Identity and Access Management Architectures with a Focus on User Initiative

Background

Security and privacy issues in identity-related data management play an essential role in cloud computing. In particular, it is very important to define the right means for managing such data based on policies in order to comply with privacy-related standards and regulations. As a consequence, the identity management market—or identity and access management (IAM) market—is forecasted to grow from nearly $2.6 billion in 2006 to more than $12.3 billion in 2014 (including revenues from both products and implementation services) (Forrester, 2007). The cloud computing market which stood at $36 billion in 2008 is expected to reach $160.2 billion by 2015. Market growth is fuelled by the ease of information access made possible by the cloud (WinterGreen Research, Inc, 2009). The area of identity management has been addressed as part of the Seoul Declaration of the Future of the Internet Economy (2008/06) (OECD, 2008) and US President’s Cyberspace Policy review (Whitehouse, 2009).

However, despite the fact that legal systems regarding privacy protection and personal information distribution, such as the OECD’s Eight Principles (OECD, 1980), have been progressing on a global scale and the fact that most entities openly declare their privacy policies, the majority of users tend to just click the “I Agree” button without understanding the underlying details. Even though such policies are posted on websites where users can easily access them, the details are often too difficult for general users to comprehend and many contain technical jargon.

Therefore, we have developed the “Privacy Policy Matching Engine” as a component of the Identity and Access Management Architectures. The Privacy Policy Matching Engine enables users to provide their data as intended according to one’s own policies.