What is digital identity?
ITU X.1250 standard: “The representation of an entity in the
form of one or more information elements which allow the
entity to be sufficiently distinguished within context”
Entities and contexts
Entity: human or machine
Type of communication Contexts
Human to human Analog world:
• Family
• Circles of friends
• Leisure clubs
• Civil society movements
...
Human to machine Digitised services:
• Tax e-filing
• Banking
• Vending machines with age verification
• Social networking sites
…
Machine to machine • Internet of (smart) Things (IoT)
• Server-to-server communication
• …
Partial identity • Political views
• Ethnicity
• Religious identity
• Gender identity
• Involvement in civil society
• Medical information
• Philosophical views
• Career trajectory
• Social links
• Hobbies
• Online surfing behaviour
• …
Digital trust
Assertions of trust about each
unknown asserter are required
… until a known trusted link
(individual or organisation) is reached
Digital trust
Trust is enforced online,
but -typically- originates offline.
Trust is not necessarily bilateral
Digital trust models: transitive trust
• “If A trusts B, and B trusts C, then A trusts C”
• Centralised
Organisational trust Browser trust
Digital trust models: social trust
• Decentralised
• Typically humans online
• Criteria
o How much do I trust an
entity?
o Social distance
(~degrees of separation)
o How many people have
corroborated the
trustworthiness of an entity?
• F.i. PGP
What is identity management?
Admini-stration
Manage-ment & mainte-nance
Communi-cation &
discovery
Correlation & binding
Policy enforce-
ment
Authenti-cation & assertion
• Assurance of
identity information:
credentials, identifiers,
attributes,…
of an entity: individuals, groups,
devices, service providers
• Enabling business and
security applications
Identity management: actors
User
• Wants ubiquitous Web services
• Concerned about security and privacy
• Personalisation for convenience
Relying party
• Google, Facebook,…
• Offers a service
• Attribute-based personalisation and access control
• Incentives: revenue and legal
Identity provider
• Provide reliable user info
• Trusted assertions
Identity management: the old days University A
Library B
University C
Student Admin
Web Mail
e-Learning
Literature DB
e-Learning
Research DB
e-Journals
Authorization User Administration
Authentication Resource Credentials
Identity management: now University A
Library B
University C
AAI
Student Admin
Web Mail
e-Learning
Literature DB
e-Learning
Research DB
e-Journals
Authorization User Administration
Authentication Resource Credentials
Privacy and user-centricity
Anonymity level
o identifiablility
o pseudonymity
• Global
• Per service
o anonymity
User control
o Consent
o Selective attribute disclosure
Privacy and user-centricity
Network-based identity management
1. Request service
2. Authenticate at RP
3. Return token
Privacy and user-centricity
Claim-based identity management
3. Supply claims
2. Send policy
1. Request service