Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here - PowerPoint PPT Presentation


PPT – Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here PowerPoint presentation | free to download - id: 535ae-ZDc1Z


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation

Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here


So does an online community. Less clear are things that cannot express ... Source: Eve Maler, from ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 23
Provided by: williamb6


Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Digital Identity within E-Business and E-Government: Where are we now and Where do we go from here

Digital Identity within E-Business and
E-GovernmentWhere are we now andWhere do we go
from here
  • William Barnhill
  • Booz Allen Hamilton

  • What are the basics of Identity 2.0?
  • Where are we now?
  • Where are we going?
  • What does the future hold?
  • Questions and Comments?

What are the basics of Identity 2.0?
What identity is and isnt
  • on identity
  • The collective aspect of the set of
    characteristics by which a thing is definitively
    recognizable or known
  • More precisely
  • A digital representation of a set of claims made
    by one party about itself or another digital
    subject Identity Gang
  • Some say identity reputation, others not
  • IMHO, reputation is just a possible set of claims
  • Note the above definition says thing not
  • A corporation can and does have an identity
  • So does an online community
  • Less clear are things that cannot express free
    will routers, etc.
  • Identity is not identification, thats just one

The Core Concept of Identity 2.0
  • User-Centric Identity
  • User consent
  • User always can allow or deny whether information
    about them is released or not (reactive consent
  • User control
  • User has ability to policy-control all exchanges
    of identity information (proactive consent
  • User delegates decisions to identity agents
    controlled through policy
  • User-centered
  • Pete Rowley describes this core subset of the
    previous two as People in the protocol
  • User is actively involved in information
    disclosure policy decisions at run time

Identity In e-Business and e-Gov
  • Identity 2.0 drivers in e-Business and e-Gov
  • Spam gt 50 of blogs are spam blogs (splogs)
  • Growing risk of identity theft
  • Niche marketing requires greater identity
  • Regulation e.g. Chinas 18-digit ID numbers to
    combat gaming addiction in those under 18
  • The Identity Meta-System
  • No single identity solution will work for
  • Consistent user experience across different
  • Interoperability of identifiers, identity claims
    through encapsulating protocol...the IP of

Where are we now?
Identity standards in our hands
  • SAML 2.0 OASIS
  • OpenId
  • Liberty ID-WSF
  • CardSpace Microsoft
  • Username/Password

Source Eve Maler, from http//
Where are the problems?
  • We are in the pre-IP world of Ethernet, Token
    Ring, etc (SAML, OpenID, i-names, WS-Trust,
  • Publish your information once, relinquish control
  • SPAM cost 21.58 billion annually, according to
    the 2004 National Technology Readiness Survey
  • Identity fraud cost 56.6 billion in 2006
  • Existing standards have not been used to solve
    the above problems
  • Each existing standard addresses different facets
    of identity from the perspective of different
  • No single standard acts as the gem that holds the
    facets together
  • Thorny issues
  • How do we represent claims in a way translatable
    to everyone?
  • How do we represent claims in a way translatable
    to everyone?
  • How do we capture negotiation of what claims are

Identity standards on the horizon
  • The identity meta-system
  • MS vision, implemented in InfoCard
  • Higgins
  • Novells vision for an identity meta-system,
    implemented in the Bandit project
  • OpenID
  • Community vision for very lightweight identity
    meta-system, implemented in Apache Heraldry
  • i-names
  • Extensible Resource Identifiers (XRI) are
    exponentially more valuable for a lightweight
    identity system, implemented in XDI i-brokers
  • Many others, see http//

Where are we going?
Kim Camerons Laws of Identity
  • User Control and Consent Identity systems must
    only reveal information identifying a user with
    the user's consent.
  • Minimal Disclosure for a Constrained Use The
    identity system must disclose the least
    identifying information possible, as this is the
    most stable, long-term solution.
  • Justifiable Parties Identity systems must be
    designed so the disclosure of identifying
    information is limited to parties having a
    necessary and justifiable place in a given
    identity relationship.
  • Directed Identity A universal identity system
    must support both "omni-directional" identifiers
    for use by public entities and "uni-directional"
    identifiers for use by private entities, thus
    facilitating discovery while preventing
    unnecessary release of correlation handles.
  • Pluralism of Operators and Technologies A
    universal identity solution must utilize and
    enable the interoperation of multiple identity
    technologies run by multiple identity providers.
  • Human Integration Identity systems must define
    the human user to be a component of the
    distributed system, integrated through
    unambiguous human-machine communication
    mechanisms offering protection against identity
  • Consistent Experience Across Contexts The
    unifying identity metasystem must guarantee its
    users a simple, consistent experience while
    enabling separation of contexts through multiple
    operators and technologies.

Source http//
Will they work in the enterprise?
  • Short answer Yes
  • Inward facing answer Yes, but
  • Enterprise security and compliance requirements
    may force up front user consent within the
  • May limit operators and technologies allowed
  • Outward facing answer Unqualified yes
  • Your customers, and quite possibly future laws,
    will require enterprises to protect the identity
    of their consumers
  • Enterprises will be required to protect their own
    identity to combat phishing and spam

Identity Meta-system Requirements
  • For adoption
  • Open in all senses of the worda communal
  • Simply complexSimple at its core, with the
    capability of handling complexity by adding
    plug-ins of some form
  • Microsofts Kim Cameron states 5 key pieces
  • A way to represent identities using claims
  • A means for identity providers, relying parties,
    and subjects to negotiate
  • An encapsulating protocol to obtain claims and
  • A means to bridge technology and organizational
    boundaries using claims transformation
  • A consistent user experience across multiple
    contexts, technologies, and operators

Convergence in the Identity space
  • URL-based vs Card-based vs Token-based
  • Convergence between URL-based and Card-based
  • Convergence starting to happen between URL based
    and token based identity
  • Towards full convergence and a true identity
  • URL-based identity gt Resource identifier-based
  • XRI-based identity gt a possible full convergence
  • The i-broker concept

Identity Standards Adoption
  • Adoption is happening right now
  • The grassroots/Web 2.0 adoption vector
  • URL-based identity OpenID, YADIS
  • The Enterprise adoption vector
  • TokenCard-based identity (WS-Trust, CardSpace)

What does the future hold?
Identity 2.0 Services are a Blue Ocean
  • Blue Ocean vs a Red Ocean
  • Characteristics of a Blue ocean market
  • Pioneering vs. Competitive, breeds cooperation
  • Creating or redefining demand
  • Key to sustainable success
  • Many service offering possibilities, few
  • Current providers are more co-operative, incl.
  • SoIdentity 2.0 Services is a blue ocean

What the future may hold
  • An Identity Meta-System (IMS) standard that
    specifies core IMS requirements and possible
  • Multiple flavors of an Identity Meta-System
    (InfoCard, Bandit, XDI I-Brokers) that implement
    that standard
  • Standards for reputation representation and
    interchange, leading to reputation as a real
    value currency

What you can do
  • Help raise the barn!
  • Join two Open Source projects
  • Why two?
  • Because youll be looking at the problem from
    different perspectives, and because we need more
    people as bridges
  • Join or form OASIS Identity-related technical
  • Talk to your enterprise leadership
  • How user-centric is their identity?
  • Do they have documented Identity Management
    policies and procedures?
  • If not, help them write them, or out-source it
    (in the interests of full disclosure, Booz Allen
    has an IdM group)

  • User-centric identity will be crucial as
    software-as-service, knowledge management, and
    social software become widespread in the
  • Adopting the right emerging identity standard for
    your enterprise will have significant ROI
  • Identity 2.0 brings several new market
    opportunities, most of them tied to Open Source
  • Were still at the stage where an Identity
    Management (IdM) consultant needs to know many
    standards, but convergence is happening.

Questions and Comments?