• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
User Centric Digital Identity, Talk for Computer Science and Telecommunications Board, National Academies
 

User Centric Digital Identity, Talk for Computer Science and Telecommunications Board, National Academies

on

  • 14,318 views

I presented this talk on September 23 to the Computer Science and Telecommunications Board of the National Academies in Washington DC. It has three parts ...

I presented this talk on September 23 to the Computer Science and Telecommunications Board of the National Academies in Washington DC. It has three parts
1) What is User Centric Digital Identity
2) What are the technologies that have been developed to date
3) Emerging work on developing a Personal Data Ecosystem.

Statistics

Views

Total Views
14,318
Views on SlideShare
14,090
Embed Views
228

Actions

Likes
5
Downloads
138
Comments
0

3 Embeds 228

http://www.identitywoman.net 225
http://www.techgig.com 2
http://paper.li 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    User Centric Digital Identity, Talk for Computer Science and Telecommunications Board, National Academies User Centric Digital Identity, Talk for Computer Science and Telecommunications Board, National Academies Presentation Transcript

    • User-Centric Digital Identity September 23 presentation to Computer Science and Telecomunications Board National Academies by Kaliya Hamlin @identitywoman http://www.identitywoman.net kaliya@identitywoman.net Internet Identity Workshop http://www.internetidentityworkshop.com Friday, September 24, 2010
    • Where does my personal inspiration about user- centric digital identity come from? Building Identity and Trust into the Next Generation Internet asn.planetwork.net Friday, September 24, 2010
    • Who am I? IDENTITY GANG! Internet Identity Workshop formed in 2004 iiw.idcommons.net www.internetidentityworkshop.com Friday, September 24, 2010
    • Broad Base of Participation SMALL COMPANY BIG COMPANY SPONSORS SPONSORS NONPROFIT SPONSORS MSFT FuGen Solutions ISOC PingID OUNO Kantara/Liberty Alliance CORPORATE PARTICIPANTS SUN Rel-ID Info Card Foundation Paypal Facebook Poken OASIS IDTrust Booz Allen Hamilton SMALL COMPANY Google Vidoop Mozilla Apple PATICIPANTS Yahoo Chimp Higgins Project Cisco Burton Group Authentrus Ångströ Bandit Project Hewlett Packared Digg, Inc. Plaxo Sxip Planetwork International Business Machines Privo Internet Society Commerce Net Intuit ClaimID Expensify Adobe LexisNexis FamilySearch.org NONPROFIT BT Nippon Telegraph and Telephone Corporation FreshBooks PARTICIPANTS Novell Nokia Siemens Networks Gigya Center for Democracy and Facebook NRI Gluu Technology AOL Oracle Janrain DataPortability Project Ping Identity Orange Kynetx IdM Network Netherlands Paypal / eBay Rackspace NetMesh Inc. OCLC Radiant Logic Protiviti Open Forum Foundation World Economic Forum Sony Ericsson The MITRE Corporation IETF Socialtext TriCipher, Inc. UNIVERSITY PARTICIPANTS Tucows Inc VeriSign, Inc. W3C Trusted-ID Wave Systems Goldsmiths, University of London Newcastle University Stanford University Vodafone Group R &D Alcatel-Lucent OASIS Six Apart Acxiom Identity Solutions Acxiom Research GOVERNMENT PARTICIPANTS Equifax Office of the Chief Informaiton Office, Province of British Columbia LinkedIn Amazon and more... Friday, September 24, 2010
    • Unconference Format Friday, September 24, 2010
    • Friday, September 24, 2010
    • Talk Outline What is User-Centric Digital Identity (including how it arose in contrast to non-user-centric identity) Technologies have been developed to date OpenID, Information Cards, XRD, OAuth, UMA, SAML Emerging: The Personal Data Ecology Friday, September 24, 2010
    • What is Digital Identity? http://www.digital-identities.com/ The »Gestalt« of digital identity http://www.flickr.com/photos/wertarbeit/3825274153/in/photostream/ Friday, September 24, 2010
    • Identifiers Claims Single String Pairs Identifiers link things together A claim is by one party about and enable correlation. another or itself. It does not have to be linked to They can be endpoints on the an identifier. internet. Proving you are over 18 for example and not giving your real name. Friday, September 24, 2010
    • What is User Centric Digital Identity? Big Co. Web 1.0 Web 2.0 Friday, September 24, 2010
    • What is User Centric Digital Identity? Friday, September 24, 2010
    • The Identity Dog Represents 2 things: * Freedom to be who you want to be * Freedom to share more specific info about yourself that is validated Friday, September 24, 2010
    • What is User Centric Digital Identity? Friday, September 24, 2010
    • Freedom to Aggregate Friday, September 24, 2010
    • Freedom to Disaggregate Friday, September 24, 2010
    • Freedom to Disaggregate Friday, September 24, 2010 X
    • X Why does User Centric Digital Identity Matter? http://www.fullenglishfood.com/?p=799 Friday, September 24, 2010
    • Buddhist in Tennessee http://religions.iloveindia.com/buddhism.html http://wwp.greenwichmeantime.com/time-zone/usa/tennessee/map.htm Friday, September 24, 2010
    • Women having the freedom not to present as women. Why James Chartrand Wears Women’s Underpants http://www.copyblogger.com/james-chartrand-underpants/ Friday, September 24, 2010
    • Real world examples of women managing different personae from She’s Geeky conference. 1) Live Journal Friends 2) Professional ID 3) Feminist Identity 1) Me linked to real name 2) Spiritual 3) Gaming 1) Totally Professional on Domain, GMail, LinkedIN 2) Social but me on Facebook 3) Spiritual under pseudonym on Live Journal Friday, September 24, 2010
    • Friday, September 24, 2010
    • Goofy Habits or Hobbies Friday, September 24, 2010
    • Freedom of Expression personal and political Friday, September 24, 2010
    • Freedom of Action Teachers being able to drink Young people free to socially when in own time. explore themselves BLIZARD WoW in game ID vs “RealID” change this comes from not having all contexts linked together Friday, September 24, 2010
    • How do people “get” User Centric Digital Identity today? Hack it together with handles from web mail providers or on a service like Twitter Friday, September 24, 2010
    • How do people “get” User Centric Digital Identity today? Hack it together with handles from web mail providers or on a service like Twitter Challenge with e-mail addresses as identities the communications token is the “ID” Friday, September 24, 2010
    • How do people “get” User Centric Digital Identity today? Hack it together with handles from web mail providers or on a service like Twitter Challenge with e-mail addresses as identities the communications token is the “ID” Google profiles Yahoo! profiles Friday, September 24, 2010
    • How do people “get” User Centric Digital Identity today? Hack it together with handles from web mail providers or on a service like Twitter Challenge with e-mail addresses as identities the communications token is the “ID” Google profiles Facebook Yahoo! profiles LinkedIn Friday, September 24, 2010
    • Freedom to not be “erased” under TOS What are our rights in these commercial spaces governed by Terms of Service? How are we “citizens” in private space? In physical life we have protection of our physical self - people will be prosecuted for harming us. What is the equivalent in online spaces? Friday, September 24, 2010
    • How do people “get” User Centric Digtial Identity today? Identifier side: Claims based side: Almost impossible. Own their own domain name. Little relying party adoption (Places where 3rd party Have a blog? or self generated claims Run an openID server? will be accepted) Little client side app adoption Friday, September 24, 2010
    • Why have we have yet to succeed? It is a REALLY hard problem set to solve for, User Centric Digital Identity that is: 1. open standards based 2. the scale of the internet + other digital systems 3. that people find usable 4. that they understand 5. that is secure 6. it requires emergence of new social behavior 7. and changes business models & norms Friday, September 24, 2010
    • Friday, September 24, 2010
    • Isn’t just a technical problem TECHNOLOGY SOCIAL ? BUSINESS LEGAL Friday, September 24, 2010
    • We are still the make the vision real Are we succeeding! with particular protocols with various levels of adoption. Friday, September 24, 2010
    • What were User Centric Digital Identities ideas arising in response to? Friday, September 24, 2010
    • These reasons were covered in the above Corporate mediated ID (Facebook LinkedIn). Desire to have online world map to how ID works in physical world - selective disclosure. A Bazillion different accounts. Identity is socially constructed not institutionally issued. Friday, September 24, 2010
    • Corporate Issued IDs from employers http://www.smartdraw.com/blog/archive/2008/09/04/four-ways-to-make-your-org-charts-more-useful.aspx Friday, September 24, 2010
    • Corporate Issued IDs for customers frequent flier http://usresident.com/ customer number health insurance number Friday, September 24, 2010
    • The claim there is no separation between online and offline life Friday, September 24, 2010
    • Friday, September 24, 2010
    • Participants in the Federated Social Web Summit. Pre-Open Source Convention July 18th, 2010, Portland, Oregon, USA Friday, September 24, 2010
    • Protocols are Political It gets to the heart of what it means to have a civil society, how we organize together. The choices made in creating these architectures now will shape the future. http://www.treehugger.com/files/2010/07/thousands-of-undiscovered-plants-face-extinction.php http://www.moviecritic.com.au/your-favourite-cinematic-dystopian-future/ Friday, September 24, 2010
    • OR Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • What is the context for people gathering? “We’re trying to build a social layer for everything.” - Mark Zuckerburg Friday, September 24, 2010
    • Freedom of Movement and Assembly Freedom to group and cluster outside commercial silos & business contexts. Friday, September 24, 2010
    • Freedom to Peer-to-Peer Link Freedom to determine how the link is seen by others Friday, September 24, 2010
    • How can people and groups be first class objects on the web (and other electronic networks)? Friday, September 24, 2010
    • User Centric Digital Identity is the: • Freedom to Aggregate • Freedom to Disaggregate • Freedom to not be “erased” under TOS • Freedom of Movement and Assembly • Freedom to Peer-to-Peer link & the Freedom to determine if the link is seen by others Friday, September 24, 2010
    • Transition to Technology Section Friday, September 24, 2010
    • Text Text + ? Can you have both? Friday, September 24, 2010
    • OpenID 101 (identifier) Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • OpenID has a Ton of Issues • security • no payload - identifiers are not enough • people donʼt understand format URL • people donʼt have their own domains • often 3rd level domain • Nascar Problem • ADOPTION • Namespace issue - “solved Facebook” Friday, September 24, 2010
    • Users take actions on your site Users come to your site to consume your unique content. They take Connect actions like commenting, reviewing, making purchases, rating, and more. Users share with friends, who discover your site With Facebook Connect, users can easily share your content and their actions with their friends on Facebook. As these friends discover your content, they click back to your site, engaging with your content and completing the viral loop. Social features increase engagement Creating deeper, more social integrations keeps users engaged with your site longer, and more likely to take actions they share with their friends. (For example — don't just show users what's most popular on your site, but what's most popular with their friends on your site.) Friday, September 24, 2010
    • Proposal for OpenID Connect The response is a JSON object which contains some (or all) of the following reserved keys: • user_id - e.g. "https://graph.facebook.com/24400320" • asserted_user - true if the access token presented was issued by this user, false if it is for a different user • profile_urls - an array of URLs that belong to the user • display_name - e.g. "David Recordon" • given_name - e.g. "David" • family_name - e.g. "Recordon" • email - e.g. "recordond@gmail.com" • picture - e.g. "http://graph.facebook.com/davidrecordon/picture" The server is free to add additional data to this response (such as Portable Contacts) so long as they do not change the reserved OpenID Connect keys. Friday, September 24, 2010
    • Information Cards (claims) informationcard.net Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Managed Cards Come in two Flavors “Phones Home” Doesn’t “Phone Home” Government Employee issued ID Issued age verification the employer sees where used just like a drivers license in the real world Friday, September 24, 2010
    • Verified Anonymity (U-Prove) Friday, September 24, 2010
    • Information Cards have a ton of issues: • Relying Party Adoption • why shift to claims from identifiers • Where are the libraries and tools for Relying parties • Client Download Required • New User Experience • What are Active Clients and How do they work • Risk & Liability Models are Unclear • If a claim is validated and it is untrue who is liable Friday, September 24, 2010
    • More Technologies Friday, September 24, 2010
    • XRD (the most successful standard arising from user centric ID community that you have never heard of) Friday, September 24, 2010
    • Discovery = Patterns + Interfaces + Descriptors Friday, September 24, 2010
    • Evolution of Discovery XRDS --> XRD-Simple --> XRD (within XRI spec) Friday, September 24, 2010
    • Application of XRI/XDI Friday, September 24, 2010
    • OStatus isn't a new protocol; it applies some great protocols in a natural and reasonable way to make distributed social networking possible. • Activity Streams encode social events in standard Atom or RSS feeds. • PubSubHubbub pushes those feeds in realtime to subscribers across the Web. • Salmon notifies people of responses to their status updates. • Webfinger makes it easy to find people across social sites. Friday, September 24, 2010
    • OAuth Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • User Managed Access Friday, September 24, 2010
    • SAML SAML has two parts used in higher education 1. Authentication 2. Profiles Friday, September 24, 2010
    • Big Challenge Protocol Interop Friday, September 24, 2010
    • Big Challenges RP adoption at scale. Integration/adoption of active identity clients ("identity-in-the- browser") and/or cloud identity services. Addressing the gap between what these protocols do (federated authentication, authorization, and simple third-party claims transfer) and what the market really needs (compelling solutions built on top of these tools that integrate other key components like personal data stores). Harmonizing all of this with government policy and initiatives like US ICAM and NSTIC and UK Direct Gov open identity requirements. Friday, September 24, 2010
    • ICAM and NSTIC Portable trusted Identities for government. With the ability to use commercially vetted identities to interact with government. Reading NSTIC there is the potential to have verified anonymity be part of the ecology. Friday, September 24, 2010
    • Friday, September 24, 2010
    • Trust Frameworks / Policy Repositories Open Identity Exchange Policy Repository Levels of for Auditors Levels of Assurance Protection Trust Frameworks Identity Providers Relying Parties ICAM John Google Relying Party Steensen OCLC PayPal Other Relying Party Auditor PBS Kids Equifax Other Auditor Yahoo! XAuth Friday, September 24, 2010
    • The next frontier PERSONAL DATA Friday, September 24, 2010
    • Generating More Data than Ever I put on The Big Data Workshop April 23, 2010 http://www.bigdataworkshop.com Friday, September 24, 2010
    • Less Control Than Ever Friday, September 24, 2010
    • Can people control the flow of data about them from: 1.Self to others? 2.Self to institutions? Friday, September 24, 2010
    • Do you have a copy of what you put out on the web? Implicit and Explicit Data More and more digital devices collecting more data Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • Friday, September 24, 2010
    • We should have our own picture of our “digital selves” or digital projection. Questions: • How do we get it (the picture - the data)? • Who do we trust to manage it? • How do we get insight into it? • What is the legal protection it is afforded? Friday, September 24, 2010
    • Friday, September 24, 2010
    • Who you are and what you care about should not be the possession of someone else. Friday, September 24, 2010
    • Time/space stamping You can reconstruct who it is without PII attached to it It makes the technical architectures matter more and the legal frameworks critical. Friday, September 24, 2010
    • Personal Data Store Ecology Open Standards based Personal Data Stores with people, groups and businesses as first class objects. It will include full data portability and a range of services. Friday, September 24, 2010
    • Personal Data Ecology Friday, September 24, 2010
    • Personal Data Ecology Friday, September 24, 2010
    • Personal Data Ecology Friday, September 24, 2010
    • Personal Data Ecology Friday, September 24, 2010
    • Personal Data Ecology Friday, September 24, 2010
    • Project VRM - 4th Parties http://bit.ly/VRM4thParty Friday, September 24, 2010
    • $ APPLICATIONS EXCHANGE REFINEMENT STORAGE ID + ENCRYPTION DATA + META DATA DATA SOURCES Stack for Personal Data Banks & Personal Data Exchanges by Marc Davis (from IIW10) Friday, September 24, 2010
    • Higgins Project XDI Stack Persona Data Model 2.0 XDI Based Uses card metaphor Supports Link Contracts Linkable dictionary of terms RDF based Standardized at W3C No user interface develoeped Standardized at OASIS API’s XDI, OAuth, (soon) Activity Streams, PubSubHubbub, SPARQL Young project code is just starting to be published on 5+year old project the web. are there others? Friday, September 24, 2010
    • Vision and Principles for the Personal Data Ecosystem by Kaliya Hamlin • Dignity of the Individual is Core • Systems Must Respect Relationships • Remember the Greatness of Groups • Protocols that Enable Broad Possibilities are Essential • Open Standards for Data and Metadata are Essential • Defaults Must Work for Most People Most of the Time • Norms and Practices in the Personal Data Ecosystem Must be Backed up by Law • Business Opportunities Abound in this New Personal Data Ecosystem • Diversity is Key to the Success of the Personal Data Ecosystem http://www.identitywoman.net/vision-principles-for-the-personal-data-ecosystem Friday, September 24, 2010
    • PDX Principles by Phil Windley user-controlled federated interoperable semantic portability metadata management broker services discoverable automatable and scriptable http://www.windley.com/archives/2010/09/pdx_principles.shtml Friday, September 24, 2010
    • As a community we are working on making the Personal Data Store Ecology. Friday, September 24, 2010
    • Questions • What will be the open standards for data and metadata? • What will be the legal frameworks for individual protection (do you have to get warrant to search)? • What will be legal framework for individual protection and freedom to remove data from services? • What business structures can hold ? • How is any of this going to be usable? • How will data be protected, encrypted, etc.? • How will people be able to store keys? • What will be compelling reasons for adoption? • Can industry make money and give user more control? • How will the network work based on identifiers AND not have everything linkable?.... (ISOC is thinking a lot about this) Friday, September 24, 2010
    • Questions • What is the right architecture for distributed groups? • How are e-mails not the basis of all “social” transactions? • How do mobile carriers participate in the personal data ecosystem? • How do target populations have their needs met in the design of these systems? • Women • Sexual Minorities • People of Color • How are mechanisms for the peer production of governance at the core of these systems? • What to do about the namespace issue? Friday, September 24, 2010
    • Questions • Can we make active clients usable? • What are the defaults in these systems? • How do we get away from cookies to give personalized services? • What do user-agents do? • How do user agents make contracts for the user • How are the data streams made available for agent based services model? Friday, September 24, 2010
    • I invite you to the next IIW November 2-4, Mountain View, CA Meet the community, learn a lot, and ask them what would be helpful research questions to consider. http://www.internetidentityworkshop.com Friday, September 24, 2010
    • Thank You! Kaliya Hamlin @identitywoman http://www.identitywoman.net kaliya@identitywoman.net Friday, September 24, 2010