Abstract

http://ssrn.com/abstract=1471599
 
 

Footnotes (90)



 


 



Federated Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate


Thomas J. Smedinghoff


Edwards Wildman Palmer LLP

August 21, 2009


Abstract:     
In an online environment, identifying and authenticating a person or entity that seeks remote access to a corporate system, that authors an electronic communication, or that signs an electronic document, is the domain of what has come to be called "identity management." It is essential to establishing the trust necessary to facilitate electronic transactions of all types, plays a key role in fighting identity fraud, and in many cases has become a legal obligation. Yet it is also a process that typically requires the disclosure, verification, storage, and communication of personal information, and thus, by its nature, raises significant legal, privacy and liability concerns, among others.

This paper outlines the basic concepts behind identity management and the developing concept of federated identity management, and identifies and examines some of the key legal risks that must be addressed to make it work. In particular, it:

• Explains the basic principles that underlie the concept of commercial identity management;
• Identifies the numerous legal issues raised by the use of identity management systems;
• Focuses on the privacy implications of the collection, verification, storage, communication, and disclosure of personal information in the context of identity management systems;
• Examines the role of identity management in addressing the legal and risk-based obligations to authenticate remote parties; and
• Evaluates the legal requirements applicable to all identity management systems, and how the operation of those systems raises issues of concern relating to the privacy and security of personal information

Number of Pages in PDF File: 36

Keywords: identity management, federated identity management, IdM, law, legal, authenticate, authentication, privacy, liability, identity, identification, identity provider, identity proofing, relying party,

JEL Classification: K00, K10, K12, K19, K20, K29, K30, K33, K39, L86

working papers series


Download This Paper

Date posted: September 12, 2009 ; Last revised: October 6, 2009

Suggested Citation

Smedinghoff, Thomas J., Federated Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate (August 21, 2009). Available at SSRN: http://ssrn.com/abstract=1471599 or http://dx.doi.org/10.2139/ssrn.1471599

Contact Information

Thomas J. Smedinghoff (Contact Author)
Edwards Wildman Palmer LLP ( email )
225 W. Wacker Drive, Suite 3000
3000
Chicago, IL 60606
United States
Feedback to SSRN


Paper statistics
Abstract Views: 1,528
Downloads: 315
Download Rank: 51,539
Footnotes:  90

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo3 in 0.500 seconds