Footnotes (90)



Federated Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate

Thomas J. Smedinghoff

Locke Lord LLP

August 21, 2009

In an online environment, identifying and authenticating a person or entity that seeks remote access to a corporate system, that authors an electronic communication, or that signs an electronic document, is the domain of what has come to be called "identity management." It is essential to establishing the trust necessary to facilitate electronic transactions of all types, plays a key role in fighting identity fraud, and in many cases has become a legal obligation. Yet it is also a process that typically requires the disclosure, verification, storage, and communication of personal information, and thus, by its nature, raises significant legal, privacy and liability concerns, among others.

This paper outlines the basic concepts behind identity management and the developing concept of federated identity management, and identifies and examines some of the key legal risks that must be addressed to make it work. In particular, it:

• Explains the basic principles that underlie the concept of commercial identity management;
• Identifies the numerous legal issues raised by the use of identity management systems;
• Focuses on the privacy implications of the collection, verification, storage, communication, and disclosure of personal information in the context of identity management systems;
• Examines the role of identity management in addressing the legal and risk-based obligations to authenticate remote parties; and
• Evaluates the legal requirements applicable to all identity management systems, and how the operation of those systems raises issues of concern relating to the privacy and security of personal information

Number of Pages in PDF File: 36

Keywords: identity management, federated identity management, IdM, law, legal, authenticate, authentication, privacy, liability, identity, identification, identity provider, identity proofing, relying party,

JEL Classification: K00, K10, K12, K19, K20, K29, K30, K33, K39, L86

Open PDF in Browser Download This Paper

Date posted: September 12, 2009 ; Last revised: October 6, 2009

Suggested Citation

Smedinghoff, Thomas J., Federated Identity Management: Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate (August 21, 2009). Available at SSRN: https://ssrn.com/abstract=1471599 or http://dx.doi.org/10.2139/ssrn.1471599

Contact Information

Thomas J. Smedinghoff (Contact Author)
Locke Lord LLP ( email )
111 S. Wacker Drive
Chicago, IL 60606
United States
+1 312-201-2021 (Phone)
HOME PAGE: http://www.lockelord.com/professionals/s/smedinghoff-thomas-j?lang=en
Feedback to SSRN

Paper statistics
Abstract Views: 1,995
Downloads: 366
Download Rank: 62,779
Footnotes:  90