In telecommunications and computer networks, an identity network includes a plurality of service providers and an identity provider, forming what is sometimes called a circle of trust. A principal, which is a more generic term for a user, is a system entity whose identity can be authenticated. A principal may for instance be an individual user, a group of individuals, an organisational entity such as a corporation, or a network component. The identity provider is a system entity configured to manage the identity information on behalf of the principals. The identity provider can provide assertions of principal authentication to the service providers. Thus, when a principal wishes for instance to access the services offered by a service provider, the service provider can refer to the identity provider of the identity network for authentication of the principal prior to enabling the service offered by the service provider to be used by said principal.
For instance, the Liberty Alliance (http://www.projectliberty.org/ or Liberty Alliance Project c/o IEEE-ISTD, Piscataway, N.J., United States) has released a set of specifications disclosing frameworks for providing services in telecommunications and computer networks based on identity management. One of these specifications is the Identity Federation Framework (ID-FF) which defines methods for single sign-on authentication for a principal across a plurality of service providers. In other words, such framework enables the access by users to services provided across a computer network, such as the Internet, by authenticating once before accessing the services provided on multiple web sites.
A further specification or framework released by the Liberty Alliance is the Liberty Identity Web-Services Framework specification set or ID-WSF for short. In addition to the single sign-on services of the ID-FF, the ID-WSF enables some service providers to store attributes of a principal, wherein the attributes relate to the identity of the principal, and further enables retrieving some of these attributes by other service providers, also called consumers or web-service consumers (WSC).
In an identity network complying with the ID-WSF specification, when a service provider has some information or resources associated with a principal, the information or resources can potentially be shared with other service providers, subject to the principal's consent. In this exemplary identity network implementation, a discovery service may be used by service providers to register the identity resources associated with a principal so that other service providers, or WSCs, can discover and use them.
In this context, a principal should be able to control which resource stored on or provided by a service provider and associated with the principal can or cannot be shared or used by other service providers. Such control task is generally referred to, from a principal's perspective, as privacy management. In other words, the privacy is the proper handling of principal's information, consistent with the preference of the principal. Service providers are responsible for meeting the principal's privacy settings and preferences.
It is desirable to provide methods, physical entities and computer programs to enable users, or principals, to conveniently manage their privacy settings within an identity network, with in mind the need to reduce the operational burden on the principals.