- Digital identity
-
- For related uses, see Internet identity
Digital identity is the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things. Digital identity also has another common usage as the digital representation of a set of claims made by one digital subject about itself or another digital subject.[1]
Digital subject
A digital subject is an entity represented or existing in the digital realm which is being described or dealt with. Every digital subject has a finite, but unlimited number of identity attributes. A digital subject can be human or non-human. Non-human examples include:
- Devices and computers (with which we have built the "digital realm" in the first place);
- Digital resources (which attract us to it);
- Policies and relationships between other digital subjects (e.g., between humans and devices or documents or services).
Identity through relationship
An observer's perception of the digital identity of an entity is inevitably mediated by the subjective viewpoint of that observer (just as it is with physical identity). In order to attribute a digital representation to an entity, and so to elide the two as a digital subject, the attributing party (the observer) must trust that the representation does indeed pertain to the entity (see Authentication below). Conversely, the entity may only grant the observer selective access to its informational attributes (according to the identity of the observer from the perspective of the entity). In this way, digital identity is better understood as a particular viewpoint within a mutually-agreed relationship than as an objective property. This contextual nature of digital identity is referred to as contextual identity.
Authentication
Authentication is a key aspect of trust-based identity attribution, providing a codified assurance of the identity of one entity to another. Authentication methodologies include the presentation of a unique object such as a bank credit card, the provision of confidential information such as a password or the answer to a pre-arranged question, the confirmation of ownership of an e-mail address, and more robust but relatively costly solutions utilising encryption methodologies. In general, business-to-business authentication prioritises security while user to business authentication tends towards simplicity. New physical authentication techniques such as iris scanning, handprinting, and voiceprinting are currently being developed and in the hope of providing improved protection against identity theft. Those new techniques fall into the area of Biometry (biometrics), which belongs to the area of Artificial Intelligence or Machine Learning.
Identifiers
Digital identity fundamentally requires digital identifiers—strings or tokens that are unique within a given scope (globally or locally within a specific domain, community, directory, application, etc.). Identifiers are the key used by the parties to an identification relationship to agree on the entity being represented. Identifiers may be classified as omnidirectional and unidirectional[1]. Omnidirectional identifiers are intended to be public and easily discoverable, while unidirectional identifiers are intended to be private and used only in the context of a specific identity relationship.
Identifiers may also be classified as resolvable or non-resolvable. Resolvable identifiers, such as a domain name or e-mail address, may be dereferenced into the entity they represent, or some current state data providing relevant attributes of that entity. Non-resolvable identifiers, such as a person's real-world name, or a subject or topic name, can be compared for equivalence but are not otherwise machine-understandable.
There are many different schemes and formats for digital identifiers. The most widely used is Uniform Resource Identifier (URI) and its internationalized version Internationalized Resource Identifier (IRI)—the standard for identifiers on the World Wide Web. OpenID and Light-Weight Identity (LID) are two web authentication protocols that use standard HTTP URIs (often called URLs), for example.
Digital Object Architecture
Digital Object Architecture (DOA)[2] provides a means of managing digital information in a network environment. A digital object has a machine and platform independent structure that allows it to be identified, accessed and protected, as appropriate. A digital object may incorporate not only informational elements, i.e., a digitized version of a paper, movie or sound recording, but also the unique identifier of the digital object and other metadata about the digital object. The metadata may include restrictions on access to digital objects, notices of ownership, and identifiers for licensing agreements, if appropriate.
The Handle System
The Handle System is a general purpose distributed information system that provides efficient, extensible, and secure identifier and resolution services for use on networks such as the internet. It includes an open set of protocols, a namespace, and a reference implementation of the protocols. The protocols enable a distributed computer system to store identifiers, known as handles, of arbitrary resources and resolve those handles into the information necessary to locate, access, contact, authenticate, or otherwise make use of the resources. This information can be changed as needed to reflect the current state of the identified resource without changing its identifier, thus allowing the name of the item to persist over changes of location and other related state information. The original version of the Handle System technology was developed with support from the Defense Advanced Research Projects Agency (DARPA).
Extensible Resource Identifiers
A new OASIS standard for abstract, structured identifiers, XRI (Extensible Resource Identifiers), adds new features to URIs and IRIs that are especially useful for digital identity systems. OpenID also supports XRIs, and XRIs are the basis for i-names.
Policy aspects of digital identity
There are proponents of treating self-determination and freedom of expression of digital identity as a new human right.[citation needed] Some have speculated that digital identities could become a new form of legal entity.[citation needed]
Taxonomies of identity
Digital identity attributes—or data—exist within the context of ontologies. A simple example of a taxonomy is "A cat is a kind of animal." An entity represented in this ontology as a "cat" is therefore invariably also considered an "animal." In establishing the contextual relationship of identity attributes to one another, taxonomies are able to represent identity in terms of pre-defined structures. This in turn allows computer applications to process identity attributes in a reliable and useful manner. XML (eXtensible Markup Language) has become a de facto standard for the abstract description of structured data.
Taxonomies inevitably reflect culturally and personally relative world views. Consider two possible elaborations of the above example:
- "A cat is a kind of animal. A domestic cat is a kind of cat and is a pet."
- "A cat is a kind of animal. A domestic cat is a kind of cat and is edible by humans."
Someone searching the first taxonomy for pets would find "domestic cat," whereas a search of the second taxonomy for foodstuffs would yield the same result! We can see that while each taxonomy is useful within a particular cultural context or set of contexts, neither represents a universally valid point of view on domestic cats.
The development of digital identity network solutions that can interoperate taxonomically-diverse representations of digital identity is a contemporary challenge. Free-tagging has emerged recently as an effective way of circumventing this challenge (to date, primarily with application to the identity of digital entities such as bookmarks and photos) by effectively flattening identity attributes into a single, unstructured layer. However, the organic integration of the benefits of both structured and fluid approaches to identity attribute management remains elusive.
Networked identity
Identity relationships within a digital network may include multiple identity entities. However, in a decentralised network like the Internet, such extended identity relationships effectively require both (a) the existence of independent trust relationships between each pair of entities in the relationship and (b) a means of reliably integrating the paired relationships into larger relational units. And if identity relationships are to reach beyond the context of a single, federated ontology of identity (see Taxonomies of identity above), identity attributes must somehow be matched across diverse ontologies. The development of network approaches that can embody such integrated "compound" trust relationships is currently a topic of much debate in the blogosphere.
Integrated compound trust relationships allow, for example, entity A to accept an assertion or claim about entity B by entity C. C thus vouches for an aspect of B's identity to A.
A key feature of "compound" trust relationships is the possibility of selective disclosure from one entity to another of locally relevant information. As an illustration of the potential application of selective disclosure, let us suppose a certain Diana wished to book a hire car without disclosing irrelevant personal information (utilising a notional digital identity network that supports compound trust relationships). As an adult, UK resident with a current driving license, Diana might have the UK's Driver and Vehicle Licensing Agency vouch for her driving qualification, age and nationality to a car-rental company without having her name or contact details disclosed. Similarly, Diana's bank might assert just her banking details to the rental company. Selective disclosure allows for appropriate privacy of information within a network of identity relationships.
A classic form of networked digital identity based on international standards is the "White Pages".
An electronic white pages links various devices, like computers and telephones, to an individual or organization. Various attributes such as X.509v3 digital certificates for secure cryptographic communications are captured under a schema, and published in a LDAP or X.500 directory. Changes to the LDAP standard are managed by working groups in the IETF, and changes in X.500 are managed by the ISO. The ITU did significant analysis of gaps in digital identity interoperability via the FGidm, focus group on identity management.
Implementations of X.500[2005] and LDAPv3 have occurred world wide but are primarily located in major data centers with administrative policy boundaries regarding sharing of personal information. Since combined X.500 [2005] and LDAPv3 directories can hold millions of unique objects for rapid access, it is expected to play a continued role for large scale secure identity access services. LDAPv3 can act as a lightweight standalone server, or in the original design as a TCP-IP based Lightweight Directory Access Protocol compatible with making queries to a X.500 mesh of servers which can run the native OSI protocol.
This will be done by scaling individual servers into larger groupings that represent defined "administrative domains", (such as the country level digital object) which can add value not present in the original "White Pages" that was used to look up phone numbers and email addresses, largely now available through non-authoritative search engines.
The ability to leverage and extend a networked digital identity is made more practicable by the expression of the level of trust associated with the given identity through a common Identity Assurance Framework.
Academic work
Research on identity is done in a variety of disciplines such as law, technology, and information systems alongside other social, political and management issues.
See also
- Authentication
- Digital footprint
- E-Authentication
- Entity
- Federated Identity
- FIDIS (Future of Identity in the Information Society)
- Global Trust Center
- Global Trust Council
- Identity
- Identity management
- Identity 2.0
- IDsec An open source, digital identity software.
- Informational self-determination
- Online identity
- Pseudonymity
- Privacy
- Quantum cryptography
- Social map
References
- ^ a b K.Cameron, "Laws of Identity", Blog, Jan 2006, http://www.identityblog.com/?p=352
- ^ A Framework for Distributed Digital Object Services http://www.cnri.reston.va.us/k-w.html
External links
- The Identity Dictionary
- Digital Identity Glossary
- FIDIS (Future of Identity in the Information Society) Network of Excellence
- "Digital Identity" (book) by Phil Windley, preview at Google Books
- Identity Gang Lexicon
- Identity 2.0 Keynote
- Ideating Identity
- xID Digital Identity specification for worldwide use
- DigitalIDNews
- Identity Weblog by Kim Cameron, Identity and Access Architect, Microsoft Corporation
Categories:- Identity management
- Identity
- Digital technology
- Federated identity
- Computer access control
Wikimedia Foundation. 2010.