Identity 2.0

Identity 2.0, also called digital identity, is the anticipated revolution of identity verification on the internet using emerging user-centric technologies such as Information Cards or OpenID. Identity 2.0 stems from the Web 2.0 theory of the world wide web transition. Its emphasis is a simple and open method of identity transactions similar to those in the physical world, such as driver's license. [cite web |url=http://soa.sys-con.com/node/173822 |title=Identity 1.x: Microsoft Live ID and Google Accounts |accessdate=2006-10-31 |author=Dion Hinchcliffe |date=2006-07-06 |work=Enterprise Web 2.0 |publisher=CNET Networks |doi= |archiveurl= |archivedate= |quote= ]

Industry analyst firm the Burton Group, described it as "in Identity 2.0, usage of identity more closely resembles today's offline identity systems, but with the advantages of a digital medium. As with a driver's license, the issuer provides the user with a certified document containing claims. The user can then choose to show this information when the situation requires".

The current internet model makes taking one's identification difficult from site to site. This was described in the Burton Group report as, "today's identity systems—which represent a “1.0” architecture, feature strong support for domain management but exhibit scalability and flexibility limitations when faced with the broader identity requirements of Internet scenarios." In that light, user-centric proponents believe "federation protocols (from Liberty Alliance, the Organization for the Advancement of Structured Information Standards [OASIS] , and the Web Services working group) are bastions of a domain-centric model but do little to recast the architectural foundations of identity systems to support grander structures."cite web |url=http://www.burtongroup.com/Research/PublicDocument.aspx?cid=736 |title=User-Centric Identity Management and the Enterprise: Why Empowering Users is Good Business |accessdate=2006-10-30 |author=Mike Neuenschwander |date=2005-12-20 |publisher= [burtongroup.com The Burton Group] |pages= |language= |doi= |archiveurl= |archivedate= |quote= ]

A major road block to creating Identity 2.0 is the strength of the existing infrastructure. Industry analysts Gartner Research reflect this perspective in their August 2006 report, stating

"Identity 2.0 will be relevant to online companies — and particularly consumer-focused companies — but not before 2008. There are various Identity 2.0 initiatives — including Microsoft's CardSpace (formerly InfoCard), Sxip and Higgins. While all the initiatives leverage Internet and Web protocols, there are different approaches for storing identity attributes and in securing the interactions; these different approaches are not clearly interoperable and lack a unifying standards-based framework.

Success for Identity 2.0 approaches will also require service providers to modify their Web sites and services to request, accept and authenticate identity data from clients and identity providers. This presents a potential "chicken and egg" problem whereby consumers don’t perceive the need to create digital personas until services are available to use them." [cite web |url=http://www.gartner.com/DisplayDocument?ref=g_title&id=495383 |title=Findings: Identity 2.0 Is Too Ill-Defined for Imminent Deployment |accessdate=2007-10-30 |author=Gregg Kreizman |coauthors=Ray Wagner, et al. |date=2006-08-09 |work= |publisher=Gartner |pages= |language= |doi= |archiveurl= |archivedate= |quote= ]

A year later, Gartner published an updated perspective in their 2007 Hype Cycle Report on IAM Technologies, that positions user-centric, Identity 2.0 technologies such as OpenID, CardSpace and Higgins as "technology triggers" that are "on the rise", though two to five years away from mainstream adoption. They recommend that consumer facing organizations monitor the evolution of these "Personal Identity Frameworks". [cite web |url=http://www.gartner.com/DisplayDocument?id=507737 |title=Hype Cycle for Identity and Access Management Technologies, 2007 |accessdate=2007-10-17 |author=Gregg Kreizman |last= |first= |authorlink= |coauthors=John Enck, et al. |date=2007-06-21 |publisher=Gartner |pages= |language= |doi= |archiveurl= |archivedate= |quote= ]

In an Identity 2.0 approach, rather than using multiple username/passwords to register onto a website (like the current model), Identity 2.0 would allow users to use one ID that is transparent and flexible. Identity 2.0 is focused around the user, not centered around a directory. It requires identified transactions between users and agents (websites) using verifiable data, thus providing more traceable transactions.

Using one identity all of the time could lead to compromised privacy or security, especially in the following cases:
* when an open identity is phished or compromised, [cite web |url=http://www.verisign.com/static/037101.pdf#page=5 |title=Internet Security Intelligence Briefing, March 2006 (Volume 4, Issue I) |accessdate=2008-08-03 |date= |year=2006 |month=February |format= |work=Internet Security Intelligence Briefing |publisher=VeriSign |pages=5 |doi= |archiveurl= |archivedate= |quote=First and foremost, the developers of the Identity 2.0 protocols must make certain that deployment of Identity 2.0 does not create new opportunities for credential theft. Theft of a credential valid at one site is bad; theft of a credential valid at multiple sites is a disaster.]
* when users would not usually chose to use a strongly authenticated identity but are forced to do so by system properties or market pressure,
* when unrelated actions are linked with the purpose of predicting or controlling the behaviour of a user.

Verifiable but unlinkable data can be provided by users via anonymous digital credentials. The subtleties of building up trust in situations of less than perfect knowledge, which are intuitively understood in the physical world, are investigated by trust negotiation.

ee also

* Authentication
* Digital Identity
* Higgins trust framework
* Identity Metasystem
* Information Card
* LID
* OpenID
* SAML
* Windows CardSpace
* Windows Live ID
* XRI XDI
* YADIS

References

External links

* [http://www.identity20.com Identity 2.0 blog]
* [http://identityaccessman3.blogspot.com Identity Assurance]
* Kaliya Hamlin: [http://www.oreillynet.com/pub/a/policy/2005/10/07/identity-workshop.html Identity 2.0 Gathering: Getting to the Promised Land]
* Dick Hardt, Identity 2.0 expert and CEO of [http://www.sxip.com Sxip Identity] : Lecture at OSCON Identity 2.0 [http://www.identity20.com/media/OSCON2005/ video]
* Phil Windley: [http://www.oreillynet.com/pub/a/network/2005/08/19/digitaldentity.html Identity Management Architectures and Digital Identity]
* David Weinberger: CNET Interview with Dick Hardt- [http://news.com.com/Supernova+2005+blogcast/2030-12_3-5745034.html?%20tag=nl#hardt What might user-focused digital identity look like?]
* [http://www.elektrischer-reporter.de/index.php/site/film/41/ Video Interview with Dick Hardt about Identity 2.0] (English interview with German intro and German subtitles).
* Sam Curry, [http://ca.com/us/blogs/posting.aspx?id=138668&pid=149640&date=2007/7 "The Signficance of Identity 2.0"]
* Brian Schmitt, [http://heresmylunch.blogspot.com/2007/09/research-post-identity-20.html "Research Post Identity 2.0]
* CBC Television, [http://www.youtube.com/watch?v=m1LU2z_V1as Quest for Identity 2.0]
* [http://savingtheinternetwithhate.com/ Utu Project] by Zed A. Shaw (creator of Mongrel): "Saving the internet with hate"