Identity 101: Boot Camp for Identity North 2016

Identity 101
Boot Camp
Identity North
June 15th, 2016
Toronto
Kaliya “Identity Woman”

Internet
Identity
Workshop
Co-Founded in 2005
Born in Vancouver
Played Water Polo
UC Berkeley
Planetwork
Identity Commons
Identity Gang
Canada
Founded
in 2010 ECOSYSTEM
CONSORTIUM
PERSONAL
DATA
Today Independent
Identity Consulting
Who is

1. Big Picture - What is Identity?
2. Digital Identity - Key Terms
3. ID in Context of Society
Enterprise, Government, Commons
4. User-Centric/Self-Sovereign Identity
5. Spectrum of Identity
6. Big Picture - ID Resources
7. Questions and Answers
Outline

Identity is
socially constructed
and contextual.

Who I am
Who I present
myself to be
How I am seen
In a
given
context

Contexts Roles (Persona)
Family
Parent, Child
Brother, Sister
Religious Life
Hobbies
Professional Work
Congregant
Religious Leader
Creator, Maker
Teacher
Employee, Employer
Contractor
Professionally Licensed

Atoms
Bits
Easy to move physically
between contexts.
To Present Different Selves
Movement Between Different Contexts
Requires Different
Non-Correlated Identiﬁers

Persona 1 Persona 2
Context 1 Context 2

Understanding Key
Digital Identity Terms
Enrollment
Proofing/Verification
Attributes/Claims
Identifiers - Directed, End-Points
Credentials
Authentication - AuthN
Multi-Factor Authentication - MFA
Authorization - AuthZ

Enrollment
Technology Thing
Process
Policy
Procedures
&
Enrollment: The processes that an institution/
organization uses to ‘onboard”and create an
identity for a particular individual.
Enrollment —> Credential Issuance

Proofing / Verification
Triangulation
Identity Proofing or Verification: The processes used to
check the veracity of identity claims about a person. This is
often done in an enrollment process.

Attributes Claims
Attributes and Claims can be both self asserted by a
person or ascribed to a person by an institution.
Identiﬁer
Identiﬁes are pointers at people.
Within institutional or network systems these are often
numbers that point particular people.

Identifiers Claims
Single String Pairs
Identifiers link things together
and enable correlation.
They can be endpoints on the
internet.
A claim is by one party about
another or itself.
It does not have to be linked to
an identifier.
Proving you are over 18 for
example and not giving your
real name.

Directed Identifier
These is a types of identifies enable individuals to
use different identifiers for different contexts.
The BC Citizen Services card is “one card” but
when one uses it in a Healthcare content it has a
different identifier then when used within the
context of a drivers license. So the identifier is
“directed” and only used in one context.

Network End-Point Identifier
Identifiers that are also Network End-Points include
Phone numbers
e-mail addresses
Authentication can be performed with the end-point.
That is you can prove you are in position of the end-
point with a challenge - such as a being sent code to a
phone and then entering it into the site asking to confirm
that you are in control of it.

Authentication
AuthN
What you Know
(A Password, OneTime Password)
What you Have (A Credential)
What you Are (Biometric)
Emerging: What you Do (Behavior)

Multi-Factor Authentication
MFA
What you Have (a bank card)
and What you know (The PIN #)
What you Know (Password
and What you Are (A Biometric shared at Enrollment)
Using more then one form of Authentication.

Authorization
AuthZ
This is very different then Authentication which is just
checking that an individual is the same one who
presented themselves with the credentials before.
What are you permitted (authorized) to do in a system?

Enterprise Mountains
ID in Context of Society

Employers
Have Employees
Enterprise Identity
Enterprise Single Sign On
Provisioning
[Power Relationship]

Employers
Have Employees Contractors
Business Partners
Enterprise Identity

Provisioning
Termination
Enterprise Identity
Access Control
Authorization - AuthZ
Roles
Attributes

Enterprise Identity
Customers
Enrollment
Claims/Attributes
But its Different…….
More on that later

Government FootHills

Civic Records
Citizen Identity
Birth
Death
Marriage
Divorce
Parent
Drivers License
Voting
Other Licensing
Health Care
Social Insurance
Taxation

Citizen Identity
The power relationship between the citizen /
subject and government entities is NOT the same
as the power relationship between the employer
and their employee.
The systems used for enterprise identity
management CAN NOT be picked up and
plopped down on citizen <—> government identity
management contexts. It has to work differently.
Enterprise provisioning and termination is clearly not
the same as the government issuance of a birth
certiﬁcate and death certiﬁcate.

Government FootHills
Valley of the Commons

Big Co.
Web 1.0 Web 2.0
User-Centric Identity
Self-Sovereign Identity
Valley of the Commons

User-Centric / Self-Sovereign Identity

The Identity Dog
Represents 2 things:
* Freedom to be who you want to be
* Freedom to share more speciﬁc
info about yourself that is validated

Freedom to Aggregate

X Freedom to Disaggregate

X
We are not all “vanilla”

Why James Chartrand  
Wears Women’s Underpants
http://www.copyblogger.com/james-chartrand-underpants/

Custodianship?
http://www.flickr.com/photos/seektan/2582803300/sizes/z/in/photostream/
Children
Elders

Custodianship?
http://www.flickr.com/photos/jeanlouis_zimmermann/8752148306/sizes/o/in/photostream/

How do people “get”
User Centric Digital Identity today?
Google proﬁles
Yahoo! proﬁles
Facebook
LinkedIn
Hack it together with handles from web mail providers
or on a service like Twitter
Challenge with e-mail addresses as identities
the communications token is the “ID”

What are our rights in these commercial
spaces governed by Terms of Service?

How are we “citizens” in private space?

In physical life we have protection of our
physical self - people will be prosecuted for
harming us. What is the equivalent in online
spaces?

Freedom to not be “erased” under TOS

Identiﬁer side:
Own their own
domain name.
Have a blog?
Run an openID server?
Claims based side:
Almost impossible.
Little relying party adoption
(Places where 3rd party
or self generated claims
will be accepted)
Little client side app adoption
How do people “get”
User Centric Digtial Identity?

Identiﬁer side: Claims based side:
Emerging Today: How do people “get”
Self-Sovereign Digital Identity today?
Proposed:
Distributed IDentity -> DID
Distributed Ledger Technology
Emerging Networks
for their Exchange
ID/DataWeb
W3C: Veriﬁed Claims
Working Group
Personal Data Banks / Stores / Vaults / etc….

What is the context for people gathering?
“We’re trying to build a social
layer for everything.”
- Mark Zuckerburg

Freedom to
Peer-to-Peer Link
Freedom to determine how
the link is seen by others

Freedom to group and cluster outside commercial silos
& business contexts.
Freedom of
Movement and Assembly

•Freedom to Aggregate
•Freedom to Disaggregate
•Freedom to not be “erased” under TOS
•Freedom of Movement and Assembly
•Freedom to Peer-to-Peer link & the
Freedom to determine if the link is seen
by others
•Custodianship is Possible
User Centric Digital Identity is the:

Isn’t just a technical problem
TECHNOLOGY
LEGAL
SOCIAL BUSINESS?

Why have we have yet to succeed?
It is a REALLY hard problem set to solve for,
User Centric Digital Identity that is:
1. open standards based

2. the scale of the internet + other digital systems

3. that people ﬁnd usable

4. that they understand

5. that is secure

6. it requires emergence of new social behavior

7. and changes business models & norms

Why have we have yet to succeed?
It is a REALLY hard problem set to solve for,
User Centric Digital Identity that is:
1. open standards based

2. the scale of the internet + other digital systems

3. that people ﬁnd usable

4. that they understand

5. that is secure

6. it requires emergence of new social behavior

7. and changes business models & norms
CAUSE IT IS
REALLY HARD…

We are still working on making the vision real
The Internet Identity Workshop Continues
& New Efforts that Complement
* Rebooting Web of Trust * Personal Data Ecosystem
* Re-Decentralize * Personal Data 2016 …
Many protocols emerging - OpenID, OAuth, SCIM,

Frameworks To Believe Veracity Exchange of
Attributes and Identiﬁers

?
Anonymous
?
?
? ?
Per-Post Per-Session
Anonymous

?
Anonymous
✓
Verified
✓ ✓ ✓
Verified
✓ ✓✓
Documentation In Person 
Verification
Biometric
Capture

?
Anonymous
One Site Multi-Site
Self-Asserted VerifiedSocially 
Validated
✓
Pseudonymous

?
Anonymous
One Site Multi-Site
Self-Asserted Socially 
Validated
Verified
✓
Pseudonymous
?
✓
Verified
Anonymity

?
Anonymous
One Site Multi-Site
Validated
Verified
✓
Pseudonymous
?
✓
Verified
Anonymity
Over 18 years
Woman Voter 
CA Congressional
District 9
Ms.Sue Donna
DOB = 1/21/1982
1823 6th Ave.  
Alameda, CA

?
Anonymous
One Site Multi-Site
Validated
Verified
✓
Pseudonymous

?
Anonymous
One Site Multi-Site
Validated
Verified
✓
Pseudonymous
http://www.identitywoman.net

?
Anonymous
One Site Multi-Site
Validated
Verified
✓
Pseudonymous
✓✓
Limited
Liability
Persona

Identity is social.
Identity is subjective.
Identity is valuable.
Identity is referential.
Identity is composite.
Identity is consequential.
Identity is dynamic.
Identity is contextual.
Identity is equivocal.
OECD Paper At a Crossroads: "Personhood” and the Digital Identity in the Information Society
Properties of Identity

1. User Control and Consent
2. Limited Disclosure for Limited Use
3. The Law of Fewest Parties
4. Directed Identity
5. Pluralism of Operators and Technologies
6. Human Integration
7. Consistent Experience Across Contexts
by Kim Cameron - https://www.identityblog.com/?p=354
Laws of Identity

Questions & Answers
Conclusion
Kaliya “Identity Woman” Young
kaliya [at] identitywoman.net

Identity 101: Boot Camp for Identity North 2016

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (11)

Ähnlich wie Identity 101: Boot Camp for Identity North 2016

Ähnlich wie Identity 101: Boot Camp for Identity North 2016 (20)

Mehr von Kaliya "Identity Woman" Young

Mehr von Kaliya "Identity Woman" Young (14)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Identity 101: Boot Camp for Identity North 2016