The annual Trust in Digital Life event took place on April 7th and 8th, 2014 in Vienna.
The ABC4Trust Project organized Track 3 “Identity management” and offered a panel featuring a variety of current applications of Privacy-ABC. The workshop targeted everyone that wants to implement privacy-preserving identity management. The panel demonstrated that usable and trustworthy identity management systems are technically possible and in several cases already a working reality. In the track the following presentations were covered:
General technology presentation of ABCs in ABC4Trust
(Dr. Gregory Neven, IBM)
Privacy respecting ICT innovations in education: electronic course evaluations in higher education and beyond
(Prof. Yannis Stamatiou, Computer Technology Institute and Press)
Restrictive download of documents from cloud storage in FI-Ware
(Robert Seidl, Nokia Solutions and Networks)
Performance of privacy-enhancing cryptography on smartphones
(Dr. Jan Hajny, Brno University of Technology)
Information security supporting data protection
(Dr. Rodica Tirtea, ENISA)
Major questions and discussions in the panel:
What would be some interesting examples of Privacy-ABCs applications?
Apart from the pilots of ABC4Trust that deal with privacy-friendly online course evaluation and privacy-friendly school community platform, one could consider e-government polls, age verification and public transportation ticketing to be very relevant problems that can be addressed using Privacy-ABCs.
There are so many cryptographic solutions to deal with privacy problems. Why to use ABC4Trust framework and not any other one?
ABC4Trust framework is defined in a generic way based on the identified features that are required from Privacy-ABCs. Therefore it gives the opportunity to any crypto provider to implement the specified interfaces and therefore be pluggable to the framework. ABC4Trust is not limited to any specific technology and it also helps to avoid a lock-in situation.
One of the major blocking factors in front of adoption of Privacy-ABCs concerns the application developers not being familiar with the crypto. What can be done in this regard?
The ABC4Trust project has provided a crypto-agnostic API set to Privacy-ACBs, which relieves the burden of complicated crypto. The reference implementation of ABC4Trust is publicly available on Github along with documentations and integration examples for the developers.
How is it possible to convey the properties of Privacy-ABCs to the end users?
Indeed a certain level of trust is needed for the ecosystem to work. Trust in the crypto, trust in the correct implementation of the crypto and trust in the correct deployment of the system are the minimum requirements. Perhaps there should be some consumer protection or verification agencies to help with gaining the trust of the end users in the system and the promised features.