Maximal Data, Minimal Disclosure
Millions of Europeans have currently eID card issued by the government, which theoretically enables age verification in a privacy aware manner, without revealing exact birthday or the other attributes such as name or address. eID owner, however, has to trust that the “age verification” agent, or service operator, actually complies with data protection and privacy legislation. There are also solutions belonging to so called privacy enhancing/preserving technologies, such as minimal disclosure tokens, crypto mechanisms to perform data minimization on access control data. The new generation of eID cards, such as the German nPA, is using this type of technology to produce “over 18” attribute right on the card. Service provider will only obtain access rights to a binary inquiry function for exactly this purpose (age verification). Minimal disclosure tokens are sometimes also referred as anonymity credentials or privacy-enhancing attribute-based credentials, and there are already open source implementations of this solution.
There are many emerging cyber-physical access control scenarios that will presumably be integrated in “smart-everything”. Unlocking “Smart rent-a-car” at the airport with your eID, previously used in an online reservation, will save you some waiting time. Automated border controls are also becoming kind of cyber-physical access control solutions widely accepted by passengers at different airports worldwide.
The most of the physical access control systems still uses identity based access control model, although there are emerging approaches based on a role-based access control (RBAC) model, predominant in today’s IT systems. However, the emergence of cloud is putting emphasis on Attribute Based Access Control (ABAC) model. According to Gartner, 70% of all business will switch to this access control model by 2020. Standardization organizations, such as NIST, have published a guide to ABAC in 2013, while industry leaders such as Microsoft, that calls this model Claim Based Access Control (CBAC), is including it in Windows 2012 server edition, under the name Dynamic Access Control. Research organizations are working on the further improvements, as the already mentioned privacy-preserving ABAC.
Once you actually think about them, identity attributes are everywhere. Public administration registries, online profiles at service providers, mobile device context data etc. Physical geo-location, for example, is an attribute easy to get and easy to use, increasingly as the fourth “where you are” factor in multi-factor authentication. The QR code presented near the login prompt is also proposed as a solution, in so called “squirrel” systems.
So, what is the next big (data) thing?
The 20th century bouncer at the door of a disco club had to make really dynamic access control decisions, based on the age verification, but also reputation (blacklist of violent visitors, usually stored in his head) and the subjective verification of sobriety state at the moment of access. This is where Big Data (BD) enabled ABAC might come into the picture. It could deliver attributes on person’s reputation, recommendations or even the actual conditions, and could convert this doorman into “Smart Bouncer” of the 21st century. Is this getting too scary?
Similar to the public cloud provision models, the “disco clouds” usually do not know in advance who their users are. Emerging cloud services put personalization and contextualization high on the priority list, so the fine grain access control is a must. Again, the same thing in cyber-physical world, where imaginary “disco cloud” has several personalized areas and configurable payment schemes. A step further is “Smart Stadium” scenario. In 2010, there was already a pilot with the Belgian electronic identity card (eID) and a service of the online purchase of football tickets. The users had the option 'save the ticket on your eID', actually a link to an electronic ticket created in the database. Attributes similar to “disco cloud” could be also used here, in addition to “local” and “visitor” attributes, verified in order to separate supporters.
Is this multi-factor, attribute-savvy, BD-enabled ABAC, actually leading towards “maximal” disclosure, as opposed to the whole principle of “minimal disclosure token”? Big Data Value public-private partnership, or the project PRIPARE (PReparing Industry to Privacy-by-design by supporting its Application in Research), among other initiatives, are addressing this discussion.