Identity on the Web

Just a heads up that according to this morning’s feeds, Ann Cavoukian, Ontario’s Information and Privacy Commissioner will be making a major statement on Wednesday about mandating web identity protection.

Cavoukian will hold a news conference in Toronto on Wednesday to outline what could, and should, be done to foster the development of a universal identity system.

Watch this post: we’ll give you the details as soon as they’re available.


  1. “She will be joined by two senior Microsoft executives from the United States at the news conference, which will kick off the International Association of Privacy Professionals’ annual conference.”

    Any thoughts on why Microsoft is involved? Should I feel more secure with the evil empire protecting my personal & private information?

  2. The conference is at the Harbour Castle on Wednesday at 10:

    Dr. Cavoukian is releasing her paper entitled 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age. The paper identifies a clear correlation between the internationally accepted 7 Laws of Identity, developed by Microsoft’s Kim Cameron, and how each “law” can be directly linked to well-established privacy principles.

    Scepticism from IT World:

    At least one e-commerce expert believes that such a universal ID system would be difficult to set up because of potential disagreements between the various technology companies that would need to get involved.

    Each of these companies – vying for a piece of the action – would want to have their standards adopted by the industry, said Tim Richardson, professor of e-commerce, marketing and international business at the Seneca College and instructor at the University of Toronto. “On-line fraud is certainly an impediment, but I think a universal identity system will be difficult to deploy.”

    Richardson, an author of e-commerce books and former executive director of the Canada-Japan Trade Council, said Microsoft has been working on developing such an ID system as well as an on-line payment scheme referred to in the industry as Microsoft dollars.

    “These systems will require standards. The difficulty is in determining whose standards will prevail, there are just too many players jostling for position on this field.”

    But if it can be pulled off, Richardson said a universal ID system, with beefed-up security features for protecting personal data, certainly has the potential to reduce on-line fraud.

    “[It’s] a step in the right direction. Canada has in fact made some headway in similar areas such as biometric controls on passports,” he said.

    With the phenomenal growth of e-commerce, online fraud has grown as well, Richardson said.

  3. The report from Redmond can now be downloaded at:

    It covers the following issues:

    * Basic Concepts and Definitions
    * Guidelines:
    o Scenario 1: Transferring PII to and from the Customer’s System

    o Scenario 2: Storing PII on the Customer’s System

    o Scenario 3: Transferring Anonymous Data from the Customer’s System

    o Scenario 4: Installing Software on a Customer’s System

    o Scenario 5: Deploying a Website

    o Scenario 6: Storing and Processing User Data at the Company

    o Scenario 7: Transferring User Data Outside the Company

    o Scenario 8: Interacting with Children

    o Scenario 9: Server Deployment

  4. Ann’s press release is at
    A summary brochure is at
    The full paper is at

    Media coverage is slow coming in, although the blogosphere is full of stuff on Redmond’s announcement.