Architecting Interoperable Privacy within User-Centric Federated Digital Identity Systems: Overview of a Service-Oriented Implementation Framework Ghazi Ben Ayed1, Solange Ghernaouti-Hélie1 1
Information Systems Institute, Faculty of Business and Economics, University of Lausanne, CH-1015, Lausanne, Switzerland {Ghazi.Benayed, Sgh}@unil.ch
Abstract. With the emergence of service-oriented economy, distributed systems and cloud computing, thus the development of service oriented architecture and the adoption open standards become a mean to assure interoperability. Privacy could play a key role for digital identity protection and security. We suggest an implementation framework, Privacy-as-a-Set-ofServices (PaaSS) framework, which could help information system’s security team to implement digital identity privacy requirements into a set of services. The framework relays on the idea that digital identity privacy business interoperability should be taken into consideration from the outset of the project in order to be able to provide technical interoperability. Business interoperability is a set of requirements that are drawn from global, domestic and business-specific privacy policies, however, technical interoperability is offered through the adoption of open standards and implementation of a set of services and service’s interfaces that could accommodate SOA. The framework is in accordance of model-driven architecture (MDA) approach and it is composed of five layers and three mapping gateways. Inter- & intra-layers iterations are consequence of SOA delivery lifecycle and strategies alignment. Keywords: SOA, Privacy, Digital identity, Implementation framework.
1 Introduction The digital society is being criminalized. The fraudulent use of individual identity has increased at an alarming rate, thus effective privacy and identity management can play a key role to secure participation in digital society. When privacy is compromised, security of the individual, the organization or the country could be threatened. The dramatic increase in identity theft and other types of digital identity is unlikely to end soon. Security, identity theft, incorrect computer records, credit rating destruction, privacy, online purchasing and banking, loss of identity, misuse of personal information, phishing, identity cards, behavioral monitoring and tracking, etc. The list of concerns is long and people still feel concerned and worried about the digital world, security and loss of control. Criminal forces have organized themselves internationally to trick users into releasing valuable information through phishing