Towards accountable management of identity and privacy: sticky policies and enforceable tracing services

Digital identities and profiles are precious assets. On one hand they enable users to engage in transactions and interactions on the Internet. On the other hand, abuses and leakages of this information could violate the privacy of their owners, sometimes with serious consequences. Nowadays most of the people have limited understanding of security and privacy policies when applied to their confidential information and little control over the destiny of this information since it has been disclosed to third parties. In most cases this is a matter of trust. This document describes an innovative approach and related mechanisms to enforce users' privacy by putting users in control and making organizations more accountable. As part of our ongoing research activity, we introduce a technical solution based on sticky policies and tracing services that leverages identity-based encryption (IBE) and TCPA technologies. Work is in progress to build a full working prototype and deploy it in a real-life environment.