This document provides an overview of digital identity concepts from a workshop presented by Kaliya "Identity Woman" Young. The summary includes:
1) Young discusses key concepts around digital identity including enrollment, attributes, identifiers, authentication, authorization, and user-centric/self-sovereign identity models.
2) Contexts for digital identity are explored including enterprises, government systems, and commons-based approaches.
3) Challenges with achieving user-centric digital identity are that it is a complex problem involving technology, legal, social, and business issues and requires changes to existing systems and behaviors.
4) Resources on digital identity properties and design principles are provided to help understand the challenges in building
2. Internet
Identity
Workshop
Co-Founded in 2005
Born in Vancouver
Played Water Polo
UC Berkeley
Planetwork
Identity Commons
Identity Gang
Canada
Founded
in 2010 ECOSYSTEM
CONSORTIUM
PERSONAL
DATA
Today Independent
Identity Consulting
Who is
3. 1. Big Picture - What is Identity?
2. Digital Identity - Key Terms
3. ID in Context of Society
Enterprise, Government, Commons
4. User-Centric/Self-Sovereign Identity
5. Spectrum of Identity
6. Big Picture - ID Resources
7. Questions and Answers
Outline
5. Who I am
Who I present
myself to be
How I am seen
In a
given
context
6. Contexts Roles (Persona)
Family
Parent, Child
Brother, Sister
Religious Life
Hobbies
Professional Work
Congregant
Religious Leader
Creator, Maker
Teacher
Employee, Employer
Contractor
Professionally Licensed
7.
8. Atoms
Bits
Easy to move physically
between contexts.
To Present Different Selves
Movement Between Different Contexts
Requires Different
Non-Correlated Identifiers
14. Proofing / Verification
Triangulation
Identity Proofing or Verification: The processes used to
check the veracity of identity claims about a person. This is
often done in an enrollment process.
15. Attributes Claims
Attributes and Claims can be both self asserted by a
person or ascribed to a person by an institution.
Identifier
Identifies are pointers at people.
Within institutional or network systems these are often
numbers that point particular people.
16. Identifiers Claims
Single String Pairs
Identifiers link things together
and enable correlation.
They can be endpoints on the
internet.
A claim is by one party about
another or itself.
It does not have to be linked to
an identifier.
Proving you are over 18 for
example and not giving your
real name.
17. Directed Identifier
These is a types of identifies enable individuals to
use different identifiers for different contexts.
The BC Citizen Services card is “one card” but
when one uses it in a Healthcare content it has a
different identifier then when used within the
context of a drivers license. So the identifier is
“directed” and only used in one context.
18. Network End-Point Identifier
Identifiers that are also Network End-Points include
Phone numbers
e-mail addresses
Authentication can be performed with the end-point.
That is you can prove you are in position of the end-
point with a challenge - such as a being sent code to a
phone and then entering it into the site asking to confirm
that you are in control of it.
19. Authentication
AuthN
What you Know
(A Password, OneTime Password)
What you Have (A Credential)
What you Are (Biometric)
Emerging: What you Do (Behavior)
20. Multi-Factor Authentication
MFA
What you Have (a bank card)
and What you know (The PIN #)
What you Know (Password
and What you Are (A Biometric shared at Enrollment)
Using more then one form of Authentication.
21. Authorization
AuthZ
This is very different then Authentication which is just
checking that an individual is the same one who
presented themselves with the credentials before.
What are you permitted (authorized) to do in a system?
29. Citizen Identity
The power relationship between the citizen /
subject and government entities is NOT the same
as the power relationship between the employer
and their employee.
The systems used for enterprise identity
management CAN NOT be picked up and
plopped down on citizen <—> government identity
management contexts. It has to work differently.
Enterprise provisioning and termination is clearly not
the same as the government issuance of a birth
certificate and death certificate.
33. The Identity Dog
Represents 2 things:
* Freedom to be who you want to be
* Freedom to share more specific
info about yourself that is validated
User-Centric / Self-Sovereign Identity
50. How do people “get”
User Centric Digital Identity today?
Google profiles
Yahoo! profiles
Facebook
LinkedIn
Hack it together with handles from web mail providers
or on a service like Twitter
Challenge with e-mail addresses as identities
the communications token is the “ID”
User-Centric / Self-Sovereign Identity
51. What are our rights in these commercial
spaces governed by Terms of Service?
How are we “citizens” in private space?
In physical life we have protection of our
physical self - people will be prosecuted for
harming us. What is the equivalent in online
spaces?
Freedom to not be “erased” under TOS
User-Centric / Self-Sovereign Identity
52. Identifier side:
Own their own
domain name.
Have a blog?
Run an openID server?
Claims based side:
Almost impossible.
Little relying party adoption
(Places where 3rd party
or self generated claims
will be accepted)
Little client side app adoption
How do people “get”
User Centric Digtial Identity?
User-Centric / Self-Sovereign Identity
53. Identifier side: Claims based side:
Emerging Today: How do people “get”
Self-Sovereign Digital Identity today?
User-Centric / Self-Sovereign Identity
Proposed:
Distributed IDentity -> DID
Distributed Ledger Technology
Emerging Networks
for their Exchange
ID/DataWeb
W3C: Verified Claims
Working Group
Personal Data Banks / Stores / Vaults / etc….
54. What is the context for people gathering?
“We’re trying to build a social
layer for everything.”
- Mark Zuckerburg
User-Centric / Self-Sovereign Identity
56. Freedom to group and cluster outside commercial silos
& business contexts.
Freedom of
Movement and Assembly
User-Centric / Self-Sovereign Identity
57. •Freedom to Aggregate
•Freedom to Disaggregate
•Freedom to not be “erased” under TOS
•Freedom of Movement and Assembly
•Freedom to Peer-to-Peer link & the
Freedom to determine if the link is seen
by others
•Custodianship is Possible
User Centric Digital Identity is the:
User-Centric / Self-Sovereign Identity
58. Isn’t just a technical problem
TECHNOLOGY
LEGAL
SOCIAL BUSINESS?
User-Centric / Self-Sovereign Identity
59. Why have we have yet to succeed?
It is a REALLY hard problem set to solve for,
User Centric Digital Identity that is:
1. open standards based
2. the scale of the internet + other digital systems
3. that people find usable
4. that they understand
5. that is secure
6. it requires emergence of new social behavior
7. and changes business models & norms
User-Centric / Self-Sovereign Identity
60. Why have we have yet to succeed?
It is a REALLY hard problem set to solve for,
User Centric Digital Identity that is:
1. open standards based
2. the scale of the internet + other digital systems
3. that people find usable
4. that they understand
5. that is secure
6. it requires emergence of new social behavior
7. and changes business models & norms
User-Centric / Self-Sovereign Identity
CAUSE IT IS
REALLY HARD…
61. We are still working on making the vision real
The Internet Identity Workshop Continues
& New Efforts that Complement
* Rebooting Web of Trust * Personal Data Ecosystem
* Re-Decentralize * Personal Data 2016 …
Many protocols emerging - OpenID, OAuth, SCIM,
Frameworks To Believe Veracity Exchange of
Attributes and Identifiers
User-Centric / Self-Sovereign Identity
68. ?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
✓
Pseudonymous
?
✓
Verified
Anonymity
Over 18 years
Woman Voter
CA Congressional
District 9
Ms.Sue Donna
DOB = 1/21/1982
1823 6th Ave.
Alameda, CA
74. Identity is social.
Identity is subjective.
Identity is valuable.
Identity is referential.
Identity is composite.
Identity is consequential.
Identity is dynamic.
Identity is contextual.
Identity is equivocal.
OECD Paper At a Crossroads: "Personhood” and the Digital Identity in the Information Society
Properties of Identity
75. 1. User Control and Consent
2. Limited Disclosure for Limited Use
3. The Law of Fewest Parties
4. Directed Identity
5. Pluralism of Operators and Technologies
6. Human Integration
7. Consistent Experience Across Contexts
by Kim Cameron - https://www.identityblog.com/?p=354
Laws of Identity