identity 101: boot camp for identity north 2016

Identity 101 Boot Camp Identity North

June 15th, 2016 Toronto

Kaliya “Identity Woman”

Internet Identity Workshop

Co-Founded in 2005

Born in Vancouver

Played Water Polo

UC Berkeley

Planetwork

Identity Commons

Identity Gang

Canada

Founded in 2010 ECOSYSTEM

CONSORTIUM

PERSONAL DATA

Today Independent Identity Consulting

Who is

1. Big Picture - What is Identity? 2. Digital Identity - Key Terms

3. ID in Context of Society Enterprise, Government, Commons

4. User-Centric/Self-Sovereign Identity 5. Spectrum of Identity

6. Big Picture - ID Resources 7. Questions and Answers

Outline

Identity is socially constructed and contextual.

Who I am

Who I present myself to be

How I am seen

In a given

context

Contexts Roles (Persona)

FamilyParent, Child Brother, Sister

Religious Life

Hobbies

Professional Work

Congregant Religious Leader

Creator, Maker Teacher

Employee, Employer Contractor

Professionally Licensed

Atoms

Bits

Easy to move physically between contexts.

To Present Different Selves

Movement Between Different Contexts

Requires Different Non-Correlated Identifiers

Persona 1 Persona 2

Context 1 Context 2

Persona 1

Persona 2 Context

Context 1 Context 2

Persona

Understanding Key Digital Identity Terms

Enrollment Proofing/Verification

Attributes/Claims Identifiers - Directed, End-Points

Credentials Authentication - AuthN

Multi-Factor Authentication - MFA Authorization - AuthZ

Enrollment Technology Thing

Process Policy

Procedures &

Enrollment: The processes that an institution/organization uses to ‘onboard”and create an identity for a particular individual.

Enrollment —> Credential Issuance

Proofing / Verification Triangulation

Identity Proofing or Verification: The processes used to check the veracity of identity claims about a person. This is often done in an enrollment process.

Attributes ClaimsAttributes and Claims can be both self asserted by a

person or ascribed to a person by an institution.

IdentifierIdentifies are pointers at people.

Within institutional or network systems these are often numbers that point particular people.

Identifiers ClaimsSingle String Pairs

Identifiers link things together and enable correlation.

They can be endpoints on the internet.

A claim is by one party about another or itself.

It does not have to be linked to an identifier.

Proving you are over 18 for example and not giving your real name.

Directed IdentifierThese is a types of identifies enable individuals to use different identifiers for different contexts.

The BC Citizen Services card is “one card” but when one uses it in a Healthcare content it has a different identifier then when used within the context of a drivers license. So the identifier is “directed” and only used in one context.

Network End-Point Identifier

Identifiers that are also Network End-Points include Phone numbers

e-mail addresses

Authentication can be performed with the end-point. That is you can prove you are in position of the end-

point with a challenge - such as a being sent code to a phone and then entering it into the site asking to confirm

that you are in control of it.

Authentication AuthN

What you Know (A Password, OneTime Password)

What you Have (A Credential)

What you Are (Biometric)

Emerging: What you Do (Behavior)

Multi-Factor Authentication MFA

What you Have (a bank card) and What you know (The PIN #)

What you Know (Password and What you Are (A Biometric shared at Enrollment)

Using more then one form of Authentication.

Authorization AuthZ

This is very different then Authentication which is just checking that an individual is the same one who

presented themselves with the credentials before.

What are you permitted (authorized) to do in a system?

Enterprise Mountains

ID in Context of Society

Employers

Have Employees

Enterprise Identity

Enterprise Single Sign On

Provisioning

Authentication - AuthN

[Power Relationship]

Employers

Have Employees Contractors

Business Partners

Enterprise Identity

Provisioning

Termination

Enterprise Identity

Access ControlAuthorization - AuthZ

Roles Attributes

Authentication - AuthN

Enterprise Identity

Customers Enrollment Claims/Attributes

But its Different…….More on that later


Government FootHills

Civic Records

Citizen Identity

Birth

Death

Marriage

DivorceParent

Drivers License

Voting

Other Licensing

Health Care

Social InsuranceTaxation

Citizen Identity The power relationship between the citizen / subject and government entities is NOT the same as the power relationship between the employer and their employee.

The systems used for enterprise identity management CAN NOT be picked up and plopped down on citizen <—> government identity management contexts. It has to work differently.

Enterprise provisioning and termination is clearly not the same as the government issuance of a birth certificate and death certificate.



Valley of the Commons

Big Co.

Web 1.0 Web 2.0

User-Centric Identity Self-Sovereign Identity


User-Centric / Self-Sovereign Identity

The Identity DogRepresents 2 things:

* Freedom to be who you want to be

* Freedom to share more specific info about yourself that is validated


Freedom to Aggregate


XFreedom to Disaggregate


XUser-Centric / Self-Sovereign Identity

We are not all “vanilla”

Why James Chartrand Wears Women’s Underpants

http://www.copyblogger.com/james-chartrand-underpants/

Custodianship?

http://www.flickr.com/photos/seektan/2582803300/sizes/z/in/photostream/

Children

Elders

Custodianship?

FAMILIES

Custodianship?

http://www.flickr.com/photos/jeanlouis_zimmermann/8752148306/sizes/o/in/photostream/

How do people “get” User Centric Digital Identity today?

Google profilesYahoo! profiles

FacebookLinkedIn

Hack it together with handles from web mail providers or on a service like Twitter

Challenge with e-mail addresses as identitiesthe communications token is the “ID”


What are our rights in these commercial spaces governed by Terms of Service?

How are we “citizens” in private space?

In physical life we have protection of our physical self - people will be prosecuted for harming us. What is the equivalent in online spaces?

Freedom to not be “erased” under TOS


Identifier side:

Own their own domain name.

Have a blog?Run an openID server?

Claims based side:

Almost impossible.

Little relying party adoption(Places where 3rd partyor self generated claims

will be accepted)

Little client side app adoption

How do people “get” User Centric Digtial Identity?


Identifier side: Claims based side:

Emerging Today: How do people “get” Self-Sovereign Digital Identity today?


Proposed: Distributed IDentity -> DID

Distributed Ledger Technology

Emerging Networks for their Exchange

ID/DataWeb

W3C: Verified Claims Working Group

Personal Data Banks / Stores / Vaults / etc….

What is the context for people gathering?

“We’re trying to build a social layer for everything.”

- Mark Zuckerburg


Freedom to Peer-to-Peer Link

Freedom to determine how the link is seen by others


Freedom to group and cluster outside commercial silos& business contexts.

Freedom of Movement and Assembly


• Freedom to Aggregate

• Freedom to Disaggregate

• Freedom to not be “erased” under TOS

• Freedom of Movement and Assembly

• Freedom to Peer-to-Peer link & the Freedom to determine if the link is seen by others

• Custodianship is Possible

User Centric Digital Identity is the:User-Centric / Self-Sovereign Identity

Isn’t just a technical problem

TECHNOLOGY

LEGAL

SOCIAL BUSINESS?


Why have we have yet to succeed? It is a REALLY hard problem set to solve for,User Centric Digital Identity that is:

1. open standards based2. the scale of the internet + other digital systems3. that people find usable4. that they understand 5. that is secure6. it requires emergence of new social behavior7. and changes business models & norms


Why have we have yet to succeed? It is a REALLY hard problem set to solve for,User Centric Digital Identity that is:

1. open standards based2. the scale of the internet + other digital systems3. that people find usable4. that they understand 5. that is secure6. it requires emergence of new social behavior7. and changes business models & norms


CAUSE IT IS

REALLY HARD…

We are still working on making the vision real

The Internet Identity Workshop Continues & New Efforts that Complement

* Rebooting Web of Trust * Personal Data Ecosystem

* Re-Decentralize * Personal Data 2016 …

Many protocols emerging - OpenID, OAuth, SCIM,Frameworks To Believe Veracity Exchange of Attributes and Identifiers


?Anonymous

?

?

? ?Per-Post Per-Session

Anonymous

?Anonymous

✓Verified

✓ ✓ ✓

Verified

✓ ✓✓Documentation In Person

VerificationBiometric Capture

?Anonymous

One Site Multi-SiteSelf-Asserted VerifiedSocially

Validated

✓Pseudonymous

?Anonymous

One Site Multi-SiteSelf-Asserted Socially

ValidatedVerified

✓Pseudonymous

?

✓Verified

Anonymity

?Anonymous


ValidatedVerified

✓Pseudonymous

?

✓Verified

Anonymity

Over 18 years Woman Voter

CA Congressional District 9

Ms.Sue Donna DOB = 1/21/1982 1823 6th Ave. Alameda, CA

?Anonymous


ValidatedVerified

✓Pseudonymous

?Anonymous

One Site Multi-Site

Self-Asserted SociallyValidated

Verified

✓Pseudonymous

http://www.identitywoman.net

?Anonymous


ValidatedVerified

✓Pseudonymous

✓✓

Limited Liability Persona

Big Picture ID Resources

Identity is social. Identity is subjective. Identity is valuable. Identity is referential. Identity is composite. Identity is consequential. Identity is dynamic. Identity is contextual. Identity is equivocal.

OECD Paper At a Crossroads: "Personhood” and the Digital Identity in the Information Society

Properties of Identity

1. User Control and Consent 2. Limited Disclosure for Limited Use 3. The Law of Fewest Parties 4. Directed Identity 5. Pluralism of Operators and Technologies 6. Human Integration 7. Consistent Experience Across Contexts

by Kim Cameron - https://www.identityblog.com/?p=354

Laws of Identity

https://www.identityblog.com/?p=354

Questions & Answers

Conclusion

Kaliya “Identity Woman” Young

kaliya [at] identitywoman.net