USER-DIRECTED PRIVACY CONTROL IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM
First Claim
1. In an environment including at least one service provider each associated with a respective privacy policy, a system, comprising:
- an identity manager configured to manage a plurality of user identities;
a plurality of privacy preferences relative to at least one user identity; and
a privacy engine operatively associated with the plurality of privacy preferences, the privacy engine configured to evaluate at least one privacy preference against a privacy policy obtained from the environment.
3 Assignments
0 Petitions
Accused Products
Abstract
An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity in the form of a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines if it is acceptable. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset, which embodies the user'"'"'s privacy preferences regarding the disclosure of identity information. Based on the evaluation results, the user can either approve or disapprove the privacy policy, and so decide whether to proceed with disclosure of the user identity.
-
Citations
20 Claims
-
1. In an environment including at least one service provider each associated with a respective privacy policy, a system, comprising:
-
an identity manager configured to manage a plurality of user identities; a plurality of privacy preferences relative to at least one user identity; and a privacy engine operatively associated with the plurality of privacy preferences, the privacy engine configured to evaluate at least one privacy preference against a privacy policy obtained from the environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. In an environment including at least one service provider each associated with a respective privacy policy, method, comprising:
-
managing a plurality of user identities; providing a plurality of privacy preferences relative to at least one user identity; and evaluating at least one privacy preference against a privacy policy obtained from the environment. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. In an environment including at least one service provider each associated with a respective privacy policy, a computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
manage a plurality of user identities; provide a plurality of privacy preferences relative to at least one user identity; and evaluate at least one privacy preference against a privacy policy obtained from the environment. - View Dependent Claims (18, 19, 20)
-
Specification