The document discusses user-centric digital identity and the Internet Identity Workshop. It provides context for a shared understanding in the digital identity community through a shared history of "directory wars" in the 1990s, the formation of the "Identity Gang" in 2004 to discuss identity issues, and the development of a shared language and concepts like the "Laws of Identity." It also discusses some principles of user-centric digital identity and technologies like OpenID that aim to give users more control over their online identities and data.
1. XI
November 2, 2010
INTRODUCTION
by Kaliya Hamlin @identitywoman
Monday, December 6, 2010
2. Where does my personal inspiration about user-
centric digital identity come from?
Building Identity and
Trust into the Next
Generation Internet
asn.planetwork.net
Monday, December 6, 2010
3. Who am I?
IDENTITY GANG! Internet Identity Workshop
formed in 2004 iiw.idcommons.net
www.internetidentityworkshop.com
Monday, December 6, 2010
4. We have been meeting together every 6 months since the fall of 2005.
The Internet Identity Workshop is the work group of Identity Commons
an industry consortia & community linking many efforts focused on a
people centric identity layer of the net.
The Workshop provides open forum for both the big guys and the
small fry to come together in a safe and balanced space. It is not
about any one technology - rather it is a place to discuss multiple
interoperating (and possible competing) projects, standards, and
networks for identity, data sharing, and reputation.
IIW is Co-Produced by Phil Windley (@windley),Kaliya Hamlin (@identitywoman) & Doc Searls (dsearls)
IIWX is being co-facilitated by Kaliya Hamlin and Heidi Nobantu Saul (@nobantu).
The Notes Collection Center is being run by Kas Neteler (@kasneteler) and Heidi Nobantu Saul.
Monday, December 6, 2010
5. Face 2 Face DIDW
Meetings Burton Group IIW5
RSA IOS 4
2007 IIW 4 IOS 3
IOS 2 OSIS Interop 2
2006 IIW 3 Data Sharing Workshop
DIDW
RSA Burton Group
IOS 1 OSIS Interop 1
2005 DIDW IIW 2
2004 DIDW IIW 1
2003
DIDW
Monday, December 6, 2010
6. Face 2 Face DIDW
Meetings Burton Group IIW 11
2010 RSA
IIW 10
DIDW
2009 Burton Group
IIW 9
RSA
DIDW IIW 8
Burton Group OSIS Interop5
RSA IIW 7
2008 OSIS Interop 4
IIW 6 Data Sharing Summit
Data Sharing Workshop OSIS Interop 3
Monday, December 6, 2010
7. Broad Base of Participation SMALL COMPANY
BIG COMPANY SPONSORS SPONSORS
NONPROFIT SPONSORS
MSFT FuGen Solutions
ISOC
PingID OUNO
Kantara/Liberty Alliance CORPORATE PARTICIPANTS
SUN Rel-ID
Info Card Foundation Paypal
Facebook Poken
OASIS IDTrust Booz Allen Hamilton SMALL COMPANY
Google Vidoop
Mozilla Apple PATICIPANTS
Yahoo Chimp
Higgins Project
Cisco
Burton Group Authentrus Ångströ
Bandit Project Hewlett Packared Digg, Inc.
Plaxo Sxip
Planetwork International Business Machines Privo
Internet Society Commerce Net Intuit ClaimID
Expensify
Adobe LexisNexis FamilySearch.org
NONPROFIT BT Nippon Telegraph and Telephone Corporation FreshBooks
PARTICIPANTS Novell Nokia Siemens Networks Gigya
Center for Democracy and Facebook NRI Gluu
Technology AOL Oracle Janrain
DataPortability Project Ping Identity Orange Kynetx
IdM Network Netherlands Paypal / eBay Rackspace NetMesh Inc.
OCLC Radiant Logic Protiviti
Open Forum Foundation
World Economic Forum
Sony Ericsson
The MITRE Corporation
IETF Socialtext
TriCipher, Inc.
UNIVERSITY PARTICIPANTS
Tucows Inc
VeriSign, Inc.
W3C Trusted-ID
Wave Systems
Goldsmiths, University of London
Newcastle University
Stanford University
Vodafone Group R &D
Alcatel-Lucent OASIS Six Apart
Acxiom Identity Solutions
Acxiom Research
GOVERNMENT PARTICIPANTS Equifax
Office of the Chief Informaiton Office,
Province of British Columbia
LinkedIn
Amazon
and more...
Monday, December 6, 2010
13. CONTEXT For Shared Vision
IDENTITY GANG!
formed in 2004
Monday, December 6, 2010
14. CONTEXT For Shared Vision
Early on the Identity Gang list was a critical forum for community
collaboration it is still active here & many of the protocol efforts &
foundations that have emerged have their own lists.
http://lists.idcommons.net/lists/info/community
Monday, December 6, 2010
15. CONTEXT For Shared Vision
The Identity Gang was probably one of the first technical communities to have a very active
community blog life that complemented our mailing list conversations. Doc Searls played a
critical role in getting almost all community members to blog in the early days of the
community 2004-2005.
There are several aggregated blogs you can go to get a sense of activity in the community.
The Classic - www.planetidentity.org/
A newer one under development - http://seriouslyidentity.com/
Monday, December 6, 2010
16. CONTEXT For Shared Vision
s
Wiki forums were critical for sharing ideas and
common language like the Lexicon
Monday, December 6, 2010
17. CONTEXT For Shared Vision
Real Time Web Tools
SEARCH
These are newer mediums for collaboration and
information sharing using #hashtags etc. to connect work.
Monday, December 6, 2010
19. SHARED LANGUAGE
developed in Shared Context
Identity Gang LEXICON (driven by Paul Trevithick)
in August 2005
1.Agent 6. Entity
2.Claim 7. Identity Attribute
3.Claimant 8. Identity Context
4.Digital Identity 9. Party
5.Digital Identity Provider 10. Persona
6.Digital Subject 11. Relying Party
http://wiki.idcommons.net/Lexicon
Monday, December 6, 2010
21. SHARED UNDERSTANDING
using shared language
Laws of Identity
Kim Cameron in May 2005
http://www.identityblog.com/stories/2004/12/09/thelaws.html
Monday, December 6, 2010
22. SHARED UNDERSTANDING
using shared language
Laws of Identity Kim Cameron in May 2005
1. User Control and Consent
2. Minimal Disclosure for a Constrained Use
3. Justifiable Parties
4. Directed Identity
5. Pluralism of Operators and Technologies
6. Human Integration
7. Consistent Experience Across Contexts
Monday, December 6, 2010
23. SHARED UNDERSTANDING
using shared language
A Bill of Rights for Users of the Social Web September 4, 2007
Authored by Joseph Smarr, Marc Canter, Robert Scoble, and Michael Arrington
Preamble:
There are already many who support the ideas laid out in this Bill of Rights, but we are actively seeking
to grow the roster of those publicly backing the principles and approaches it outlines. That said, this Bill
of Rights is not a document “carved in stone” (or written on paper). It is a blog post, and it is intended
to spur conversation and debate, which will naturally lead to tweaks of the language. So, let’s get the
dialogue going and get as many of the major stakeholders on board as we can!
A Bill of Rights for Users of the Social Web
We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:
• Ownership of their own personal information, including:
◦ their own profile data
◦ the list of people they are connected to
◦ the activity stream of content they create;
• Control of whether and how such personal information is shared with others; and
• Freedom to grant persistent access to their personal information to trusted external sites.
Sites supporting these rights shall:
• Allow their users to syndicate their own profile data, their friends list, and the data that’s shared
with them via the service, using a persistent URL or API token and open data formats;
• Allow their users to syndicate their own stream of activity outside the site;
• Allow their users to link from their profile pages to external identifiers in a public way; and
• Allow their users to discover who else they know is also on their site, using the same external
identifiers made available for lookup within the service.
Monday, December 6, 2010
24. SHARED UNDERSTANDING
using shared language
OECD Paper Properties of Identity
At a Crossroads: "Personhood"
and the Digital Identity in the
Information Society
http://bit.ly/OECDdigitalpersonnood
Monday, December 6, 2010
25. SHARED UNDERSTANDING
using shared language
Properties of Identity
1.Identity is social. 6.Identity is consequential.
2.Identity is subjective. 7.Identity is dynamic.
3.Identity is valuable. 8.Identity is contextual.
4.Identity is referential. 9.Identity is equivocal.
5.Identity is composite.
OECD Paper At a Crossroads: "Personhood" and the Digital Identity in
the Information Society
The Properties of Identity were articulated by Bob Blakley, Jeff Broberg, Anthony Nadalin, Dale Olds,
Mary Ruddy, Mary Rundle, and Paul Trevithick.
Monday, December 6, 2010
26. SHARED UNDERSTANDING
Identifiers Claims
Single String Pairs
A claim is by one party about
Identifiers link things together another or itself.
and enable correlation.
It does not have to be linked to
They can be endpoints on the an identifier.
internet.
Proving you are over 18 for
example and not giving your
real name.
Monday, December 6, 2010
28. SHARED UNDERSTANDING
TECHNOLOGY
SOCIAL ? BUSINESS
LEGAL
Monday, December 6, 2010
29. What is User Centric Digital Identity?
Monday, December 6, 2010
30. The Identity Dog
Represents 2 things:
* Freedom to be who you want to be
* Freedom to share more specific
info about yourself that is validated
Monday, December 6, 2010
31. What is User Centric Digital Identity?
Monday, December 6, 2010
35. X
Why does User Centric Digital Identity Matter?
http://www.fullenglishfood.com/?p=799
Monday, December 6, 2010
36. Buddhist in Tennessee
http://religions.iloveindia.com/buddhism.html http://wwp.greenwichmeantime.com/time-zone/usa/tennessee/map.htm
Monday, December 6, 2010
37. Women having the freedom not to present as women.
Why James Chartrand
Wears Women’s Underpants
http://www.copyblogger.com/james-chartrand-underpants/
Monday, December 6, 2010
38. Real world examples of women managing different
personae from She’s Geeky conference.
1) Live Journal Friends
2) Professional ID
3) Feminist Identity 1) Me linked to real name
2) Spiritual
3) Gaming
1) Totally Professional on Domain, GMail, LinkedIN
2) Social but me on Facebook
3) Spiritual under pseudonym on Live Journal
Monday, December 6, 2010
42. Freedom of Action
Teachers being able to drink Young people free to
socially when in own time. explore themselves
BLIZARD WoW in game ID
vs “RealID” change
this comes from not having all contexts linked together
Monday, December 6, 2010
43. Freedom of
Movement and Assembly
Freedom to group and cluster outside commercial silos
& business contexts.
Monday, December 6, 2010
44. Freedom to
Peer-to-Peer Link
Freedom to determine
how the link is seen by
others
Monday, December 6, 2010
45. What is the context for people gathering?
“We’re trying to build a social
layer for everything.”
- Mark Zuckerburg
Monday, December 6, 2010
68. OpenID has a Ton of Issues
• security
• no payload - identifiers are not enough
• people donʼt understand format URL
• people donʼt have their own domains
• often 3rd level domain
• Nascar Problem
• ADOPTION
• Namespace issue - “solved Facebook”
Monday, December 6, 2010
69. Users take actions on your site
Users come to your site to consume
your unique content. They take
Connect actions like commenting, reviewing,
making purchases, rating, and more.
Users share with friends, who
discover your site
With Facebook Connect, users can
easily share your content and their
actions with their friends on
Facebook. As these friends discover
your content, they click back to your
site, engaging with your content and
completing the viral loop.
Social features increase
engagement
Creating deeper, more social
integrations keeps users engaged with
your site longer, and more likely to
take actions they share with their
friends. (For example — don't just
show users what's most popular on
your site, but what's most popular
with their friends on your site.)
Monday, December 6, 2010
70. Proposal for OpenID Connect
The response is a JSON object which contains some (or all) of the
following reserved keys:
• user_id - e.g. "https://graph.facebook.com/24400320"
• asserted_user - true if the access token presented was issued by
this user, false if it is for a different user
• profile_urls - an array of URLs that belong to the user
• display_name - e.g. "David Recordon"
• given_name - e.g. "David"
• family_name - e.g. "Recordon"
• email - e.g. "recordond@gmail.com"
• picture - e.g. "http://graph.facebook.com/davidrecordon/picture"
The server is free to add additional data to this response (such as
Portable Contacts) so long as they do not change the reserved OpenID
Connect keys.
Monday, December 6, 2010
76. Managed Cards Come in two Flavors
“Phones Home” Doesn’t “Phone Home”
Government
Employee issued ID Issued age
verification
the employer sees
where used just like a drivers
license in the real
world
Monday, December 6, 2010
78. Information Cards have a ton of issues:
• Relying Party Adoption
• why shift to claims from identifiers
• Where are the libraries and tools for Relying
parties
• Client Download Required
• New User Experience
• What are Active Clients and How do they work
• Risk & Liability Models are Unclear
• If a claim is validated and it is untrue who is liable
Monday, December 6, 2010
84. OStatus isn't a new protocol; it
applies some great protocols in a natural
and reasonable way to make distributed
social networking possible.
• Activity Streams encode social events in
standard Atom or RSS feeds.
• PubSubHubbub pushes those feeds in
realtime to subscribers across the Web.
• Salmon notifies people of responses to
their status updates.
• Webfinger makes it easy to find people
across social sites.
Monday, December 6, 2010
101. SAML
SAML has two parts used in higher education
1. Authentication
2. Profiles
Monday, December 6, 2010
102. Protocol Family Tree
XNS XNS.org
Current Organizations
Organizations (no longer) XDI XRI
XDI.ORG
Event
XRDS Internet
Identity
Independent Open Protocol
Workshop
Independent Open Protocol
XRD #1 Oct 2005
i-names
(no longer) Simple XRI
Protocol standardized at OASIS YADIS
OpenID
Protocol standardized at OASIS
earlier version (no longer) XRD v1
OpenID LID
v2
sxip
OpenID
Web Foundation
OpenID
Finger v Next
Monday, December 6, 2010
103. Big Challenge Protocol Interop
Monday, December 6, 2010
105. 3rd Interop RSA Conference
Spring 2007
European Identity Conference
Monday, December 6, 2010
106. Open Identity For Open
Government
Fast Company blog post by Kaliya
Government Experimenting with http://bit.ly/FastCo-IDGov
Identity Technologies
Government Services
Administration website on ID http://bit.ly/ID-Gov-Open
Monday, December 6, 2010
108. Trust Frameworks /
Policy Repositories
Open Identity Exchange
Policy Repository Levels of
for Auditors Levels of Assurance Protection
Trust Frameworks Identity Providers Relying Parties
ICAM
John Google
Relying Party
Steensen
OCLC PayPal
Other
Relying Party
Auditor
PBS Kids Equifax
Other
Auditor Yahoo!
XAuth
Monday, December 6, 2010
109. SHARED VISION for people’s identity
on the scale of the web.
Monday, December 6, 2010
110. Freedom
and
Autonomy
for People
Monday, December 6, 2010
112. No One
Dominant Player
Monday, December 6, 2010
113. There will be a
Big Bang
With all new technologies there is a point at which new things start
happening that the creators of the technology did not envision this is a
big bang in identity.
Monday, December 6, 2010
114. Mission statements:
• Identity Commons: Support, facilitate, and promote the creation of an open identity layer
for the Internet, one that maximizes control, convenience, and privacy for the individual
while encouraging the development of healthy, interoperable communities.
• Information Card Foundation: Promote, protect, and enable the development of an open,
trusted, interoperable, royalty-free identity layer for the Internet that maximizes control over
personal information by individuals
• OpenID Foundation: To foster and promote the development of, public access to, and
adoption of OpenID as a framework for user-centric identity on the Internet; and To acquire,
create, hold, and manage intellectual property related to OpenID and provide equal access to
such intellectual property to the OpenID community and public at no charge.
• Kantara Intiative: Foster identity community harmonization, interoperability, innovation,
and broad adoption through the development of open identity specifications, operational
frameworks, education programs, deployment and usage best practices for privacy-
respecting, secure access to online services
• Open Identity Exchange: Collecting aggregating, and distributing information regarding
the identity-related services industry to businesses and other stakeholders in that industry in
order to improve conditions in that industry by fostering innovation, market transparency,
and identity-related product and service interoperability; Providing a neutral, open market
registration system for participants in the identity-related services industry;
• Data Portability Project: Data portability enables a borderless experience, where people
can move easily between network services, reusing data they provide while controlling their
privacy and respecting the privacy of others. Our Mission is to help people to use and protect
the data they create on networked services, and to advocate for compliance with the values
of DataPortability.
Monday, December 6, 2010
115. Planetwork
Loose Affiliations of People Evolution of Identity Community Link Tank
FireFly
Liberty Alliance
Current Organizations Higgins
Project SUN Oracle BT
Microsoft Identity
Lots of Companies Commons (1)
Organizations (no longer) Passport XRI
XDI
Hailstorm SAML
v1 & 2
Company
Identity
IBM Gang
Proprietary Service (no longer)
VENN OF
IDENTITY
Protocol standardized at OASIS Internet Identity
OpenID Workshop
v2
Protocol standardized at OASIS IMI
Identity Metasystem OpenID
earlier version (no longer) Interoperability Foundation
TIME
Information Card
Standard
Independent Open Protocol
Information
Card
Independent Open Protocol Foundation Identity
Commons (2)
(no longer)
Pamela
Project
Paper:Shared Understanding
Kantara Intiative
Project to be
annouced at
Event IIW
Open Identity
Exchange
Project to be
Project with Code annouced at
IIW
Monday, December 6, 2010
118. One of the main community organizations linking various
efforts is Identity Commons.
OIX
Open ID
PDX
OSIS
Open Source
Key
Foundation Identity System
Information
Group that who's
Card home is at Identity
Foundation IDMedia Commons
Review
XDI.ORG
Data Independant
Photo Nonprofit
Portability
Project
Identity Group Organization
Commons Kids
Internet Identity Online Project at
Workshop another
organization
Project Identity
Schemas Identity
VRM Gang
Nick's
Pamela Legacy EVENT
Higgins Project ID-Legal
Project
Monday, December 6, 2010
119. Conclusion: a funny take the identity dog logo
On the dog, no one knows when
you’re on the Internet.
Monday, December 6, 2010