Digital identity: Difference between revisions
m (using an external editor) |
m (using an external editor) |
||
Line 19: | Line 19: | ||
== Issues == | == Issues == | ||
Digital identity is related to many issues. | Digital identity is related to many issues. Below are a few: | ||
=== Digital identifiers === | === Digital identifiers === | ||
Line 31: | Line 31: | ||
* The process of attempting to verify the digital identity of the sender of a communication such as a request to log in. | * The process of attempting to verify the digital identity of the sender of a communication such as a request to log in. | ||
=== Identity as "being there" === | === Identity as "being there" and "being perceived" === | ||
See [[online identity]] for a short definition of what a on-line social identity can be. | When humans engage in online activities they are at least partly "there". This is particularly true in [[virtual environment]]s, [[social network]]s and various [[groupware]]. Role play may differ a lot. Identity is also about how a person is perceived by a community. See [[online identity]] for a short definition of what a on-line social identity can be. | ||
=== Data portability === | |||
How can we reuse data accross applications, e.g. social networks, data, texts ? According to the [http://www.dataportability.org/ DataPortability Project], {{quotation|Data portability is the ability for people to reuse their data across interoperable applications. The DataPortability Project works to advance this vision by identifying, contextualizing and promoting efforts in the space. | |||
== Technology == | == Technology == | ||
Line 41: | Line 45: | ||
The essential question is how you can tell "Who am I" to a given website. | The essential question is how you can tell "Who am I" to a given website. | ||
[http://openid.net/ OpenID] is an open, decentralized, free framework for user-centric digital identity. The first piece of the OpenID framework is authentication -- how you prove ownership of a URI. Your username is your URI, and your password (or other credentials) stays safely stored on a OpenID Provider (can be your own). OpenID currently (2010) seems to be the most popular system. | |||
* See also the [[OpenID]] entry. | |||
* [http://www.microid.org/ MicroID - Small Decentralized Verifiable Identity].MicroID is a lightweight identity layer for the web, invented by Jeremie Miller (creator of Jabber). MicroID enables anyone to claim verifiable ownership over content hosted anywhere on the web (social networking sites, discussion forums, blogs, etc.). | * [http://www.microid.org/ MicroID - Small Decentralized Verifiable Identity].MicroID is a lightweight identity layer for the web, invented by Jeremie Miller (creator of Jabber). MicroID enables anyone to claim verifiable ownership over content hosted anywhere on the web (social networking sites, discussion forums, blogs, etc.). | ||
* [http://en.wikipedia.org/wiki/Light-Weight_Identity Light-Weight Identity] (LID). a set of protocols and software implementations created by Johannes Ernst of NetMesh Inc. for representing and using digital identities on the Internet in a light-weight manner, without relying on any central authority. Related to OpenID. | * [http://en.wikipedia.org/wiki/Light-Weight_Identity Light-Weight Identity] (LID). a set of protocols and software implementations created by Johannes Ernst of NetMesh Inc. for representing and using digital identities on the Internet in a light-weight manner, without relying on any central authority. Related to OpenID since the latter adopted the idea of using URL-based identities. | ||
* [http://en.wikipedia.org/wiki/Yadis Yadis] Yadis is an open initiative to build an interoperable lightweight discovery protocol for decentralized, user-centric digital identity and related purposes. Yadis aims to allow the capabilities of identities to be composed from an open-ended set of services, defined and/or implemented by many different parties. | * [http://en.wikipedia.org/wiki/Yadis Yadis] Yadis is an open initiative to build an interoperable lightweight discovery protocol for decentralized, user-centric digital identity and related purposes. Yadis aims to allow the capabilities of identities to be composed from an open-ended set of services, defined and/or implemented by many different parties. It supports services like OpenID, OAuth and XDI. | ||
* [http://en.wikipedia.org/wiki/Extensible_Resource_Identifier XRI] is a fairly abstract concept for defining various identity schemes like i-cards, i-numbers and OpenID. | * [http://en.wikipedia.org/wiki/Extensible_Resource_Identifier XRI] is a fairly abstract concept for defining various identity schemes like i-cards, i-numbers and OpenID. | ||
* [http://en.wikipedia.org/wiki/Higgins_project Higgins] {{quotation|is an open source framework that enables users and other systems to integrate identity, profile, and relationship information across multiple heterogeneous systems. Higgins unifies all identity interactions (regardless of protocol/format) under a common user interface metaphor called i-cards.}} (Wikipedia, retrieved 17: | * [http://en.wikipedia.org/wiki/Higgins_project Higgins] {{quotation|is an open source framework that enables users and other systems to integrate identity, profile, and relationship information across multiple heterogeneous systems. Higgins unifies all identity interactions (regardless of protocol/format) under a common user interface metaphor called i-cards.}} (Wikipedia, retrieved 17:58, 22 February 2010 (UTC)). [http://en.wikipedia.org/wiki/I-card i-cards] and the (same) [http://en.wikipedia.org/wiki/Information_card information cards], passwords and OpenIDs are part of the Higgins data model. | ||
See also: [[single sign-on]] | See also: [[single sign-on]] | ||
=== Light-weight resource sharing === | |||
'''OAuth''' is a {{an open protocol that allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their username and password. OAuth allows users to hand out tokens instead of usernames and passwords to their data hosted by a given service provider. Each token grants access to a specific site (e.g. a video editing site) for specific resources (e.g. just videos from a specific album) and for a defined duration (e.g. the next 2 hours).}} ([http://en.wikipedia.org/wiki/OAuth Wikipedia], retrieved 17:58, 22 February 2010 (UTC)). | |||
OAuth can be considered a complementary service to OpenID. | |||
=== More heavy systems === | === More heavy systems === |
Revision as of 18:58, 22 February 2010
Definition
WARNING: This is really just a stub !!
- “Digital identity refers to the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things.” (Wikipedia, retrieved 12 April 2007). Key issues of digital identity are:
- Identity attributes: How can we define "identity" through identity attributes of entity ? E.g. a human may identified through iris scanning, by showing a passport, by user names and passwords, etc.
- Authentication is a related question: How can an entity prove is identity to another identity ? E.g. a computer user will prove its identity to the computer by providing a login name and a matching password.
- Views: What kinds of views does an entity grant to its observer ? E.g. a Facebook user may allow or not allow categories of other users to see its profile.
See also:
- single sign-on
- online identity, an entry that deals with social identities that users establish in online communities or as a person "being" present on the Internet.
- Technical definition
- “The electronic representation of a real-world entity. The term is usually taken to mean the online equivalent of an individual human being, which participates in electronic transactions on behalf of the person in question. However a broader definition also assigns digital identities to organizations, companies and even individual electronic devices. Various complex questions of privacy, ownership and security surround the issue of digital identity.” (Loosely coupled, retrieved 12:36, 12 April 2007 (MEST)).
Issues
Digital identity is related to many issues. Below are a few:
Digital identifiers
Providing digital identifiers to users and things in a local context is fairly easy. Since there is a single user/password database each user can be given a different user name.
On the global Internet and even on smaller wide area networks (like the Swiss university system) digital identifiers are more difficult to agree upon.
Authentication
- The process of attempting to verify the digital identity of the sender of a communication such as a request to log in.
Identity as "being there" and "being perceived"
When humans engage in online activities they are at least partly "there". This is particularly true in virtual environments, social networks and various groupware. Role play may differ a lot. Identity is also about how a person is perceived by a community. See online identity for a short definition of what a on-line social identity can be.
Data portability
How can we reuse data accross applications, e.g. social networks, data, texts ? According to the DataPortability Project, {{quotation|Data portability is the ability for people to reuse their data across interoperable applications. The DataPortability Project works to advance this vision by identifying, contextualizing and promoting efforts in the space.
Technology
Light-weight protocols and systems for identification on the Web
The essential question is how you can tell "Who am I" to a given website.
OpenID is an open, decentralized, free framework for user-centric digital identity. The first piece of the OpenID framework is authentication -- how you prove ownership of a URI. Your username is your URI, and your password (or other credentials) stays safely stored on a OpenID Provider (can be your own). OpenID currently (2010) seems to be the most popular system.
- See also the OpenID entry.
- MicroID - Small Decentralized Verifiable Identity.MicroID is a lightweight identity layer for the web, invented by Jeremie Miller (creator of Jabber). MicroID enables anyone to claim verifiable ownership over content hosted anywhere on the web (social networking sites, discussion forums, blogs, etc.).
- Light-Weight Identity (LID). a set of protocols and software implementations created by Johannes Ernst of NetMesh Inc. for representing and using digital identities on the Internet in a light-weight manner, without relying on any central authority. Related to OpenID since the latter adopted the idea of using URL-based identities.
- Yadis Yadis is an open initiative to build an interoperable lightweight discovery protocol for decentralized, user-centric digital identity and related purposes. Yadis aims to allow the capabilities of identities to be composed from an open-ended set of services, defined and/or implemented by many different parties. It supports services like OpenID, OAuth and XDI.
- XRI is a fairly abstract concept for defining various identity schemes like i-cards, i-numbers and OpenID.
- Higgins “is an open source framework that enables users and other systems to integrate identity, profile, and relationship information across multiple heterogeneous systems. Higgins unifies all identity interactions (regardless of protocol/format) under a common user interface metaphor called i-cards.” (Wikipedia, retrieved 17:58, 22 February 2010 (UTC)). i-cards and the (same) information cards, passwords and OpenIDs are part of the Higgins data model.
See also: single sign-on
Light-weight resource sharing
OAuth is a {{an open protocol that allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their username and password. OAuth allows users to hand out tokens instead of usernames and passwords to their data hosted by a given service provider. Each token grants access to a specific site (e.g. a video editing site) for specific resources (e.g. just videos from a specific album) and for a defined duration (e.g. the next 2 hours).}} (Wikipedia, retrieved 17:58, 22 February 2010 (UTC)).
OAuth can be considered a complementary service to OpenID.
More heavy systems
- Shibboleth.an architecture and open-source implementation for federated identity-based authentication and authorization infrastructure based on SAML.
- E.g. adopted by the Swiss University Network
- LDAP. The most popular organizational solution (Microsoft, Linux, Solaris, Novell, all support this in one or another way. Sometimes LDAP is the default way to manage users, sometimes it's an option ...). Often, institutions adopt an LDAP server to authenticate users for various internet applications (e.g. an LMS), to manage access to central systems and to manage the email and phone directory. So it's a kind of all-in-one solution.
Links
Some technology links
- Public-key cryptography (Wikipedia)
- OpenID (Wikipedia)
- Higgins Open Source Identity Framework