Categories
Articles

Do Display Names Matter?

Display Names are often how we are represented online. Michael might choose to appear as “MusicFan”, “Mikey”, “Florence” or “Andrew”. Does that establish a good tone for discussion? Or does it risk misleading readers, perhaps making them act on the basis of a mistaken identity? Platforms that use display names can and, I think, should […]

Categories
Publications

Thinking with GDPR: Design by Data Protection

Last year, I was invited to give a talk “on GDPR” to NISO, an organisation that develops standards for managing digital information. While most of my thinking and writing has looked at applying data protection law to existing systems, this seemed like a good opportunity to think about how you might use it at an […]

Categories
Articles

Digital Qualifications and GDPR

Over the past decade or more, we’ve developed federated access management as a technical, policy and legal framework to exchange up-to-date information to help current staff and students access the resources they need. Authentication, status and membership information all need to be fresh to be useful and frequent use makes it worth organisations entering into […]

Categories
Articles

Information Sharing: Failing Smarter

Over the past twenty years, I’ve seen a lot of attempts to start information sharing schemes. And a lot of those have failed, some very slowly, despite huge amounts of effort. I wondered if there pointers that could be used, early on, to try to spot those. Story First, what is the story? If you […]

Categories
Presentations

Thinking with GDPR

[Based on a presentation for the NISO Plus conference, February 22-25, 2021] One thing it seems everyone knows about Europe is that we have a strong privacy law: the General Data Protection Regulation, or GDPR. In this talk I’d like to get you viewing that not just as a law, but as a really useful […]

Categories
Articles

Building Trust in a Digital Identity

A panel on “Building Trust in a Digital Identity” at the UK IGF may have raised more questions than answers, but at least highlighted why doing so is taking so long. Since terminology can be confusing, what was being discussed was how to prove facts about your real-world self to an online service: for example […]

Categories
Articles

Identity without identifying

In the week that would have been their annual conference, EEMA have been hosting a series of fascinating online discussions among experts in the identity world. Today’s featured Steve Purser, Dave Birch and Kim Cameron in a deep discussion about whether we might have been looking at the wrong kind of “identity” all along… The […]

Categories
Publications

IDPro Body of Knowledge

I was delighted to be invited to contribute an article to IDPro’s Body of Knowledge for professionals working in the field of digital identity. Mine is (of course) on how the GDPR applies to identity management. But as well as standards and regulation the collection is steadily expanding to cover things like privacy for consumers, […]

Categories
Articles

Federated Authentication and the GDPR Principles

The General Data Protection Regulation’s Article 4(1) establishes six principles for any processing of personal data. It’s interesting to compare how federated authentication – where a student authenticates to their university/college, which then provides relevant assurances to the website they want to access – performs against those principles when compared with traditional direct logins to […]

Categories
Articles

GDPR Exports and Federated Authentication

Although the Article 29 Working Party seem to have had applications such as incident response in mind when drafting their guidance on exports, that guidance could also be helpful in the field of federated authentication. This technology allows an “identity provider” such as a university or college to assure a “service provider” such as a […]