Anonymous Browsing Use Case
Status: Proposed This Use Case is under development by members of the use cases ad hoc group.
Title: Option Not to Track
Use Case Description: A human user interacts with their Identity Provider to instruct the IdP that it is not to track the relying parties to which the IdP issues assertions.
Use Case Category: Privacy
Contributor: Adam Lewis - Individual - Unaffiliated
Use Case Details
Actors:
- Actor:Human User – wants to obtain access to the web resource
- Actor:Identity Provider – performs primary authentication of the claimant using credentials
- Actor:Relying Party – wants to have some level of assurance about the identity of the claimant
Goals / User Stories:
The human user is able to maintain privacy and avoid a single IdP from becoming an all-knowing source of tracking all web activities of a user. The IdP may choose to keep a record of assertions, but it must present the user with the option to not keep such records.
Assumptions: It is assumed that the human user has an account with an Identity Provider.
Requirements:
- The Identity Provider must present the human user with an adminstrative option to enable the user to specifiy that it does not want the Identity Provider to retain a record of the web sites that the user visits.
- If an IdP has previously been keeping records of assertions / web sites visited, then choosing to stop tracking must present the user with the option to delete all stored records from before that time.
Process Flow:
Success Scenario:
The user is able to obtain identity assertions from the IdP without the sites they visit being tracked.
Error Conditions:
Relationships
Extended by:
References and Citations