- IDsec
Infobox Software
name = IDsec
caption = IDsec
developer = Hans Zandbelt, et al. (Telematica Instituut)
latest_release_version = X.X.XX
latest_release_date =December X ,2006
latest_preview_version = X.X.X-X
latest_preview_date =December X ,2006
operating_system = Windows
genre =Digital Identity
license = GPL
website = [http://idsec.sourceforge.net/ idsec.sourceforge.net]IDsec is a mechanism that provides a digital identity (aka. Virtual Identity) for users on the Internet. Users may allow Internet service providers to access their User Profile data. As such it can be an alternative for MS Passport.
= Introduction =
Today many services exist on the
Internet that require some form of user identification or user information, e.g. for personalisation ore-commerce purposes. These services rely on customer information to improve their quality by using previously acquired knowledge about users stored in user profiles. However each of these services implements its own mechanism for that purpose, which leads to user informationredundancy , fragmentation and possibleinconsistency . Moreover the current situation forces users to maintain multiple profiles at multiple service providers. This overload of personal, possibly privacy-sensitive, information floating around the Internet leads to great issues of trust.IDsec presents a generic mechanism for establishing Virtual Identities on the Internet, that standardises protocols and interfaces for exchanging identity information between users and service providers in a secure manner. It enables users to reuse profile information across Internet services and service providers to delegate (part of) their customer information maintenance.
= Overview =
Identity in IDsec means that a user is known by a certain profile that contains precisely those attributes that the user wants to reveal to the requester of his profile. Access to profile attributes is managed by the user himself. Certificates and public/private key mechanisms ensure that information is exchanged in a secure way only between parties that trust each other.
Profiles are stored with so-called Profile Managers somewhere on the Internet. Profile Managers are parties that have a trusted relationship with the Profile Owners whose Profiles they have stored in their
databases .A Profile Manager runs a
Server-side application that allows his clients to modify their Profile over a secure connection. In addition to modification of attributes and their values, Profile Owners can assemble Access Control Lists that specify which attributes are accessible to which Profile Requesters. Access Control Lists are based on certificate information.Upon starting an Internet action that requires the use of IDsec, a Profile Owner will login with the Profile Manager. This "session login" will result in the creation of a "session certificate" that is sent to the Owner. The session certificate represents the Owner in the current Internet session and it contains a reference to the location of his Profile.
The Profile Owner sends the session certificate to the IDsec enabled Profile Requester. The Requester in his turn, sends it together with his own root certificate to the location specified in the session certificate. The Profile Manager uses the session certificate to identify the Owner and to assemble a Profile Requester specific Profile based on the Requester credentials and the Access Control List that the Owner specified.
The Profile Requester now has a customer Profile that he can use to personalize content, to do accounting and/or billing (eventually in combination with a third party) and any other business that he would normally do with locally stored customer data.
Notice that IDsec supports "anonymous browsing" and single sign-on; it does not necessarily reveal the name and address of the Profile Owner or any other attribute that uniquely identifies the Profile Owner. IDsec transmits exactly those attributes that an Owner trusts to be sent to the Requester.
= Status =
Several people have given positive feedback on the IDsec specification. It has been proposed as input to the
IETF , to theDotGNU project and to the PingID project, amongst other personal initiatives. FurthermoreRSA security has commented on the draft specification and they will put it forward as input to theLiberty Alliance Project .= See also =
*Digital Identity = External links =
* [http://idsec.sourceforge.net/ IDsec at Sourceforge] - The project mainsite.
Wikimedia Foundation. 2010.