Security and Law Book contents
- Frontmatter
- Contents
- List of Contributors
- Chapter 1 Introduction: Security and Law in a Digitizing World
- Chapter 2 Safety, Security and Ethics
- Chapter 3 National and Public Security within and beyond the Police Directive
- Chapter 4 Criminal Profiling and Non-Discrimination: On Firm Grounds for the Digital Era?
- Chapter 5 Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice
- Chapter 6 Protecting Human Rights through a Global Encryption Provision
- Chapter 7 Identity Management and Security
- Chapter 8 Towards an Obligation to Secure Connected and Automated Vehicles “by Design”?
- Chapter 9 The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective
- Chapter 10 The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges and Ways Forward
- Chapter 11 Promoting Coherence in the EU Cybersecurity Strategy
- Chapter 12 Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP)
- Chapter 13 International (Cyber)security of the Global Aviation Critical Infrastructure as a Community Interest
- Cumulative Bibliography
- Miscellaneous Endmatter
Chapter 7 - Identity Management and Security
Published online by Cambridge University Press: 23 January 2020
- Frontmatter
- Contents
- List of Contributors
- Chapter 1 Introduction: Security and Law in a Digitizing World
- Chapter 2 Safety, Security and Ethics
- Chapter 3 National and Public Security within and beyond the Police Directive
- Chapter 4 Criminal Profiling and Non-Discrimination: On Firm Grounds for the Digital Era?
- Chapter 5 Operationalization of Information Security through Compliance with Directive 2016/680 in Law Enforcement Technology and Practice
- Chapter 6 Protecting Human Rights through a Global Encryption Provision
- Chapter 7 Identity Management and Security
- Chapter 8 Towards an Obligation to Secure Connected and Automated Vehicles “by Design”?
- Chapter 9 The Cybersecurity Requirements for Operators of Essential Services under the NIS Directive – An Analysis of Potential Liability Issues from an EU, German and UK Perspective
- Chapter 10 The ‘by Design’ Turn in EU Cybersecurity Law: Emergence, Challenges and Ways Forward
- Chapter 11 Promoting Coherence in the EU Cybersecurity Strategy
- Chapter 12 Challenges of the Cyber Sanctions Regime under the Common Foreign and Security Policy (CFSP)
- Chapter 13 International (Cyber)security of the Global Aviation Critical Infrastructure as a Community Interest
- Cumulative Bibliography
- Miscellaneous Endmatter
Summary
INTRODUCTION
“Identity management (or IdM for short), consists of the processes and all underlying technologies for the creation, management, and usage of digital identities.”
The relation of identity management to security is two-fold, since identity (and access) management systems are a security measure, which can in principle be for physical security (e.g. access to specific areas upon authentication) as well as for cybersecurity (e.g. access to data bases). This security measure is only useful if the identity management system itself is secure, which needs to be ensured by different parties. As the focus of this chapter is on the user security requirements for online identity management systems, especially national public electronic identity schemes, the relevant area of security addressed in this chapter is cyber security.
This chapter introduces the reader to identity management and shows the different legal requirements the users, such as citizens using governmental electronic identification means, might have to comply with. The main research problem to be discussed is whether identity management users can and should be able to comply with these requirements. The research is based upon an analysis of literature, legislation of Belgium, Germany and Estonia, and various statements of terms and conditions of different electronic identification schemes to identify different types of obligations for users. However, this is not intended to be a positivist analysis of all possible requirements that exist, but to show that various requirements exist and to question the applicability of certain requirements for users, based upon the analysis of risk regulation regimes and cultures by Renaud et al.
The chapter is structured as follows. First, an explanation of basic concepts of identity management is given. In the second part examples of different identity management systems are provided and obligations on users will be analysed in the third part. Finally, based on the analysis of risk regulation regimes and cultures by Renaud et al., the concept of reasonable care and the possibility of security by design are taken into account as potential influential factors.
WHAT IS IDENTITY MANAGEMENT?
A main function of identity management systems is to make it possible to authenticate entities online, since on the internet no general system to authenticate entities exists. Authentication is related to identification but nonetheless different. In simple terms, identification serves to identify a person, answering the question ‘who are you?’.
- Type
- Chapter
- Information
- Security and LawLegal and Ethical Aspects of Public Security, Cyber Security and Critical Infrastructure Security, pp. 161 - 182Publisher: IntersentiaPrint publication year: 2019