Iiw11introtalk

November 2, 2010

INTRODUCTIONby Kaliya Hamlin @identitywoman

Monday, December 6, 2010

Building Identity and Trust into the Next Generation Internet

asn.planetwork.net

Where does my personal inspiration about user-centric digital identity come from?

Who am I?

IDENTITY GANG! formed in 2004

Internet Identity Workshopiiw.idcommons.net

www.internetidentityworkshop.com

We have been meeting together every 6 months since the fall of 2005. The Internet Identity Workshop is the work group of Identity Commons an industry consortia & community linking many efforts focused on a people centric identity layer of the net. The Workshop provides open forum for both the big guys and the small fry to come together in a safe and balanced space. It is not about any one technology - rather it is a place to discuss multiple interoperating (and possible competing) projects, standards, and networks for identity, data sharing, and reputation.

IIW is Co-Produced by Phil Windley (@windley),Kaliya Hamlin (@identitywoman) & Doc Searls (dsearls) IIWX is being co-facilitated by Kaliya Hamlin and Heidi Nobantu Saul (@nobantu). The Notes Collection Center is being run by Kas Neteler (@kasneteler) and Heidi Nobantu Saul.

2005IOS 1

IOS 3IIW 4

IOS 4RSA

Burton Group

RSA Burton Group

Data Sharing Workshop

OSIS Interop 1

OSIS Interop 2

Face 2 Face Meetings

RSABurton Group

Burton Group

RSABurton Group

IIW 10

IIW 11

Data Sharing Workshop

Data Sharing Summit

OSIS Interop 3

OSIS Interop 4

OSIS Interop5

Face 2 Face Meetings

Broad Base of Participation BIG COMPANY SPONSORSMSFTPingIDSUNFacebookGoogleYahooCiscoPlaxoCommerce NetAdobeBTNovellFacebookAOLPing IdentityPaypal / eBay

NONPROFIT SPONSORSISOCKantara/Liberty AllianceInfo Card FoundationOASIS IDTrustMozillaHiggins ProjectBandit ProjectPlanetworkInternet Society

CORPORATE PARTICIPANTSPaypal Booz Allen Hamilton AppleBurton GroupHewlett PackaredInternational Business MachinesIntuitLexisNexisNippon Telegraph and Telephone CorporationNokia Siemens NetworksNRIOracleOrangeRackspaceRadiant LogicSony EricssonThe MITRE CorporationTucows IncVeriSign, Inc.Vodafone Group R &DAlcatel-LucentAcxiom Identity SolutionsAcxiom ResearchEquifaxLinkedInAmazon

SMALL COMPANYSPONSORSFuGen SolutionsOUNORel-IDPokenVidoopChimpAuthentrusSxipClaimID

IETFW3COASIS

SMALL COMPANY PATICIPANTSÅngströDigg, Inc.PrivoExpensifyFamilySearch.orgFreshBooksGigyaGluuJanrainKynetxNetMesh Inc.ProtivitiSocialtextTriCipher, Inc.Trusted-IDWave SystemsSix Apart

NONPROFIT PARTICIPANTSCenter for Democracy and TechnologyDataPortability ProjectIdM Network NetherlandsOCLCOpen Forum FoundationWorld Economic Forum

UNIVERSITY PARTICIPANTSGoldsmiths, University of LondonNewcastle UniversityStanford University

GOVERNMENT PARTICIPANTSOffice of the Chief Informaiton Office, Province of British Columbia

and more...

Unconference Format

a Shared History

THE Directory Wars of the 90s

SHARED EXPERIENCE in past wars

Passport & Hailstorm

a Shared Context

IDENTITY GANG! formed in 2004

CONTEXT For Shared Vision

Early on the Identity Gang list was a critical forum for community collaboration it is still active here & many of the protocol efforts & foundations that have emerged have their own lists.

http://lists.idcommons.net/lists/info/community

The Identity Gang was probably one of the first technical communities to have a very active community blog life that complemented our mailing list conversations. Doc Searls played a critical role in getting almost all community members to blog in the early days of the community 2004-2005.

There are several aggregated blogs you can go to get a sense of activity in the community.The Classic - www.planetidentity.org/A newer one under development - http://seriouslyidentity.com/

Wiki forums were critical for sharing ideas and common language like the Lexicon

Real Time Web Tools

SEARCH

These are newer mediums for collaboration and information sharing using #hashtags etc. to connect work.

a Shared Language

SHARED LANGUAGE developed in Shared Context

Identity Gang LEXICON (driven by Paul Trevithick)in August 2005

1.Agent2.Claim3.Claimant4.Digital Identity5.Digital Identity Provider 6.Digital Subject

6. Entity7. Identity Attribute8. Identity Context9. Party10. Persona11. Relying Party

http://wiki.idcommons.net/LexiconMonday, December 6, 2010

a Shared Understanding

SHARED UNDERSTANDINGusing shared language

Laws of Identity

Kim Cameron in May 2005

http://www.identityblog.com/stories/2004/12/09/thelaws.htmlMonday, December 6, 2010

Laws of Identity 1.User Control and Consent

2.Minimal Disclosure for a Constrained Use

3.Justifiable Parties

4.Directed Identity

5.Pluralism of Operators and Technologies

6.Human Integration

7.Consistent Experience Across Contexts

Kim Cameron in May 2005

A Bill of Rights for Users of the Social Web September 4, 2007

Authored by Joseph Smarr, Marc Canter, Robert Scoble, and Michael Arrington

Preamble:There are already many who support the ideas laid out in this Bill of Rights, but we are actively seeking to grow the roster of those publicly backing the principles and approaches it outlines. That said, this Bill of Rights is not a document “carved in stone” (or written on paper). It is a blog post, and it is intended to spur conversation and debate, which will naturally lead to tweaks of the language. So, let’s get the dialogue going and get as many of the major stakeholders on board as we can!

A Bill of Rights for Users of the Social WebWe publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:

• Ownership of their own personal information, including:◦ their own profile data◦ the list of people they are connected to◦ the activity stream of content they create;

• Control of whether and how such personal information is shared with others; and• Freedom to grant persistent access to their personal information to trusted external sites.

Sites supporting these rights shall:• Allow their users to syndicate their own profile data, their friends list, and the data that’s shared

with them via the service, using a persistent URL or API token and open data formats;• Allow their users to syndicate their own stream of activity outside the site;• Allow their users to link from their profile pages to external identifiers in a public way; and• Allow their users to discover who else they know is also on their site, using the same external

identifiers made available for lookup within the service.

Properties of Identity OECD Paper At a Crossroads: "Personhood" and the Digital Identity in the Information Society

http://bit.ly/OECDdigitalpersonnoodMonday, December 6, 2010

Properties of Identity 1.Identity is social.2.Identity is subjective.3.Identity is valuable.4.Identity is referential. 5.Identity is composite.

6.Identity is consequential. 7.Identity is dynamic.8.Identity is contextual. 9.Identity is equivocal.

OECD Paper At a Crossroads: "Personhood" and the Digital Identity in the Information Society

The Properties of Identity were articulated by Bob Blakley, Jeff Broberg, Anthony Nadalin, Dale Olds, Mary Ruddy, Mary Rundle, and Paul Trevithick.

Identifiers ClaimsSingle String Pairs

SHARED UNDERSTANDING

Identifiers link things together and enable correlation.

They can be endpoints on the internet.

A claim is by one party about another or itself.

It does not have to be linked to an identifier.

Proving you are over 18 for example and not giving your real name.

Project VRM - 4th Parties

http://bit.ly/VRM4thPartyMonday, December 6, 2010

TECHNOLOGY

SOCIAL BUSINESS?

What is User Centric Digital Identity?

The Identity DogRepresents 2 things:

* Freedom to be who you want to be

* Freedom to share more specific info about yourself that is validated

What is User Centric Digital Identity?

Freedom to Aggregate

Freedom to Disaggregate

XFreedom to Disaggregate

http://www.fullenglishfood.com/?p=799

XWhy does User Centric Digital Identity Matter?

Buddhist in Tennessee

http://wwp.greenwichmeantime.com/time-zone/usa/tennessee/map.htmhttp://religions.iloveindia.com/buddhism.html

Women having the freedom not to present as women.

http://www.copyblogger.com/james-chartrand-underpants/

Why James Chartrand Wears Women’s Underpants

1) Live Journal Friends2) Professional ID3) Feminist Identity

1) Totally Professional on Domain, GMail, LinkedIN2) Social but me on Facebook3) Spiritual under pseudonym on Live Journal

1) Me linked to real name2) Spiritual3) Gaming

Real world examples of women managing different personae from She’s Geeky conference.

Goofy Habits or Hobbies

personal and

political

Freedom of Expression

Teachers being able to drink socially when in own time.

BLIZARD WoW in game IDvs “RealID” change

Young people free to explore themselves

Freedom of Action

this comes from not having all contexts linked togetherMonday, December 6, 2010

Freedom to group and cluster outside commercial silos& business contexts.

Freedom of Movement and Assembly

Freedom to Peer-to-Peer Link

Freedom to determine how the link is seen by

others

What is the context for people gathering?

“We’re trying to build a social layer for everything.”

- Mark ZuckerburgMonday, December 6, 2010

How can people and groups be first class objects on the web

(and other electronic networks)?

Transition to Technology Section

TextText

Can you have both?

OpenID 101 (identifier)

OpenID has a Ton of Issues

• security• no payload - identifiers are not enough• people donʼt understand format URL• people donʼt have their own domains• often 3rd level domain• Nascar Problem• ADOPTION

• Namespace issue - “solved Facebook”

Users take actions on your siteUsers come to your site to consume your unique content. They take actions like commenting, reviewing, making purchases, rating, and more.Users share with friends, who discover your siteWith Facebook Connect, users can easily share your content and their actions with their friends on Facebook. As these friends discover your content, they click back to your site, engaging with your content and completing the viral loop.Social features increase engagementCreating deeper, more social integrations keeps users engaged with your site longer, and more likely to take actions they share with their friends. (For example — don't just show users what's most popular on your site, but what's most popular with their friends on your site.)

Connect

The response is a JSON object which contains some (or all) of the following reserved keys:

• user_id - e.g. "https://graph.facebook.com/24400320"• asserted_user - true if the access token presented was issued by

this user, false if it is for a different user• profile_urls - an array of URLs that belong to the user• display_name - e.g. "David Recordon"• given_name - e.g. "David"• family_name - e.g. "Recordon"• email - e.g. "recordond@gmail.com"• picture - e.g. "http://graph.facebook.com/davidrecordon/picture"

The server is free to add additional data to this response (such as Portable Contacts) so long as they do not change the reserved OpenID Connect keys.

Proposal for OpenID Connect

Information Cards (claims)

informationcard.net

Employee issued ID

the employer sees where used

Government Issued age verification

just like a drivers license in the real world

“Phones Home” Doesn’t “Phone Home”

Managed Cards Come in two Flavors

Verified Anonymity (U-Prove)

Information Cards have a ton of issues:

• Relying Party Adoption• why shift to claims from identifiers• Where are the libraries and tools for Relying

parties

• Client Download Required• New User Experience• What are Active Clients and How do they work

• Risk & Liability Models are Unclear• If a claim is validated and it is untrue who is liable

More Technologies

XRD (the most successful standard arising from user centric ID community that you have never heard of)

Discovery = Patterns +

Interfaces + Descriptors

XRDS --> XRD-Simple --> XRD (within XRI spec)

Evolution of Discovery

Application of

XRI/XDI

OStatus isn't a new protocol; it applies some great protocols in a natural and reasonable way to make distributed social networking possible.• Activity Streams encode social events in standard Atom or RSS feeds.

• PubSubHubbub pushes those feeds in realtime to subscribers across the Web.

• Salmon notifies people of responses to their status updates.

• Webfinger makes it easy to find people across social sites.

User Managed Access

SAML has two parts1. Authentication2. Profiles

used in higher education

Protocol Family Tree

OpenID

Foundation

XDI XRI

XNS.org

XDI.ORG

OpenID

i-names

OpenIDv2

XRD Simple

OpenID

v Next

Web Finger

Current Organizations

Organizations (no longer)

Independent Open Protocol

(no longer)

Protocol standardized at OASIS

earlier version (no longer)

Internet

Identity

Workshop

#1 Oct 2005

Big Challenge Protocol Interop

OSIS Interop

3rd InteropSpring 2007

RSA Conference

European Identity Conference

Open Identity For Open Government

http://bit.ly/ID-Gov-Open

http://bit.ly/FastCo-IDGovFast Company blog post by KaliyaGovernment Experimenting with

Identity Technologies

Government Services Administration website on ID

Trust Frameworks / Policy Repositories

Google

PayPal

Equifax

Yahoo!

AuditorsPolicy Repository

Trust Frameworks

ICAM John Steensen

PBS Kids

Levels of Assurance

Identity Providers

Levels of

Protection

Relying Parties

OtherAuditor

Open Identity Exchange

OtherAuditor

Relying Party

SHARED VISION for people’s identity on the scale of the web.

Freedom and

Autonomy for People

Open Standardsare Essential

No One Dominant Player

There will be a Big Bang

With all new technologies there is a point at which new things start happening that the creators of the technology did not envision this is a

big bang in identity.

Mission statements:• Identity Commons: Support, facilitate, and promote the creation of an open identity layer

for the Internet, one that maximizes control, convenience, and privacy for the individual while encouraging the development of healthy, interoperable communities.

• Information Card Foundation: Promote, protect, and enable the development of an open, trusted, interoperable, royalty-free identity layer for the Internet that maximizes control over personal information by individuals

• OpenID Foundation: To foster and promote the development of, public access to, and adoption of OpenID as a framework for user-centric identity on the Internet; and To acquire, create, hold, and manage intellectual property related to OpenID and provide equal access to such intellectual property to the OpenID community and public at no charge.

• Kantara Intiative: Foster identity community harmonization, interoperability, innovation, and broad adoption through the development of open identity specifications, operational frameworks, education programs, deployment and usage best practices for privacy-respecting, secure access to online services

• Open Identity Exchange: Collecting aggregating, and distributing information regarding the identity-related services industry to businesses and other stakeholders in that industry in order to improve conditions in that industry by fostering innovation, market transparency, and identity-related product and service interoperability; Providing a neutral, open market registration system for participants in the identity-related services industry;

• Data Portability Project: Data portability enables a borderless experience, where people can move easily between network services, reusing data they provide while controlling their privacy and respecting the privacy of others. Our Mission is to help people to use and protect the data they create on networked services, and to advocate for compliance with the values of DataPortability.

Hailstorm SAMLv1 & 2

BTOracleSUN

XRIXDI

Passport

Microsoft

FireFly

Liberty Alliance

Kantara Intiative

Planetwork Link Tank

Identity Commons (1)

Identity Gang

Identity Commons (2)

OpenIDv2

OpenID Foundation

Open Identity Exchange

Information Card

Foundation

IMIIdentity Metasystem

Interoperability

Information Card

Standard

VENN OF IDENTITY

HigginsProject

Lots of Companies

Project to be annouced at

Pamela Project

EInternet Identity Workshop

Loose Affiliations of People

Current Organizations

Organizations (no longer)

Company

Proprietary Service (no longer)

Protocol standardized at OASIS

earlier version (no longer)

Independent Open Protocol

(no longer)

Paper:Shared Understanding

Project with Code

Evolution of Identity Community

Collaboration

One of the main community organizations linking various

efforts is Identity Commons.

Identity Commons

Open ID

FoundationInformation

Foundation

XDI.ORG

Portability

Project

Internet Identity

Workshop

Project

Higgins

Project

Pamela

Project

Open Source

Identity System

ID-Legal

Identity

Schemas Identity

Online

IDMedia

Review

Nick's

Legacy

Group that who's home is at Identity

Commons

Independant

Nonprofit

Organization

Project at

another organization

Conclusion: a funny take the identity dog logo

On the dog, no one knows when you’re on the Internet.

www.internetidentityworkshop.com

www.idcommons.net

Kaliya Hamlin@identitywomankaliya@mac.com

www.identitywoman.net

Iiw11introtalk

heidi nobantu

related services

kaliya hamlin

shared vision

profile data

2010 information

personal information

identity gang

Documents