Personally Identifiable Information (PII) and User Anonymity

 

Every system and application in Federal Government must adhere to the OMB memorandum M-04-04 and protect PII. One option that claims-based applications can give you is user anonymity. Remember that your application no longer directly authenticates the users but instead relies on an issuer to do that and to make claims about them. If user anonymity is a feature you want, simply do not ask for any claim that personally identifies the user. For example, maybe all you really need is a set of roles to authorize the user’s actions, but you don’t need to know the user’s name. You can do that with claims-based identity by only asking for role claims. Some issuers (such as ADFS) support the idea of private user identifiers, which allows you to get a unique, anonymous identifier for a user without any personal information (such as a name or e-mail address).

Claim-based identity gives the organization a lot of power over the control of Personally Identifiable Information (PII) and adherence to the Federal mandates.

 

Technorati Tags: PII,PKI,ADFS,Claims,OMB,Anonymity