What user-controlled identity management should learn from communities

To enable trustworthy privacy, identity management has to be user-controlled, i.e. each user administrates his/her partial identities being supported by an identity management system running on his/her machines under his/her control. Past work on user-controlled identity management focused on isolated users administrating their partial identities mainly used towards organizations, e.g., shops, public administrations and the like. But users intensively interact with other users as well. Additionally, these interactions are not only direct, but indirect, too, as, e.g., within communities. A universally usable identity management meta-system (IMMS) will have to be able to handle and combine all interactions possible. For the sake of privacy, users interacting with organizations might minimize the personal information transmitted in the context of AAA (authentication, authorization, and accounting) without losing functionality. But users interacting with other users, in particular within a community, have to share additional supportive information, e.g., awareness information. Otherwise, neither a community nor team spirit will develop. Balancing privacy and functionality in communities is a current research question. Therefore, an IMMS has to be flexible enough to incorporate new knowledge and demands as they develop. © 2006 Elsevier Ltd. All rights reserved.