Thomas Smedinghoff, Federated Identity Management – Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate

Thomas Smedinghoff, Federated Identity Management – Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate

Comment by: Gerry Stegmaier

PLSC 2009

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1471599

Workshop draft abstract:

Because identity management typically (but not always) requires the disclosure, verification, storage, and communication of personal information, the paper will focus on the impact of the legal issues surrounding identity management systems on the privacy of the individuals involved.  In particular, it will:

* Explain the basic principles that underlie the concept of commercial identity management (including in particular, the developing notion of federated identity management);

* Identify the numerous legal issues raised by the use of identity management (particularly federated systems);

* Focus on the privacy implications of the collection, verification, storage, communication, and disclosure of personal information in the context of identity management systems;

* Examine the role of identity management in addressing the legal and risk-based obligations to authenticate remote parties to on-line transactions; and

* Evaluate the legal requirements applicable to all identity management systems, and how the operation of those systems raise and might address issues of concern relating to the privacy and security of personal information.