/or published in any form by print, photoprint, microfilm or any other means without the previous written permission from TNO. All information which is classified according to Dutch regulations shall be treated by the recipient in the same way as classified information of corresponding value in his own country. No part of this information will be disclosed to any third party. In case this report was drafted on instructions, the rights and obligations of contracting parties are subject to either the Standard Conditions for Research Instructions given to TNO, or the relevant agreement concluded between the contracting parties. Submitting the report for inspection to parties who have a direct interest is permitted. © 2007 TNO Nederlandse Organisatie voor toegepast-natuurwetenschappelijk onderzoek / Netherlands Organisation for Ap plied Scientific Research Brassersplein 2 Abstract P.O. Box 5050 2600 GB Delft The Netherlands T +31 15 285 70 00 F +31 15 285 70 57 [email protected] The present paper examines some of the privacy issues re lated to forms of federated authentication and identity management (FAIM) employed in the delivery of electronic services (mainly of the government). The paper should be read as a merely exploratory exercise. It starts by defining bri efly the context in which current forms of federated authentication and identity ma nagement (FAIM) are being employed. For this purpose, a new concept has been introduced, that of the infoservice society. Subsequently, the paper takes a closer look at the situation in three countries: the Netherlands, Austria and the United States. The brief inventory of developments in the three countries will be used to distil some insights into related privacy issues, formulate conclusions and policy recommendations. TTNO report | 34564 | final report 3 / 44 Appendices A OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data B The European and international legal context – a selection C Selection of relevant legislative and regulatory framework & organizations D E-Government in Austria - timeline E E-Government in the Netherlands – timeline Contents Abstract .......................................................................................................................... 2 1 Introduction and definitions ......................................................................................... 4 1.1 Scoping the exercise ........................................................................................................ 5 1.2 Methodology.................................................................................................................... 8 2 Case studies ....................................................................................................................9 2.1 The Netherlands............................................................................................................... 9 2.2 The United States of America........................................................................................ 15 2.3 Austria............................................................................................................................ 21 3 Analysis and federation-related privacy issues ......................................................... 26 3.1 Dilemmas....................................................................................................................... 30 3.2 Challenges......................................................................................................................31 4 Suggestions and recommendations............................................................................. 34 4.1 Addressing roadblocks by means of regulatory, co- and self-regulatory measures....... 34 4.2 Addressing roadblocks by means of technical solutions ............................................... 35 5 Instead of conclusions.................................................................................................. 36 6 Bibliography................................................................................................................. 39 7 Other resources............................................................................................................ 41 8 Signature.......................................................................................................................43 TTNO report | 34564 | final report 4 / 44 1 Introduction and definitions "A stone is a stein is a rock is a boulder is a pebble." Ernest Hemingway ("A rose is a rose is a rose is a rose." Gertrude Stein) This paper was written in the context of the TNO-ICT project FAIM. FAIM is an abbreviation of Federated Authentication and Identity Management. The project FAIM set itself the task to explore the various facets and, insofar as possible, address the questions around the concept of FAIM, in order to allow TNO ICT to formulate a vision on the subject. The main aim and objective of this paper, as part of the FAIM project, was to develop our own understanding of current developments, the impact of ICT on society, and in particular privacy-related issues pertaining to FAIM. In the title, we introduced a new term, that of the infoservice society. The infoservice society refers to a new stage in the development of the information society. Regarding the information society and for the purpose of this paper we chose to restrict the period to which we referred in this paper to the post-digital revolution era. The purpose of introducing the new term is a practical one. It is meant to describe more accurately specific recent developments. During the past decade western societies witnessed the explosive growth and broad availability of information and knowledge. (Advances in) information technologies were instrumental in making this possible. The access to information and, to a certain extent, the production or the making available of information have lost their spatial and, arguably, temporal dimensions. These developments had a profound social and economic impact. During the alpha, or preliminary stage of development the available information in terms of sheer quantity, grew exponentially. Particularly, the internet had a democratizing effect on information. Established roles, especially gate-keeping roles, were challenged, and new roles and competencies were negotiated. A certain sense of chaos became prevalent and with it the need for structure. This stage, the beta stage, could be equated with a prototype and experimental stage. From a technical perspective, information systematization became imperative (from basic search engines to information management). From a social perspective, new configurations emerged: whether as new networks or changed power positions. From an economic perspective, the commercial potential of information was recognized and began to be exploited (from information itself as a commodity to information technologies as new and effective means to deliver services). The three perspectives, however, should not be seen separately but together, constituting an entity. This stage corresponds to the infoservice society. A case in point are the various forms of electronic governments. Providers of services are no longer exclusively businesses, but also governments. The pervasiveness of internet, especially broadband internet makes possible the delivery of complex services over the internet. The issue of federated TTNO report | 34564 | final report 5 / 44 authentication and identity management is characteristic for this phase, and often at the core of e-Gov and other types of services. FAIM have the potential to increase efficiency, reduce costs, and enhance privacy. Definitions of concepts The Liberty Technical Glossary defines federation as an association comprising any number of service providers and identity providers. The same Glossary defines identity as the essence of an entity. One’s identity is often described by one’s characteristics, among which may be any number of identifiers.1 1.1 Scoping the exercise This contribution to the FAIM project focuses on the broader social, juridical, ethical and political – and to a certain extent on the historical and cultural – context in which federated identification and authentication management evolves. FAIM cannot be seen isolated from the socio-political context in which it is developed. Interestingly, one could see in FAIM an attempt to rectify the societal discourse on dealing with personal data in a direction in which more respect is paid to privacy concerns. This societal discourse has been guided in the direction of collecting and aggregating more personal data and use of these personal data for identification purposes. Previous attempts of states to introduce central administrations
Load more

Recommended publications
  • The Basis for Fire Safety Substantiating Fire Protection in Buildings
    The Basis for Fire Safety Substantiating fire protection in buildings Fire Safety Professorship René Hagen and Louis Witloks The Basis for Fire Safety Substantiating fire protection in buildings 1 Publication Details Authors René Hagen and Louis Witloks, Fire Safety professorship of the Instituut Fysieke Veiligheid, in close cooperation with various research groups of Brandweer Nederland, the organisation of Dutch fire services. Photographs Cover photo: Jan Beets Inside photos: René Hagen, Martin de Jongh, Rob Jastrzebski, Jeroen Schokker, Wikimedia and Instituut Fysieke Veiligheid Translation Esperanto WBT Support This publication was also made possible by Underwriters Laboratories and European Fire Safety Alliance (EuroFSA). The knowledge document entitled ‘The Basis for Fire Safety’ was originally written on the basis of the Dutch situation, but in practice, it was soon found to be applicable to situations outside the Netherlands as well. The approach to fire safety as described and elaborated in this document can be applied universally. It describes the backgrounds and provides a substantiation of fire protection measures and facilities. And they also apply internationally, since fire development and fire growth are not specific to just one country. When using this publication for situations outside the Netherlands, please remember that the statistical details stated only concern the Netherlands. Where regulations are referred to, as is specifically the case in chapter 6, this is Dutch legislation. However, the book is definitely suitable for international use as its main focus is on the backgrounds and substantiation of fire safety measures and facilities which are based on fire development, the spread of smoke, the behaviour of constructions and people's behaviour when fleeing a building, instead of on statutory requirements.
    [Show full text]
  • CNS National Report of the Netherlands
    Ministry of Economic Affairs Convention on Nuclear Safety (CNS) National Report of the Kingdom of the Netherlands for the Sixth Review Meeting in April 2014 July 2013 2/178 CONTENTS CONTENTS LIST OF SYMBOLS AND ABBREVIATIONS .................................................................................... 9 INTRODUCTION ................................................................................................................................. 17 SUMMARY .......................................................................................................................................... 23 PART I REGULAR CNS-TOPICS ....................................................................................... 23 Changes to legislative and regulatory framework ...................................................................... 23 Regulatory body ......................................................................................................................... 24 Recent regulatory and safety issues ........................................................................................... 24 Results of international peer review missions and implementation of their findings ................ 25 Drills, exercises and lessons learnt............................................................................................. 26 Actions on transparency and communication with the public ................................................... 26 Important issues identified in previous report and follow-up ...................................................
    [Show full text]
  • Situation in the Netherlands
    UvA-DARE (Digital Academic Repository) State immunity and cultural objects on loan van Woudenberg, N. Publication date 2011 Link to publication Citation for published version (APA): van Woudenberg, N. (2011). State immunity and cultural objects on loan. General rights It is not permitted to download or to forward/distribute the text or part of it without the consent of the author(s) and/or copyright holder(s), other than for strictly personal, individual use, unless the work is under an open content license (like Creative Commons). Disclaimer/Complaints regulations If you believe that digital publication of certain material infringes any of your rights or (privacy) interests, please let the Library know, stating your reasons. In case of a legitimate complaint, the Library will make the material inaccessible and/or remove it from the website. Please Ask the Library: https://uba.uva.nl/en/contact, or a letter to: Library of the University of Amsterdam, Secretariat, Singel 425, 1012 WP Amsterdam, The Netherlands. You will be contacted as soon as possible. UvA-DARE is a service provided by the library of the University of Amsterdam (https://dare.uva.nl) Download date:26 Sep 2021 Chapter 8 Situation in the Netherlands 8.1 State immunity in the Netherlands1 The Netherlands has a rather interesting legislative system concerning immunity for States and their property. The combination of provisions contained in the Act on General Provisions of Kingdom Legislation, the Code of Civil Procedure and the Court Bailiffs Act gives a fairly overlapping protection, whereby it is of course always the judiciary has the last say when it comes to the judicial interpretation of these provisions.
    [Show full text]
  • Public Urban Green Spaces in the Dutch Municipal Omgevingsvisie: Developing a Decision-Making Support Model for Envisioning Greenness
    Public Urban Green Spaces in the Dutch Municipal Omgevingsvisie: Developing a Decision-Making Support Model for Envisioning Greenness Master’s Thesis Spatial Planning, Specialisation Planning, Land and Real Estate Development Nijmegen School of Management Radboud University August 2020 by Jay Erdkamp Image front page: Library of Congress. (n.d.). Nijmegen Kronenburger Park [Cut-out of photochrom; created between ca. 1890 and ca. 1900]. Retrieved from http://loc.gov/pictures/resource/ppmsc.05835/ Public Urban Green Spaces in the Dutch Municipal Omgevingsvisie: Developing a Decision-Making Support Model for Envisioning Greenness Master’s Thesis Spatial Planning, Specialisation Planning, Land and Real Estate Development Nijmegen School of Management Radboud University August 2020 by Jay Erdkamp Student Number: s4468368 Supervisor: P. J. Beckers Second Reviewer: D. A. A. Samsura Word Count: 34921 II We need wonder and awe in our lives, and nature has the potential to amaze us, stimulate us, and propel us forward to want to learn more about our world. The qualities of wonder and fascination, the ability to nurture deep personal connection and involvement, visceral engagement in something larger than and outside ourselves, offer the potential for meaning in life few other things can provide. (…) We need the design and planning goals of cities to include wonder and awe and fascination and an appreciation for the wildness that every city harbors. – T. Beatley, Biophilic Cities: Integrating Nature into Urban Design and Planning, pp. 14-15. Nature – even in our modern urban society – remains an indispensable, irreplaceable basis for human fulfillment. – S. R. Kellert, Building for Life: Designing and Understanding the Human- Nature Connection, p.
    [Show full text]
  • Law and Religious Cultural Heritage in Europe
    Theodosios Tsivolas Law and Religious Cultural Heritage in Europe Foreword by Professor Norman Doe Law and Religious Cultural Heritage in Europe ThiS is a FM Blank Page Theodosios Tsivolas Law and Religious Cultural Heritage in Europe Foreword by Professor Norman Doe Theodosios Tsivolas Athens Greece ISBN 978-3-319-07931-8 ISBN 978-3-319-07932-5 (eBook) DOI 10.1007/978-3-319-07932-5 Springer Cham Heidelberg New York Dordrecht London Library of Congress Control Number: 2014945550 © Springer International Publishing Switzerland 2014 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. The use of general descriptive names, registered names, trademarks, service marks, etc.
    [Show full text]
  • Regulatory Framework: Legal Challenges and Incentives for the Development of Hydrogen Infrastructure in Port Areas
    Regulatory Framework: Legal Challenges and Incentives for the Development of Hydrogen Infrastructure in Port Areas The Havenschets project was carried out with subsidy from the Ministry of Economic Affairs, National schemes for Economic Affairs subsidies, Topsector Energy implemented by the Netherlands Enterprise Agency (RVO). Prepared by: Liv Malin Andreasson (RUG) Kars de Graaf (RUG) Martha Roggenkamp (RUG) Page 2 Status: Final 31-12-2020 Table of Contents 1. Introduction ..................................................................................................................................... 3 1.1 Power-to-Gas Technology ......................................................................................................................... 3 1.2 Development of Hydrogen Infrastructure in Port Areas ........................................................................... 5 1.3 Objectives and Scope ................................................................................................................................ 7 1.4 Structure of Deliverable ............................................................................................................................ 8 2. Legal Structure and Governance of Ports .................................................................................... 9 2.1 Introduction .............................................................................................................................................. 9 2.2 The Definition of a ‘Port’ ..........................................................................................................................
    [Show full text]
  • The Legal Relevance of Constitutional Conventions in the United Kingdom and the Netherlands Max Vetzo*
    Student Paper The Legal Relevance of Constitutional Conventions in the United Kingdom and the Netherlands Max Vetzo* 1. Introduction 1.1 Background Constitutional conventions are rules of political practice accepted as obligatory by those concerned in the working of the constitution.1 This category of rules occupies a position between mere political practice and constitutional law. Conventions can be found in constitutions all over the world,2 but are said to play a particularly prominent role in the constitutional system of the United Kingdom. Noteworthy examples are the rule that the monarch does not refuse to sign a Bill approved by Parliament and the rule that the UK Parliament does not legislate on matters devolved to Scotland without prior consent of the Scottish Parliament. To unscramble the complexities of constitutional conventions, UK constitutional scholars have paid a lot of attention to them. A generally accepted proposition in the debate on conventions is that conventions are not legal rules. Against the background of this maxim, an interesting question has come to occupy the debate on conventions in the UK: despite not being legal rules, can conventions be enforced before courts? The landmark Miller case before the UK Supreme Court has recently fuelled this debate once again.3 The academic debate on constitutional conventions in the Netherlands finds itself at a different stage of maturity. While it is acknowledged that constitutional conventions play an important role in the Dutch constitution, until 2014 very little attention was paid to this category of constitutional rules. That year marked the return of the constitutional convention to the constitutional debate in the Netherlands.
    [Show full text]
  • Provincial Solar and Wind Energy Policy
    Provincial solar and wind energy policy A comparison between the province of Noord-Brabant and the province of Gelderland Personal Details ▪ Name: Luuk (L) Beimans ▪ ANR: 855957 ▪ University: Tilburg University, Master Public Governance ▪ Faculty: Tilburg Law School ▪ Department: Tilburg Institute of Governance (TIG) ▪ Supervisor: Dr. M.A. Verba, MPA. ▪ Second supervisor: Prof. Dr. M.L.P. Groenleer ▪ Date: 30 July 2018 Provincial solar and wind energy policy Luuk Beimans 30-7-2018 Preface Before you lies the Master’s Thesis about provincial solar and wind energy policy. It has been written to complete the Public Governance program at Tilburg University. Doing the research was an interesting process that sometimes went quite stiffly and at other times went smoothly. Prior to the actual research, I found it particularly difficult to select a feasible and interesting focus of the research, which led to a slow start. Also during the research I had to sharpen the focus of the research a couple of times. However, once I succeeded in sharpening the focus sufficiently, the research started to float. In particular, I found it interesting to learn more about the legal policy instruments that the provinces can use with regard to spatial planning. All in all, working on the Master’s Thesis was an instructive, challenging and interesting experience. In the first place, I would like to thank Dr. M.A. Verba, MPA. for the wise advice, the sharing of knowledge and the organization of helpful meetings. In addition, I would like to thank Prof. Dr. M.L.P. Groenleer, J.F.L.M.M.
    [Show full text]
  • The Integration of the Protection of Nature Conservation Areas in Dutch Spatial Planning Law and Environmental Management Law
    The integration of the protection of nature conservation areas in Dutch spatial planning law and environmental management law A.B. Blomberg, A.A.J. de Gier & J. Robbe* 1. Introduction This article focuses on the integration of the protection of designated areas in Dutch environmen- tal law or how area protection affects other parts of Dutch environmental law. We will be concentrating on area protection under the Dutch Nature Conservation Act 1998 and the role that area protection plays in spatial planning and environmental management. The Spatial Planning Act (Wet ruimtelijke ordening) and the Environmental Management Act (Wet milieubeheer), respectively, provide the statutory framework for these two areas. These two Acts regulate activities which are – or can be – of great significance in the protection of nature reserves intended by the Nature Conservation Act, namely the various forms of land use and the exploita- tion of establishments which have an environmental impact, respectively. The question concern- ing the integration of the protection of nature reserves is therefore particularly important where these two areas are concerned. First we will examine the meaning which we attach to the two terms that are so crucial to this contribution, namely environmental law and integration, after which we will consider the influence of European and international law on the degree of integration within environmental law. This will be followed by a discussion of the Dutch Nature Conservation Act 1998, the Spatial Planning Act and the Environmental Management Act (EMA). Needless to say, this will focus on the parts of this legislation which are relevant to area protection and its integration.
    [Show full text]
  • Q&A on Environmental Law in the Netherlands
    Q&A on Environmental Law in The Netherlands 1 Q&A on Environmental Law in The Netherlands 2 Q&A on Environmental Law in The Netherlands Contents Introduction 7 Environmental regulatory framework 7 1. What are the key pieces of environmental legislation and the regulatory authorities in your jurisdiction? ....................................................................................................................... 7 Public/administrative law ................................................................................................... 8 Criminal law ...................................................................................................................... 8 Regulatory enforcement 8 2. To what extent are environmental requirements enforced by regulators in your jurisdiction?.. 8 Environmental NGOs 8 3. To what extent are environmental non-governmental organisations (NGOs) and other pressure groups active in your jurisdiction? ....................................................................... 8 Environmental permits 8 4. Is there an integrated permitting regime or are there separate environmental regimes for different types of emissions? Can companies apply for a single environmental permit for all activities on a site or do they have to apply for separate permits? ................................ 8 APPA ............................................................................................................................ 9 WP ...........................................................................................................................
    [Show full text]
  • Doing Infrastructure Projects in the European Union, 2014
    参与欧洲工程及基建项目指南 参与欧洲工程及基建项目指南 - DOING INFRASTRUCTURE PROJECTS IN THE EUROPEAN UNION DOING INFRASTRUCTURE PROJECTS IN THE EUROPEAN UNION WWW.HOUTHOFF.COM FOREWORD Although there are many similarities between large infrastructure projects around the world the success of a business venture will stand or fall with the attention to details. Houthoff Buruma has a long-standing tradition of advising Chinese companies on their investments abroad. This publication, which is part of a series, aims to provide an outline of the practical approach for Chinese companies seeking to participate in European infrastructure projects. Europe has an ambitious agenda in this arena and is regarded as one of the safest regions in the world to invest in. Houthoff Buruma has a long term vision on cooperation and partnership. The success of our firm is based on helping our clients achieve their business goals. JAAP BOSMAN Global Director of Business Development Houthoff Buruma 78 DOING INFRASTRUCTURE PROJECTS IN THE EUROPEAN UNION TABLE OF CONTENT FORWORD 78 1. INTRODUCTION 82 2. THE NETHERLANDS AT A GLANCE 2.1 Quick facts 84 2.2 The country: a brief overview 84 2.3 Diplomatic relations / european union 87 2.4 Dutch government 87 2.5 Legal system 88 2.6 Enforcement of foreign judgments 90 3. PROJECTS IN THE NETHERLANDS – AN OVERVIEW 3.1 Sectors to watch 92 3.2 Characteristics of projects: elements to bear in mind 94 4. DUTCH CONTRACT LAW: A FEW CHARACTERISTICS 4.1 Introduction 96 4.2 General principles of dutch contract law 96 4.3 Specific principles of dutch contract law 97 5.
    [Show full text]
  • Guide to Doing Business in the Netherlands 2010 Contents
    >>Guide to Doing Business in the Netherlands 2010 Contents 1. Introduction to Houthoff Buruma ........................................................................................................................................................................................................................ 9 2. The Country at a Glance ........................................................................................................................................................................................................................................................ 11 2.1 The Netherlands ........................................................................................................................................................................................................................................................... 11 2.2 Diplomatic relations / European Union ...................................................................................................................................................................... 14 2.3 Dutch government ................................................................................................................................................................................................................................................ 15 2.4 Legal system ........................................................................................................................................................................................................................................................................
    [Show full text]