Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Identity 101: Boot Camp for Identity North 2016

2,008 views

Published on

This presentation was presented as the pre-opening talk at Identity North 2016 in Toronto. It covers the big question - What is Identity? Key Concepts and Terms. Contextualizing Identity for Enterprise, Government and in the Commons.

Published in: Technology
  • Be the first to comment

Identity 101: Boot Camp for Identity North 2016

  1. 1. Identity 101 Boot Camp Identity North June 15th, 2016 Toronto Kaliya “Identity Woman”
  2. 2. Internet Identity Workshop Co-Founded in 2005 Born in Vancouver Played Water Polo UC Berkeley Planetwork Identity Commons Identity Gang Canada Founded in 2010 ECOSYSTEM CONSORTIUM PERSONAL DATA Today Independent Identity Consulting Who is
  3. 3. 1. Big Picture - What is Identity? 2. Digital Identity - Key Terms 3. ID in Context of Society Enterprise, Government, Commons 4. User-Centric/Self-Sovereign Identity 5. Spectrum of Identity 6. Big Picture - ID Resources 7. Questions and Answers Outline
  4. 4. Identity is socially constructed and contextual.
  5. 5. Who I am Who I present myself to be How I am seen In a given context
  6. 6. Contexts Roles (Persona) Family Parent, Child Brother, Sister Religious Life Hobbies Professional Work Congregant Religious Leader Creator, Maker Teacher Employee, Employer Contractor Professionally Licensed
  7. 7. Atoms Bits Easy to move physically between contexts. To Present Different Selves Movement Between Different Contexts Requires Different Non-Correlated Identifiers
  8. 8. Persona 1 Persona 2 Context 1 Context 2
  9. 9. Persona 1 Persona 2 Context
  10. 10. Context 1 Context 2 Persona
  11. 11. Understanding Key Digital Identity Terms Enrollment Proofing/Verification Attributes/Claims Identifiers - Directed, End-Points Credentials Authentication - AuthN Multi-Factor Authentication - MFA Authorization - AuthZ
  12. 12. Enrollment Technology Thing Process Policy Procedures & Enrollment: The processes that an institution/ organization uses to ‘onboard”and create an identity for a particular individual. Enrollment —> Credential Issuance
  13. 13. Proofing / Verification Triangulation Identity Proofing or Verification: The processes used to check the veracity of identity claims about a person. This is often done in an enrollment process.
  14. 14. Attributes Claims Attributes and Claims can be both self asserted by a person or ascribed to a person by an institution. Identifier Identifies are pointers at people. Within institutional or network systems these are often numbers that point particular people.
  15. 15. Identifiers Claims Single String Pairs Identifiers link things together and enable correlation. They can be endpoints on the internet. A claim is by one party about another or itself. It does not have to be linked to an identifier. Proving you are over 18 for example and not giving your real name.
  16. 16. Directed Identifier These is a types of identifies enable individuals to use different identifiers for different contexts. The BC Citizen Services card is “one card” but when one uses it in a Healthcare content it has a different identifier then when used within the context of a drivers license. So the identifier is “directed” and only used in one context.
  17. 17. Network End-Point Identifier Identifiers that are also Network End-Points include Phone numbers e-mail addresses Authentication can be performed with the end-point. That is you can prove you are in position of the end- point with a challenge - such as a being sent code to a phone and then entering it into the site asking to confirm that you are in control of it.
  18. 18. Authentication AuthN What you Know (A Password, OneTime Password) What you Have (A Credential) What you Are (Biometric) Emerging: What you Do (Behavior)
  19. 19. Multi-Factor Authentication MFA What you Have (a bank card) and What you know (The PIN #) What you Know (Password and What you Are (A Biometric shared at Enrollment) Using more then one form of Authentication.
  20. 20. Authorization AuthZ This is very different then Authentication which is just checking that an individual is the same one who presented themselves with the credentials before. What are you permitted (authorized) to do in a system?
  21. 21. Enterprise Mountains ID in Context of Society
  22. 22. Employers Have Employees Enterprise Identity Enterprise Single Sign On Provisioning Authentication - AuthN [Power Relationship]
  23. 23. Employers Have Employees Contractors Business Partners Enterprise Identity
  24. 24. Provisioning Termination Enterprise Identity Access Control Authorization - AuthZ Roles Attributes Authentication - AuthN
  25. 25. Enterprise Identity Customers Enrollment Claims/Attributes But its Different……. More on that later
  26. 26. Enterprise Mountains Government FootHills
  27. 27. Civic Records Citizen Identity Birth Death Marriage Divorce Parent Drivers License Voting Other Licensing Health Care Social Insurance Taxation
  28. 28. Citizen Identity The power relationship between the citizen / subject and government entities is NOT the same as the power relationship between the employer and their employee. The systems used for enterprise identity management CAN NOT be picked up and plopped down on citizen <—> government identity management contexts. It has to work differently. Enterprise provisioning and termination is clearly not the same as the government issuance of a birth certificate and death certificate.
  29. 29. Enterprise Mountains Government FootHills Valley of the Commons
  30. 30. Big Co. Web 1.0 Web 2.0 User-Centric Identity Self-Sovereign Identity Valley of the Commons
  31. 31. User-Centric / Self-Sovereign Identity
  32. 32. The Identity Dog Represents 2 things: * Freedom to be who you want to be * Freedom to share more specific info about yourself that is validated User-Centric / Self-Sovereign Identity
  33. 33. User-Centric / Self-Sovereign Identity
  34. 34. Freedom to Aggregate User-Centric / Self-Sovereign Identity
  35. 35. X Freedom to Disaggregate User-Centric / Self-Sovereign Identity
  36. 36. X User-Centric / Self-Sovereign Identity We are not all “vanilla”
  37. 37. Why James Chartrand 
 Wears Women’s Underpants http://www.copyblogger.com/james-chartrand-underpants/
  38. 38. Custodianship? http://www.flickr.com/photos/seektan/2582803300/sizes/z/in/photostream/ Children Elders
  39. 39. Custodianship? FAMILIES
  40. 40. Custodianship? http://www.flickr.com/photos/jeanlouis_zimmermann/8752148306/sizes/o/in/photostream/
  41. 41. How do people “get” User Centric Digital Identity today? Google profiles Yahoo! profiles Facebook LinkedIn Hack it together with handles from web mail providers or on a service like Twitter Challenge with e-mail addresses as identities the communications token is the “ID” User-Centric / Self-Sovereign Identity
  42. 42. What are our rights in these commercial spaces governed by Terms of Service? How are we “citizens” in private space? In physical life we have protection of our physical self - people will be prosecuted for harming us. What is the equivalent in online spaces? Freedom to not be “erased” under TOS User-Centric / Self-Sovereign Identity
  43. 43. Identifier side: Own their own domain name. Have a blog? Run an openID server? Claims based side: Almost impossible. Little relying party adoption (Places where 3rd party or self generated claims will be accepted) Little client side app adoption How do people “get” User Centric Digtial Identity? User-Centric / Self-Sovereign Identity
  44. 44. Identifier side: Claims based side: Emerging Today: How do people “get” Self-Sovereign Digital Identity today? User-Centric / Self-Sovereign Identity Proposed: Distributed IDentity -> DID Distributed Ledger Technology Emerging Networks for their Exchange ID/DataWeb W3C: Verified Claims Working Group Personal Data Banks / Stores / Vaults / etc….
  45. 45. What is the context for people gathering? “We’re trying to build a social layer for everything.” - Mark Zuckerburg User-Centric / Self-Sovereign Identity
  46. 46. Freedom to Peer-to-Peer Link Freedom to determine how the link is seen by others User-Centric / Self-Sovereign Identity
  47. 47. Freedom to group and cluster outside commercial silos & business contexts. Freedom of Movement and Assembly User-Centric / Self-Sovereign Identity
  48. 48. •Freedom to Aggregate •Freedom to Disaggregate •Freedom to not be “erased” under TOS •Freedom of Movement and Assembly •Freedom to Peer-to-Peer link & the Freedom to determine if the link is seen by others •Custodianship is Possible User Centric Digital Identity is the: User-Centric / Self-Sovereign Identity
  49. 49. Isn’t just a technical problem TECHNOLOGY LEGAL SOCIAL BUSINESS? User-Centric / Self-Sovereign Identity
  50. 50. Why have we have yet to succeed? It is a REALLY hard problem set to solve for, User Centric Digital Identity that is: 1. open standards based 2. the scale of the internet + other digital systems 3. that people find usable 4. that they understand 5. that is secure 6. it requires emergence of new social behavior 7. and changes business models & norms User-Centric / Self-Sovereign Identity
  51. 51. Why have we have yet to succeed? It is a REALLY hard problem set to solve for, User Centric Digital Identity that is: 1. open standards based 2. the scale of the internet + other digital systems 3. that people find usable 4. that they understand 5. that is secure 6. it requires emergence of new social behavior 7. and changes business models & norms User-Centric / Self-Sovereign Identity CAUSE IT IS REALLY HARD…
  52. 52. We are still working on making the vision real The Internet Identity Workshop Continues & New Efforts that Complement * Rebooting Web of Trust * Personal Data Ecosystem * Re-Decentralize * Personal Data 2016 … Many protocols emerging - OpenID, OAuth, SCIM, Frameworks To Believe Veracity Exchange of Attributes and Identifiers User-Centric / Self-Sovereign Identity
  53. 53. Enterprise Mountains Government FootHills Valley of the Commons
  54. 54. ? Anonymous ? ? ? ? Per-Post Per-Session Anonymous
  55. 55. ? Anonymous ✓ Verified ✓ ✓ ✓ Verified ✓ ✓✓ Documentation In Person
 Verification Biometric Capture
  56. 56. ? Anonymous One Site Multi-Site Self-Asserted VerifiedSocially
 Validated ✓ Pseudonymous
  57. 57. ? Anonymous One Site Multi-Site Self-Asserted Socially
 Validated Verified ✓ Pseudonymous ? ✓ Verified Anonymity
  58. 58. ? Anonymous One Site Multi-Site Self-Asserted Socially
 Validated Verified ✓ Pseudonymous ? ✓ Verified Anonymity Over 18 years Woman Voter
 CA Congressional District 9 Ms.Sue Donna DOB = 1/21/1982 1823 6th Ave. 
 Alameda, CA
  59. 59. ? Anonymous One Site Multi-Site Self-Asserted Socially
 Validated Verified ✓ Pseudonymous
  60. 60. ? Anonymous One Site Multi-Site Self-Asserted Socially
 Validated Verified ✓ Pseudonymous
  61. 61. ? Anonymous One Site Multi-Site Self-Asserted Socially
 Validated Verified ✓ Pseudonymous http://www.identitywoman.net
  62. 62. ? Anonymous One Site Multi-Site Self-Asserted Socially
 Validated Verified ✓ Pseudonymous ✓✓ Limited Liability Persona
  63. 63. Big Picture ID Resources
  64. 64. Identity is social. Identity is subjective. Identity is valuable. Identity is referential. Identity is composite. Identity is consequential. Identity is dynamic. Identity is contextual. Identity is equivocal. OECD Paper At a Crossroads: "Personhood” and the Digital Identity in the Information Society Properties of Identity
  65. 65. 1. User Control and Consent 2. Limited Disclosure for Limited Use 3. The Law of Fewest Parties 4. Directed Identity 5. Pluralism of Operators and Technologies 6. Human Integration 7. Consistent Experience Across Contexts by Kim Cameron - https://www.identityblog.com/?p=354 Laws of Identity
  66. 66. Questions & Answers Conclusion Kaliya “Identity Woman” Young kaliya [at] identitywoman.net

×