December 12, 2006
As a whole, the Internet’s identity framework is coming apart and simply won’t be able to
sustain the explosive growth of interactive Web 2.0 applications. Ann Cavoukian, Ontario’s
information and privacy commissioner, presented her argument at an international conference last month
in Toronto. Not surprisingly, the symposium was hosted by the International Association of Privacy
Cavoukian’s paper, entitled Seven Laws of Identity: The Case for Privacy-Embedded Laws of
Identity in the Digital Age, pushes for a complete overhaul of the Internet’s identity management
system by embedding stricter privacy policies into the existing architecture.
Cavoukian says the Internet’s identity infrastructure is no longer sustainable in the face of spam,
phishing and other online fraud. “Consumer fears are growing and consumer confidence is dropping as
a result of all of this,” she says.
Her Privacy-Embedded Laws of Identity is an outline of what she believes should be done to
develop a universal identity authentication and authorization system. "What’s needed are improved
user control, data minimization techniques, privacy protection and stronger security,” says Cavoukian.
“The future of Internet security revolves around identity.” Cavoukian argues in her paper that online
fraud is threatening to cripple eCommerce. She says more verifiable identity credentials and much
greater mutual trust are required to support the new iteration of the Internet, or Web 2.0, with its
intelligent and interactive Web services.
“Identity systems that are consistent with the Privacy-Embedded Laws of Identity will help consumers verify
the identity of legitimate organizations before they decide to continue with an online transaction.
This should lead to a dramatic reduction in online fraud and deceptive emails,” says Cavoukian.
One method to help strengthen the protection of increasingly vulnerable online users is the
identity metasystem, she adds. “The genius of the metasystem is that it seeks to allow interoperability
with minimal disruption or modification,” says Cavoukian. “Supporters of Seven Laws and the identity à
metasystem call this the Identity Big Bang.”
Cavoukian describes the emergence of this identity meta-system as a profound development. “There has
never been a more strategic time to ensure that privacy interests are built into the new architecture
Overall, the commissioner emphasizes that possible solutions are complex, and that further education
and awareness are both necessary to address these issues.
“Improved methods of site and user authentication should be adopted.”
Cavoukian’s paper aims to identify a clear correlation between the internationally accepted Seven Laws of Identity, developed by Microsoft’s Kim Cameron, and how each law can be directly linked to established privacy principles.
“The Seven Laws empower the users to manage digital identities and personal information online,” says Cavoukian. “Many of the large technology developers and even critics of Microsoft have already signed on to the concept.”
In keeping with the Seven Laws of Identity, Microsoft has developed a “digital wallet” technology that the company hopes will create a more secure method of information exchange.
The technology is consistent with the universally accepted identity metasystem, allowing consumers to minimize their information exposure, and helping retailers to better protect consumer data.
In her keynote address, Cavoukian lauded Cameron’s Seven Laws of Identity as technologically necessary principles of identity management and expressed her support for Microsoft’s user identification system, dubbed CardSpace Identity Selector.
Microsoft Corp. plans to launch CardSpace as a Windows component embedded in the company’s Vista operating system.
CardSpace will allow a user to create multiple virtual ID cards. Each virtual card created by the user will contain only the minimum information that an individual would need to divulge to complete an online transaction applicable to the card.
“The system allows users to create a palette of cards. Users can choose which card they want to use depending on the context of the transaction to be carried out,” explains Cameron, chief identity architect for Microsoft.
The key to the system is that user information does not reside in one location, according to Peter Cullen, chief privacy strategist for Microsoft. “Data about a person is spread out among various institutions. For instance, banking information will be with the banks, while driving information will reside with the appropriate government agency.”
Cavoukian says the identity metasystem diminishes the surveillance and tracking of Internet use and personal information.
Source: IT World Canada
Advertise on E-Commerce News
If you have a product or service that deals with the ecommerce
or ebusiness field, advertising on E-Commerce News can bring
you new sales leads and close new marketing channels. This news
portal is read by over 25,000 people a week.
Businessmen and woman that either own an ecommerce website, an
ebusiness franchise, a B2B commercial exchange or by people in all walks
of life that need to keep abreast of this fast-changing field. For
more information on the many advantages of advertising on our news
portal or to request pricing information, please send us an
and a marketing representative will be glad to answer you