An architecture for identity management
Personalization of on-line content by on-line businesses can improve a user’s experience and increase a business’s chance of making a sale, but with stricter privacy legislation and Internet users’ increasing concerns about privacy, businesses need to ensure they do not violate laws or frighten away potential customers. This thesis describes the design of the proposed Identity Management Architecture (IMA). The IMA system allows users to decide on a per business basis what personal information is provided, gives users greater access to their personal information held by on-line businesses, and does not rely on a trusted third-party for management of personal information. In order to demonstrate the design and functionality of the IMA system a prototype implementation has been built. This implementation consists of the IMA client application and an example participating business to demonstrate the features of the IMA client. To evaluate the design of the IMA system it was compared to three high profile identity management systems: Microsoft .NET Passport, Liberty Alliance Project, and Microsoft Infocards. Through this evaluation each tool was compared based on the access to personal information provided to users and on what areas of privacy legislation compliance are improved for a business that participates.
identity management, privacy, ima
Master of Science (M.Sc.)