Digital identity - AbsoluteAstronomy.com

Internet identity

Internet identity may refer to:* Online identity - personal self-concept as it relates to the Internet * Digital identity -...

Digital identity is the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things. Digital identity also has another common usage as the digital

Digital

A digital system is a data technology that uses discrete values. By contrast, non-digital systems use a continuous range of values to represent information...

representation of a set of claims made by one digital subject about itself or another digital subject.

Digital subject

A digital subject is an entity represented or existing in the digital realm which is being described or dealt with. Every digital subject has a finite, but unlimited number of identity attributes. A digital subject can be human or non-human. Non-human examples include:

Devices and computers (with which we have built the "digital realm" in the first place);
Digital resources (which attract us to it);
Policies and relationships between other digital subjects (e.g., between humans and devices or documents or services).

Identity through relationship

An observer's perception of the digital identity of an entity is inevitably mediated by the subjective viewpoint of that observer (just as it is with physical identity). In order to attribute

Attribution

Attribution may refer to:Something, such as a quality or characteristic, that is related to a particular possessor; an attribute.*Attribution , concept in copyright law requiring an author to be credited...

a digital representation to an entity, and so to elide the two as a digital subject, the attributing party (the observer) must trust that the representation does indeed pertain to the entity (see Authentication below). Conversely, the entity may only grant the observer selective access to its informational attributes (according to the identity of the observer from the perspective of the entity). In this way, digital identity is better understood as a particular viewpoint within a mutually-agreed relationship than as an objective property. This contextual nature of digital identity is referred to as contextual identity.

Authentication

Authentication is the act of confirming the truth of an attribute of a datum or entity...

is a key aspect of trust-based identity attribution, providing a codified assurance of the identity of one entity to another. Authentication methodologies include the presentation of a unique object such as a bank credit card, the provision of confidential information such as a password

Password

A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....

or the answer to a pre-arranged question, the confirmation of ownership of an e-mail address, and more robust but relatively costly solutions utilising encryption

Encryption

In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

methodologies. In general, business-to-business authentication prioritises security while user to business authentication tends towards simplicity. New physical authentication techniques such as iris scanning, handprinting, and voiceprint

Voiceprint

Voiceprint can refer to the spectrogram of a voice. More specific uses include:* VoicePrint, Canada's broadcast reading service* Voiceprint Records, an English record label* The stored template used to identify a person via their voice in Speaker recognition...

ing are currently being developed and in the hope of providing improved protection against identity theft

Identity theft

Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...

. Those new techniques fall into the area of Biometry (biometrics

Biometrics

Biometrics As Jain & Ross point out, "the term biometric authentication is perhaps more appropriate than biometrics since the latter has been historically used in the field of statistics to refer to the analysis of biological data [36]" . consists of methods...

), which belongs to the area of Artificial Intelligence or Machine Learning.

Identifiers

Digital identity fundamentally requires digital identifiers—strings or tokens that are unique within a given scope (globally or locally within a specific domain, community, directory, application, etc.). Identifiers are the key used by the parties to an identification relationship to agree on the entity being represented. Identifiers may be classified as omnidirectional and unidirectional. Omnidirectional identifiers are intended to be public and easily discoverable, while unidirectional identifiers are intended to be private and used only in the context of a specific identity relationship.

Identifiers may also be classified as resolvable or non-resolvable. Resolvable identifiers, such as a domain name

Domain name

A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....

or e-mail address

E-mail address

An email address identifies an email box to which email messages are delivered. An example format of an email address is lewis@example.net which is read as lewis at example dot net...

, may be dereferenced into the entity they represent, or some current state data providing relevant attributes of that entity. Non-resolvable identifiers, such as a person's real-world name, or a subject or topic name, can be compared for equivalence but are not otherwise machine-understandable.

There are many different schemes and formats for digital identifiers. The most widely used is Uniform Resource Identifier

Uniform Resource Identifier

In computing, a uniform resource identifier is a string of characters used to identify a name or a resource on the Internet. Such identification enables interaction with representations of the resource over a network using specific protocols...

(URI) and its internationalized version Internationalized Resource Identifier

Internationalized Resource Identifier

On the Internet, the Internationalized Resource Identifier is a generalization of the Uniform Resource Identifier . While URIs are limited to a subset of the ASCII character set, IRIs may contain characters from the Universal Character Set , including Chinese or Japanese kanji, Korean, Cyrillic...

(IRI)—the standard for identifiers on the World Wide Web

World Wide Web

The World Wide Web is a system of interlinked hypertext documents accessed via the Internet...

. OpenID

OpenID

OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities...

and Light-Weight Identity

Light-Weight Identity

LID is a management system for online digital identities developed in part by . It was first published in early 2005, and is the original URL-based identity system, later followed by OpenID. LID uses URLs as a verification of the user's identity, and makes use of several open-source protocols...

(LID) are two web authentication protocols that use standard HTTP URIs (often called URLs), for example.

Digital Object Architecture

Digital Object Architecture (DOA) provides a means of managing digital information in a network environment. A digital object has a machine and platform independent structure that allows it to be identified, accessed and protected, as appropriate. A digital object may incorporate not only informational elements, i.e., a digitized version of a paper, movie or sound recording, but also the unique identifier of the digital object and other metadata about the digital object. The metadata may include restrictions on access to digital objects, notices of ownership, and identifiers for licensing agreements, if appropriate.

The Handle System

Handle System

The Handle System is a technology specification for assigning, managing, and resolving persistent identifiers for digital objects and other resources on the Internet...

is a general purpose distributed information system that provides efficient, extensible, and secure identifier and resolution services for use on networks such as the internet. It includes an open set of protocols, a namespace

Namespace

In general, a namespace is a container that provides context for the identifiers it holds, and allows the disambiguation of homonym identifiers residing in different namespaces....

, and a reference implementation of the protocols. The protocols enable a distributed computer system

Distributed computing

Distributed computing is a field of computer science that studies distributed systems. A distributed system consists of multiple autonomous computers that communicate through a computer network. The computers interact with each other in order to achieve a common goal...

to store identifiers, known as handles, of arbitrary resources and resolve those handles into the information necessary to locate, access, contact, authenticate, or otherwise make use of the resources. This information can be changed as needed to reflect the current state of the identified resource without changing its identifier, thus allowing the name of the item to persist over changes of location and other related state information. The original version of the Handle System technology was developed with support from the Defense Advanced Research Projects Agency (DARPA).

Extensible Resource Identifiers

A new OASIS

OASIS (organization)

The Organization for the Advancement of Structured Information Standards is a global consortium that drives the development, convergence and adoption of e-business and web service standards...

standard for abstract, structured identifiers, XRI (Extensible Resource Identifiers), adds new features to URIs and IRIs that are especially useful for digital identity systems. OpenID

OpenID

also supports XRIs, and XRIs are the basis for i-name

I-name

I-names are one form of an XRI — an OASIS open standard for digital identifiers designed for sharing resources and data across domains and applications. I-names are human readable XRIs intended to be as easy as possible for people to remember and use. For example, a personal i-name could be =Mary...

Policy aspects of digital identity

There are proponents of treating self-determination and freedom of expression of digital identity as a new human right

Human rights

Human rights are "commonly understood as inalienable fundamental rights to which a person is inherently entitled simply because she or he is a human being." Human rights are thus conceived as universal and egalitarian . These rights may exist as natural rights or as legal rights, in both national...

. Some have speculated that digital identities could become a new form of legal entity.

Taxonomies of identity

Digital identity attributes—or data—exist within the context of ontologies

Ontology (computer science)

In computer science and information science, an ontology formally represents knowledge as a set of concepts within a domain, and the relationships between those concepts. It can be used to reason about the entities within that domain and may be used to describe the domain.In theory, an ontology is...

. A simple example of a taxonomy is "A cat

Cat

The cat , also known as the domestic cat or housecat to distinguish it from other felids and felines, is a small, usually furry, domesticated, carnivorous mammal that is valued by humans for its companionship and for its ability to hunt vermin and household pests...

is a kind of animal

Animal

Animals are a major group of multicellular, eukaryotic organisms of the kingdom Animalia or Metazoa. Their body plan eventually becomes fixed as they develop, although some undergo a process of metamorphosis later on in their life. Most animals are motile, meaning they can move spontaneously and...

." An entity represented in this ontology as a "cat" is therefore invariably also considered an "animal." In establishing the contextual relationship of identity attributes to one another, taxonomies are able to represent identity in terms of pre-defined structures. This in turn allows computer applications to process identity attributes in a reliable and useful manner. XML

XML

Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....

(eXtensible Markup Language) has become a de facto standard for the abstract description of structured data.

Taxonomies inevitably reflect culturally

Cultural relativism

Cultural relativism is the principle that an individual human's beliefs and activities should be understood by others in terms of that individual's own culture. This principle was established as axiomatic in anthropological research by Franz Boas in the first few decades of the 20th century and...

and personally relative world views. Consider two possible elaborations of the above example:

"A cat is a kind of animal. A domestic cat is a kind of cat and is a pet."
"A cat is a kind of animal. A domestic cat is a kind of cat and is edible by humans."

Someone searching the first taxonomy for pets would find "domestic cat," whereas a search of the second taxonomy for foodstuffs would yield the same result! We can see that while each taxonomy is useful within a particular cultural context or set of contexts, neither represents a universally valid point of view on domestic cats.

The development of digital identity network solutions that can interoperate taxonomically-diverse representations of digital identity is a contemporary challenge. Free-tagging

Folksonomy

A folksonomy is a system of classification derived from the practice and method of collaboratively creating and managing tags to annotate and categorize content; this practice is also known as collaborative tagging, social classification, social indexing, and social tagging...

has emerged recently as an effective way of circumventing this challenge (to date, primarily with application to the identity of digital entities such as bookmarks and photos) by effectively flattening identity attributes into a single, unstructured layer. However, the organic integration of the benefits of both structured and fluid approaches to identity attribute management remains elusive.

Networked identity

Identity relationships within a digital network may include multiple identity entities. However, in a decentralised network like the Internet, such extended identity relationships effectively require both (a) the existence of independent trust relationships between each pair of entities in the relationship and (b) a means of reliably integrating the paired relationships into larger relational units. And if identity relationships are to reach beyond the context of a single, federated ontology of identity (see Taxonomies of identity above), identity attributes must somehow be matched across diverse ontologies. The development of network approaches that can embody such integrated "compound" trust relationships is currently a topic of much debate in the blogosphere

Blogosphere

The blogosphere is made up of all blogs and their interconnections. The term implies that blogs exist together as a connected community or as a social network in which everyday authors can publish their opinions...

.

Integrated compound trust relationships allow, for example, entity A to accept an assertion or claim about entity B by entity C. C thus vouches for an aspect of B's identity to A.

A key feature of "compound" trust relationships is the possibility of selective disclosure from one entity to another of locally relevant information. As an illustration of the potential application of selective disclosure, let us suppose a certain Diana wished to book a hire car without disclosing irrelevant personal information (utilising a notional digital identity network that supports compound trust relationships). As an adult, UK resident with a current driving license, Diana might have the UK's Driver and Vehicle Licensing Agency

Driver and Vehicle Licensing Agency

The Driver and Vehicle Licensing Agency is the organisation of the UK Government responsible for maintaining a database of drivers and a database of vehicles in Great Britain; its counterpart in Northern Ireland is the Driver & Vehicle Agency...

vouch for her driving qualification, age and nationality to a car-rental company without having her name or contact details disclosed. Similarly, Diana's bank might assert just her banking details to the rental company. Selective disclosure allows for appropriate privacy

Privacy

Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...

of information within a network of identity relationships.

A classic form of networked digital identity based on international standards is the "White Pages".

An electronic white pages links various devices, like computers and telephones, to an individual or organization. Various attributes such as X.509v3 digital certificates for secure cryptographic communications are captured under a schema, and published in a LDAP

Lightweight Directory Access Protocol

The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...

or X.500

X.500

X.500 is a series of computer networking standards covering electronic directory services. The X.500 series was developed by ITU-T, formerly known as CCITT, and first approved in 1988. The directory services were developed in order to support the requirements of X.400 electronic mail exchange and...

directory. Changes to the LDAP standard are managed by working groups in the IETF, and changes in X.500 are managed by the ISO. The ITU did significant analysis of gaps in digital identity interoperability via the FGidm, focus group on identity management.

Implementations of X.500[2005] and LDAPv3 have occurred world wide but are primarily located in major data centers with administrative policy boundaries regarding sharing of personal information. Since combined X.500 [2005] and LDAPv3 directories can hold millions of unique objects for rapid access, it is expected to play a continued role for large scale secure identity access services. LDAPv3 can act as a lightweight standalone server, or in the original design as a TCP-IP based Lightweight Directory Access Protocol compatible with making queries to a X.500 mesh of servers which can run the native OSI protocol.

This will be done by scaling individual servers into larger groupings that represent defined "administrative domains", (such as the country level digital object) which can add value not present in the original "White Pages" that was used to look up phone numbers and email addresses, largely now available through non-authoritative search engines.

The ability to leverage and extend a networked digital identity is made more practicable by the expression of the level of trust associated with the given identity through a common Identity Assurance Framework.

Academic work

Research on identity is done in a variety of disciplines such as law

Law

Law is a system of rules and guidelines which are enforced through social institutions to govern behavior, wherever possible. It shapes politics, economics and society in numerous ways and serves as a social mediator of relations between people. Contract law regulates everything from buying a bus...

, technology

Technology

Technology is the making, usage, and knowledge of tools, machines, techniques, crafts, systems or methods of organization in order to solve a problem or perform a specific function. It can also refer to the collection of such tools, machinery, and procedures. The word technology comes ;...

, and information systems

Information systems

Information Systems is an academic/professional discipline bridging the business field and the well-defined computer science field that is evolving toward a new scientific area of study...

alongside other social

Social

The term social refers to a characteristic of living organisms...

, political and management

Management

Management in all business and organizational activities is the act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively...

issues.

External links

The Identity Dictionary
Digital Identity Glossary
FIDIS (Future of Identity in the Information Society) Network of Excellence
"Digital Identity" (book) by Phil Windley, preview at Google Books
Identity Gang Lexicon
Identity 2.0 Keynote
Ideating Identity
xID Digital Identity specification for worldwide use
DigitalIDNews
Identity Weblog by Kim Cameron, Identity and Access Architect, Microsoft Corporation

The source of this article is wikipedia, the free encyclopedia. The text of this article is licensed under the GFDL.