SlideShare a Scribd company logo

Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway

Dazza Greenwood
Dazza Greenwood

These slides went with Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway.

TechnologyBusiness
1 of 7
Download to read offline
1 May 7/8; Trondheim, Norway Context, Terms, Models and Options for Digital Identity Management Daniel “Dazza” Greenwood Lecturer, Massachusetts Institute of Technology Director, MIT eCommerce Architecture Program Principal, CIVICS.com http://ecitizen.mit.edu http://www.civics.com dazza@media.mit.edu Presented at the OECD Workshop on Digital Identity Management In Cooperation With the Norwegian Ministry of Education & Research and Ministry of Government Administration & Reform Global Identity Management Daz Greenwood: www.CIVICS.com Digital Identity is Inextricably Part of Identity, Writ Large Narrowly, Identity Management Speaks to the Life-Cycle Milestones, Data and Processes For Records Related to Individual User Accounts on ICT Systems. Requirements & Constraints for ID Systems Differ Depending Upon the Context: The Types of Users Identified (vendor, customer, citizen, friend, congregant, whistleblower, etc), the Types of Transactions, Applicable Law and Custom, etc. Agreed International Identity Infrastructures are Needed to Allow and Protect Interoperability, Integrity, Individuals
2 Three Clarifying Questions (and one key comment) 1. What is Authentication and Authorization? (Proving ID & What You Can Do With It) 2. What is Identity? (Who we authenticate - complex, evolving with blurred boundaries) 3. What is Identity Management in the Context of this OECD Workshop? * The OECD Privacy Guidelines Structured Thinking and Propelled Good Policy for Decades – An International Identity Bill of Rights is Needed Now, to Safeguard Identity Autonomy, And Create a Global Infrastructure for the Interoperability and Integrity of Identity and Authentication in All Sectors Old Concepts of Self: Names are “Significant” and the Power to Name is the Power to Control Biblical names • In the Old Testament, the names of individuals are meaningful; for example, Adam is named after the "earth" (Adama) from which he was created. (Genesis 2) • A change of name indicates a change of status. For example, the patriarch "Abram" is renamed "Abraham" before he is blessed with children. His wife, "Sarai" is similarly renamed "Sarah." (Genesis 17) Talmudic attitudes • The Babylonian Talmud maintains that names exert an influence over their bearers: • From where do we know that a name has a causal effect ("shama garim"). Says Rabbi Elazar: the verse says, (Psalms 46:9) "Go see the works of God, who puts desolation (shamot) in the earth." Read not "desolation" but "names" (shemot). (B.T. Berachot 7b) • Furthermore, a change of name is one of four actions that can avert an evil heavenly decree. (B.T. Rosh Hashana 16b) • Commentators differ as to whether this influence is metaphysical - a connection between name and essence - or psychological. (See Meiri, Ritva to B.T. Rosh Hashana 16b) • Talmudic sage, Rabbi Meir, would infer a person's nature from his or her name. The Talmud also states that all those who descend to Gehennom will rise, except for three, including he who calls another by a derisive nickname. (B.T. Yoma 83b; J.T. Rosh Hashana 3:9; B.T. Yoma 38a; B.T. Bava Metzia 58a) • From Wikipedia Article on Names
3 From Economic Modeling and Risk Management in Public Key Infra-- strutuctures, available at: http://www.masse.org/rsa97/ index.html Core Identity Vs. Non-Core Identity Data Three Models of Identity Management Systems 1. Centralized Ownership and Decision Making a) The people identified are not in charge of their identity within this system b) The system adheres based upon command and control from the center c) Nearly all X.500, LDAP, X.509 and other directory related identity management systems fall under this category. 2. Federated Ownership and Decision Making a) The people identified are typically not in charge of their identity within this system, 3. Individual Ownership and Decision Making The Pretty Good Privacy application is a good example of this model, allowing individual users to trade
4 Three Trust Models 1. Authority Based (agreement is based upon legal obligations sourcing from public law) a) National Identity Card or National Passport, whereby a nation-state requires a particular approach according under the authority of national law. b) Public Benefits programs (welfare) whereby the government identifies eligible recipients of a privilege according to enabling legislation, granting legal authority to that agency for such purposes. 2. Power Based (agreement is either based on adhesion or coercion) a) Large buyer topping a supply chain dictates the authentication and identity management used for systems feeding into its eProcurement application. b) Large industry player dictates standards and practices required to interoperate with it’s systems or applications (however, note that even Microsoft was unable to leverage it’s considerable market power to build Passport into an accepted standard). c) Employer with large workforce may, of course, require use of on or more particular Identity Management solutions as a condition of employment (e.g. “We use Acme HR System here”). 3. Agreement Based (agreement is based on free choice among equals) a) Federated systems, whereby the participating organizations agree to play be common standards and practices. b) Systems based upon individual agreement to participate (web of trust, etc). Three Organizational Models 1. Funnel (Usually comprised of a single enterprise, perhaps containing many subordinate organizations, Taking all-comers and homogenizing them into a prescribed, assimilated amalgam, from many creating one, “Self to self”). 2. Flock (Clusters of Participating Organizations, Opt-In/Scalable, Common Standards Connecting Heterogeneous Systems, “Open but Bounded”, “Friend to Friend”). Liberty Alliance based federations are examples of these clusters, as are the few organizations that have attempted to “cross-certify” using PKI. 3. Fractal (Assertion-Based, No Prior Agreement Between Parties Needed, Permits Compex/Emergent Networks of Relationship, “Stranger-to- Stranger”)[PGP, E-Mail]. [Note: MySpace and eBay type systems, while permitting serendipitous encounters among people, are not examples of this because each party has already opted to comply with an agreement (terms of service, terms and conditions, user contract, etc) and operate within a constrained artificial market created to contain, structure and enable certain types of activities – they are not “free range” systems, such as e-mail on the Internet or spontaneous agreement to exchange PGP keys or E-mail addresses – both forms of identity – between potentially any parties.]
5 Three Technical Architectures 1. CDLIS/Real ID “Pointer-System” a) Central Pointer File, containing subset of key “disambiguating” information, comprised of records for each identified user b) Each mini-record in the central file contains a “pointer” to the then current database where the entire record can be found. c) The pointer information is updated, as the user record migrates from one to another backend databases (representing a move of the user from one jurisdiction to another) d) The full record pointed to from a central file and residing in a local database is under the ownership and control of the local organization. 2. Probabilistic or Heuristic Systems a) Based on scoring confidence a given user in fact has a given identity, and that the various partial element of identity in fact combine to a particular individual user. b) May be based on complex algorithms, contextually weighting information of various types or sources, following contingent or decision trees, and leveraging simple inference or fuzzy logic. c) Frequently includes query and response with user, posing various questions, using knowledge-based- authentication, and checking responses against a variety of backend or linked systems. 3. Credential Service Provider and Multiple Relying Party Systems a) An authentication credential (replete with and sometimes merged into the identity information for the subject identified in the credential) is issued by a Credential Service Provider (CSP) to each end-user. b) The token may be hardware, software or another approach. An X.509 certificate is a good example of such a token. A SAML assertion can also serve as such a credential. Of course, a username, physical token or other data, software or thing may serve equally. c) The end-user, upon seeking authentication by a participating party, presents their credential and that party then validates the token by reference to the CSP or an outsourced repository of the CSP, and upon satisfactory confirmation may then reply upon the credential and the identity of the end-user. The context within which the end-users identity exists in one such system may, however, be quite different in another, hence affecting assumptions about authority or role from system to system. Three Contexts of Identity 1. Digital Identity (Username, IP/MAC, E- Mail Address) 2. Physical Identity (Passport, Driver License, Club Card) 3. Dual Identity (RFID exemplar of “Converged Identity”, HSPD-12, MIT ID applications – Real ID?)
6 Architecture of a Safe House for Identity Protection An International Information Infrastructure for Integrity and Interoperability of Internet Identities (i7)(i5), creating in effect a "white-list" or “Safe Zone” to prevent spam and Identity Theft and unlawful tracking or other information sharing and abuse. In essence, every participating country or organization agrees to certain rules by contract (Operating Rules). The agreement include a commitment to operate or outsource a help-desk for how-to and complaints and commencing dispute resolution (from ID Theft, to tech problems to complaints about the stewards of the identity system). Cluster of Rights and Duties Under Concept of Identity Autonomy Includes: - Right to “Not Carry” (anonymity, absent particular non-trivial act) - Right to Ombuds Attention and Follow Through and Public Reporting - Right to Reclaim Identity and Start Anew (like bankruptcy) - Right to Multiple Disposable Pseudonyms - Right to Encryption of Personal Data - Responsible for Reporting Suspected Compromise ASAP - Responsible for Costs and Liability up to a Ceiling (e.g. Reg E, Reg Z) - Responsible for Using Identity(ies) Without Intent to Deceive or Defraud Identity Management Control Panel for Each Individual Made Possible by an Agreed International Guideline on Identity Autonomy - Including “Relationship Management” Panel for Other Individuals or Organizations - Including “Consent Assertion Markup Language” Management Panel - Including Logs and Alerts for Prior and Pending Requests, Wizard for Future - Including Location-Aware, Presence-Aware, Context- Sensitive Privacy/Access Filters for Tracking - Link to Static Government Identity When Needed by User or for Lawful Demand, Never Otherwise. - Provisioning of Pseudonyms on Real-Time, Disposable Basis and Real Time Swap-Out of Compromised Authentication or Even Identity
7 Alternative Title: P/I+U=N or Does the “I” In Identity and the “U” in User Equal the “Person” in Personalization? Solving for “N” in Name Contact Information For More Information: http://ecitizen.mit.edu http://www.civics.com dazza@media.mit.edu 650-504-5474 Daniel J. Greenwood, Esq. Lecturer, Media Lab, MIT Director, MIT E-Commerce Architecture Program Principal, CIVICS.com

Recommended

Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCI
Kaliya "Identity Woman" Young
 
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
ijtsrd
 
Privacy Preservation And Data Security In Location Based Services
Privacy Preservation And Data Security In Location Based ServicesPrivacy Preservation And Data Security In Location Based Services
Privacy Preservation And Data Security In Location Based Services
EditorJST
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018
Kaliya "Identity Woman" Young
 
GDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationGDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and Evaluation
Steven Meister
 
My Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessMy Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and Openness
Kaliya "Identity Woman" Young
 
History of Identity in Computers
History of Identity in ComputersHistory of Identity in Computers
History of Identity in Computers
Kaliya "Identity Woman" Young
 
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationInsight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Kaliya "Identity Woman" Young
 

Recommended

Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCI
Kaliya "Identity Woman" Young
 
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
ijtsrd
 
Privacy Preservation And Data Security In Location Based Services
Privacy Preservation And Data Security In Location Based ServicesPrivacy Preservation And Data Security In Location Based Services
Privacy Preservation And Data Security In Location Based Services
EditorJST
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018
Kaliya "Identity Woman" Young
 
GDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationGDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and Evaluation
Steven Meister
 
My Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessMy Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and Openness
Kaliya "Identity Woman" Young
 
History of Identity in Computers
History of Identity in ComputersHistory of Identity in Computers
History of Identity in Computers
Kaliya "Identity Woman" Young
 
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationInsight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Kaliya "Identity Woman" Young
 
Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper
Mike Nejad
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016
Kaliya "Identity Woman" Young
 
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET Journal
 
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward SecurityCost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
1crore projects
 
Domains of Identity
Domains of IdentityDomains of Identity
Domains of Identity
Kaliya "Identity Woman" Young
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age
Cartesian (formerly CSMG)
 
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ... COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
IJCSIS Research Publications
 
Blockchain v Cryptocurrency: Talk for BridgeSF
Blockchain v Cryptocurrency: Talk for BridgeSF Blockchain v Cryptocurrency: Talk for BridgeSF
Blockchain v Cryptocurrency: Talk for BridgeSF
Kaliya "Identity Woman" Young
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modi
Mohit Modi
 
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
kcortis
 
My DocSafe white paper 1
My DocSafe white paper 1My DocSafe white paper 1
My DocSafe white paper 1
danielstachowiak
 
Personal Data Store Project
Personal Data Store ProjectPersonal Data Store Project
Personal Data Store Project
Kaliya "Identity Woman" Young
 
Blockchain: it's much more than Bitcoin
Blockchain: it's much more than BitcoinBlockchain: it's much more than Bitcoin
Blockchain: it's much more than Bitcoin
Kuba Tymula
 
KYC using Blockchain
KYC using BlockchainKYC using Blockchain
KYC using Blockchain
ijtsrd
 
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, MicrosoftBlockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
bernardgolden
 
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
cscpconf
 
Cryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David JuddCryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David Judd
eraser Juan José Calderón
 
Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?
Nicole Black
 
Blockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation InternetBlockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation Internet
John Domingue
 
Nist.ir.8202
Nist.ir.8202Nist.ir.8202
Nist.ir.8202
IT Strategy Group
 
Tbilisi Conference 1977
Tbilisi Conference 1977Tbilisi Conference 1977
Tbilisi Conference 1977
erinnvw
 
Enzyme part 1
Enzyme part 1Enzyme part 1
Enzyme part 1
Sulaimani Biochemistry
 

More Related Content

What's hot

Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward SecurityCost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
1crore projects
 
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ... COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
IJCSIS Research Publications
 
KYC using Blockchain
KYC using BlockchainKYC using Blockchain
KYC using Blockchain
ijtsrd
 
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
cscpconf
 
Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?
Nicole Black
 

What's hot (20)

Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016
 
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
 
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward SecurityCost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
 
Domains of Identity
Domains of IdentityDomains of Identity
Domains of Identity
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age
 
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ... COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
 
Blockchain v Cryptocurrency: Talk for BridgeSF
Blockchain v Cryptocurrency: Talk for BridgeSF Blockchain v Cryptocurrency: Talk for BridgeSF
Blockchain v Cryptocurrency: Talk for BridgeSF
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modi
 
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
 
My DocSafe white paper 1
My DocSafe white paper 1My DocSafe white paper 1
My DocSafe white paper 1
 
Personal Data Store Project
Personal Data Store ProjectPersonal Data Store Project
Personal Data Store Project
 
Blockchain: it's much more than Bitcoin
Blockchain: it's much more than BitcoinBlockchain: it's much more than Bitcoin
Blockchain: it's much more than Bitcoin
 
KYC using Blockchain
KYC using BlockchainKYC using Blockchain
KYC using Blockchain
 
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, MicrosoftBlockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
 
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
 
Cryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David JuddCryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David Judd
 
Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?
 
Blockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation InternetBlockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation Internet
 
Nist.ir.8202
Nist.ir.8202Nist.ir.8202
Nist.ir.8202
 

Viewers also liked

101102 fresno local briefing power point
101102 fresno local briefing power point101102 fresno local briefing power point
101102 fresno local briefing power point
PreschoolCalifornia
 
conceptkrafters
conceptkraftersconceptkrafters
conceptkrafters
true1578
 

Viewers also liked (9)

Tbilisi Conference 1977
Tbilisi Conference 1977Tbilisi Conference 1977
Tbilisi Conference 1977
 
Enzyme part 1
Enzyme part 1Enzyme part 1
Enzyme part 1
 
There's no room for my hat
There's no room for my hatThere's no room for my hat
There's no room for my hat
 
101102 fresno local briefing power point
101102 fresno local briefing power point101102 fresno local briefing power point
101102 fresno local briefing power point
 
Collab.email
Collab.emailCollab.email
Collab.email
 
Are branded apps dead?
Are branded apps dead?Are branded apps dead?
Are branded apps dead?
 
Uu 5 tahun 2009
Uu 5 tahun 2009Uu 5 tahun 2009
Uu 5 tahun 2009
 
conceptkrafters
conceptkraftersconceptkrafters
conceptkrafters
 
Jne phils. inc. (plating company) company profile 번역
Jne phils. inc. (plating company) company profile 번역Jne phils. inc. (plating company) company profile 번역
Jne phils. inc. (plating company) company profile 번역
 

Similar to Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway

Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
IAEME Publication
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
IAEME Publication
 
An approach to revoke blacklisted anonymous credential users through ttp
An approach to revoke blacklisted anonymous credential users through ttpAn approach to revoke blacklisted anonymous credential users through ttp
An approach to revoke blacklisted anonymous credential users through ttp
IAEME Publication
 
Identical Users in Different Social Media Provides Uniform Network Structure ...
Identical Users in Different Social Media Provides Uniform Network Structure ...Identical Users in Different Social Media Provides Uniform Network Structure ...
Identical Users in Different Social Media Provides Uniform Network Structure ...
IJMTST Journal
 
blockchain ppt for research puropse in the university
blockchain ppt for research puropse in the universityblockchain ppt for research puropse in the university
blockchain ppt for research puropse in the university
gugan7097
 
Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...
Shruti Sk S K
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
IJNSA Journal
 
Mi health care - multi-tenant health care system
Mi health care - multi-tenant health care systemMi health care - multi-tenant health care system
Mi health care - multi-tenant health care system
Conference Papers
 
Secure system based on recombined fingerprints for sharing multimedia files i...
Secure system based on recombined fingerprints for sharing multimedia files i...Secure system based on recombined fingerprints for sharing multimedia files i...
Secure system based on recombined fingerprints for sharing multimedia files i...
eSAT Journals
 

Similar to Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway (20)

A system for distributed minting and management of persistent identifiers
A system for distributed minting and management of persistent identifiersA system for distributed minting and management of persistent identifiers
A system for distributed minting and management of persistent identifiers
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
 
Data Security And The Security
Data Security And The SecurityData Security And The Security
Data Security And The Security
 
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
 
Uport a blockchain platform for self-sovereign identity
Uport a blockchain platform for self-sovereign identityUport a blockchain platform for self-sovereign identity
Uport a blockchain platform for self-sovereign identity
 
Block chain explained
Block chain explainedBlock chain explained
Block chain explained
 
An approach to revoke blacklisted anonymous credential users through ttp
An approach to revoke blacklisted anonymous credential users through ttpAn approach to revoke blacklisted anonymous credential users through ttp
An approach to revoke blacklisted anonymous credential users through ttp
 
Identical Users in Different Social Media Provides Uniform Network Structure ...
Identical Users in Different Social Media Provides Uniform Network Structure ...Identical Users in Different Social Media Provides Uniform Network Structure ...
Identical Users in Different Social Media Provides Uniform Network Structure ...
 
blockchain ppt for research puropse in the university
blockchain ppt for research puropse in the universityblockchain ppt for research puropse in the university
blockchain ppt for research puropse in the university
 
IRJET- A Decentralized Voting Application using Blockchain Technology
IRJET- A Decentralized Voting Application using Blockchain TechnologyIRJET- A Decentralized Voting Application using Blockchain Technology
IRJET- A Decentralized Voting Application using Blockchain Technology
 
Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...
 
Blockchain
BlockchainBlockchain
Blockchain
 
Privacy preserving
Privacy preservingPrivacy preserving
Privacy preserving
 
Blockchain in Healthcare
Blockchain in HealthcareBlockchain in Healthcare
Blockchain in Healthcare
 
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
 
Mi health care - multi-tenant health care system
Mi health care - multi-tenant health care systemMi health care - multi-tenant health care system
Mi health care - multi-tenant health care system
 
Blockchain 101 - Blockchain Explained
Blockchain 101 - Blockchain ExplainedBlockchain 101 - Blockchain Explained
Blockchain 101 - Blockchain Explained
 
Secure system based on recombined fingerprints for sharing multimedia files i...
Secure system based on recombined fingerprints for sharing multimedia files i...Secure system based on recombined fingerprints for sharing multimedia files i...
Secure system based on recombined fingerprints for sharing multimedia files i...
 

Recently uploaded

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway

  • 1. 1 May 7/8; Trondheim, Norway Context, Terms, Models and Options for Digital Identity Management Daniel “Dazza” Greenwood Lecturer, Massachusetts Institute of Technology Director, MIT eCommerce Architecture Program Principal, CIVICS.com http://ecitizen.mit.edu http://www.civics.com dazza@media.mit.edu Presented at the OECD Workshop on Digital Identity Management In Cooperation With the Norwegian Ministry of Education & Research and Ministry of Government Administration & Reform Global Identity Management Daz Greenwood: www.CIVICS.com Digital Identity is Inextricably Part of Identity, Writ Large Narrowly, Identity Management Speaks to the Life-Cycle Milestones, Data and Processes For Records Related to Individual User Accounts on ICT Systems. Requirements & Constraints for ID Systems Differ Depending Upon the Context: The Types of Users Identified (vendor, customer, citizen, friend, congregant, whistleblower, etc), the Types of Transactions, Applicable Law and Custom, etc. Agreed International Identity Infrastructures are Needed to Allow and Protect Interoperability, Integrity, Individuals
  • 2. 2 Three Clarifying Questions (and one key comment) 1. What is Authentication and Authorization? (Proving ID & What You Can Do With It) 2. What is Identity? (Who we authenticate - complex, evolving with blurred boundaries) 3. What is Identity Management in the Context of this OECD Workshop? * The OECD Privacy Guidelines Structured Thinking and Propelled Good Policy for Decades – An International Identity Bill of Rights is Needed Now, to Safeguard Identity Autonomy, And Create a Global Infrastructure for the Interoperability and Integrity of Identity and Authentication in All Sectors Old Concepts of Self: Names are “Significant” and the Power to Name is the Power to Control Biblical names • In the Old Testament, the names of individuals are meaningful; for example, Adam is named after the "earth" (Adama) from which he was created. (Genesis 2) • A change of name indicates a change of status. For example, the patriarch "Abram" is renamed "Abraham" before he is blessed with children. His wife, "Sarai" is similarly renamed "Sarah." (Genesis 17) Talmudic attitudes • The Babylonian Talmud maintains that names exert an influence over their bearers: • From where do we know that a name has a causal effect ("shama garim"). Says Rabbi Elazar: the verse says, (Psalms 46:9) "Go see the works of God, who puts desolation (shamot) in the earth." Read not "desolation" but "names" (shemot). (B.T. Berachot 7b) • Furthermore, a change of name is one of four actions that can avert an evil heavenly decree. (B.T. Rosh Hashana 16b) • Commentators differ as to whether this influence is metaphysical - a connection between name and essence - or psychological. (See Meiri, Ritva to B.T. Rosh Hashana 16b) • Talmudic sage, Rabbi Meir, would infer a person's nature from his or her name. The Talmud also states that all those who descend to Gehennom will rise, except for three, including he who calls another by a derisive nickname. (B.T. Yoma 83b; J.T. Rosh Hashana 3:9; B.T. Yoma 38a; B.T. Bava Metzia 58a) • From Wikipedia Article on Names
  • 3. 3 From Economic Modeling and Risk Management in Public Key Infra-- strutuctures, available at: http://www.masse.org/rsa97/ index.html Core Identity Vs. Non-Core Identity Data Three Models of Identity Management Systems 1. Centralized Ownership and Decision Making a) The people identified are not in charge of their identity within this system b) The system adheres based upon command and control from the center c) Nearly all X.500, LDAP, X.509 and other directory related identity management systems fall under this category. 2. Federated Ownership and Decision Making a) The people identified are typically not in charge of their identity within this system, 3. Individual Ownership and Decision Making The Pretty Good Privacy application is a good example of this model, allowing individual users to trade
  • 4. 4 Three Trust Models 1. Authority Based (agreement is based upon legal obligations sourcing from public law) a) National Identity Card or National Passport, whereby a nation-state requires a particular approach according under the authority of national law. b) Public Benefits programs (welfare) whereby the government identifies eligible recipients of a privilege according to enabling legislation, granting legal authority to that agency for such purposes. 2. Power Based (agreement is either based on adhesion or coercion) a) Large buyer topping a supply chain dictates the authentication and identity management used for systems feeding into its eProcurement application. b) Large industry player dictates standards and practices required to interoperate with it’s systems or applications (however, note that even Microsoft was unable to leverage it’s considerable market power to build Passport into an accepted standard). c) Employer with large workforce may, of course, require use of on or more particular Identity Management solutions as a condition of employment (e.g. “We use Acme HR System here”). 3. Agreement Based (agreement is based on free choice among equals) a) Federated systems, whereby the participating organizations agree to play be common standards and practices. b) Systems based upon individual agreement to participate (web of trust, etc). Three Organizational Models 1. Funnel (Usually comprised of a single enterprise, perhaps containing many subordinate organizations, Taking all-comers and homogenizing them into a prescribed, assimilated amalgam, from many creating one, “Self to self”). 2. Flock (Clusters of Participating Organizations, Opt-In/Scalable, Common Standards Connecting Heterogeneous Systems, “Open but Bounded”, “Friend to Friend”). Liberty Alliance based federations are examples of these clusters, as are the few organizations that have attempted to “cross-certify” using PKI. 3. Fractal (Assertion-Based, No Prior Agreement Between Parties Needed, Permits Compex/Emergent Networks of Relationship, “Stranger-to- Stranger”)[PGP, E-Mail]. [Note: MySpace and eBay type systems, while permitting serendipitous encounters among people, are not examples of this because each party has already opted to comply with an agreement (terms of service, terms and conditions, user contract, etc) and operate within a constrained artificial market created to contain, structure and enable certain types of activities – they are not “free range” systems, such as e-mail on the Internet or spontaneous agreement to exchange PGP keys or E-mail addresses – both forms of identity – between potentially any parties.]
  • 5. 5 Three Technical Architectures 1. CDLIS/Real ID “Pointer-System” a) Central Pointer File, containing subset of key “disambiguating” information, comprised of records for each identified user b) Each mini-record in the central file contains a “pointer” to the then current database where the entire record can be found. c) The pointer information is updated, as the user record migrates from one to another backend databases (representing a move of the user from one jurisdiction to another) d) The full record pointed to from a central file and residing in a local database is under the ownership and control of the local organization. 2. Probabilistic or Heuristic Systems a) Based on scoring confidence a given user in fact has a given identity, and that the various partial element of identity in fact combine to a particular individual user. b) May be based on complex algorithms, contextually weighting information of various types or sources, following contingent or decision trees, and leveraging simple inference or fuzzy logic. c) Frequently includes query and response with user, posing various questions, using knowledge-based- authentication, and checking responses against a variety of backend or linked systems. 3. Credential Service Provider and Multiple Relying Party Systems a) An authentication credential (replete with and sometimes merged into the identity information for the subject identified in the credential) is issued by a Credential Service Provider (CSP) to each end-user. b) The token may be hardware, software or another approach. An X.509 certificate is a good example of such a token. A SAML assertion can also serve as such a credential. Of course, a username, physical token or other data, software or thing may serve equally. c) The end-user, upon seeking authentication by a participating party, presents their credential and that party then validates the token by reference to the CSP or an outsourced repository of the CSP, and upon satisfactory confirmation may then reply upon the credential and the identity of the end-user. The context within which the end-users identity exists in one such system may, however, be quite different in another, hence affecting assumptions about authority or role from system to system. Three Contexts of Identity 1. Digital Identity (Username, IP/MAC, E- Mail Address) 2. Physical Identity (Passport, Driver License, Club Card) 3. Dual Identity (RFID exemplar of “Converged Identity”, HSPD-12, MIT ID applications – Real ID?)
  • 6. 6 Architecture of a Safe House for Identity Protection An International Information Infrastructure for Integrity and Interoperability of Internet Identities (i7)(i5), creating in effect a "white-list" or “Safe Zone” to prevent spam and Identity Theft and unlawful tracking or other information sharing and abuse. In essence, every participating country or organization agrees to certain rules by contract (Operating Rules). The agreement include a commitment to operate or outsource a help-desk for how-to and complaints and commencing dispute resolution (from ID Theft, to tech problems to complaints about the stewards of the identity system). Cluster of Rights and Duties Under Concept of Identity Autonomy Includes: - Right to “Not Carry” (anonymity, absent particular non-trivial act) - Right to Ombuds Attention and Follow Through and Public Reporting - Right to Reclaim Identity and Start Anew (like bankruptcy) - Right to Multiple Disposable Pseudonyms - Right to Encryption of Personal Data - Responsible for Reporting Suspected Compromise ASAP - Responsible for Costs and Liability up to a Ceiling (e.g. Reg E, Reg Z) - Responsible for Using Identity(ies) Without Intent to Deceive or Defraud Identity Management Control Panel for Each Individual Made Possible by an Agreed International Guideline on Identity Autonomy - Including “Relationship Management” Panel for Other Individuals or Organizations - Including “Consent Assertion Markup Language” Management Panel - Including Logs and Alerts for Prior and Pending Requests, Wizard for Future - Including Location-Aware, Presence-Aware, Context- Sensitive Privacy/Access Filters for Tracking - Link to Static Government Identity When Needed by User or for Lawful Demand, Never Otherwise. - Provisioning of Pseudonyms on Real-Time, Disposable Basis and Real Time Swap-Out of Compromised Authentication or Even Identity
  • 7. 7 Alternative Title: P/I+U=N or Does the “I” In Identity and the “U” in User Equal the “Person” in Personalization? Solving for “N” in Name Contact Information For More Information: http://ecitizen.mit.edu http://www.civics.com dazza@media.mit.edu 650-504-5474 Daniel J. Greenwood, Esq. Lecturer, Media Lab, MIT Director, MIT E-Commerce Architecture Program Principal, CIVICS.com