Recently, I spent quite some time working with 2 esteemed colleagues, Susan Landau and Robin Wilton, on a paper we submitted at Financial Cryptography and Data Security 2009. The paper’s title is Achieving Privacy in a Federated Identity Management System and I’m happy to report we have been accepted (Yay!).

One of the concept we develop in this paper is one I call Privacy in depth, where, in a parallel to security in depth, privacy must no longer be handled within the realm of a single site (where the data resides). Instead, privacy must be dealt with from a global perspective. This means both in time (when is data released? for how long? how many times has it been used?) and space (who uses it? and for what purpose?).

I really like this term since I think it accurately describes an evolution that will have to happen before we lose total confidence in the web’s ability to preserve what’s left of our privacy. I’ll post the paper whenever (if) possible.