This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Digital Identity
Digital Identity

Version management

Difference between version and

At line 1 added 124 lines
!!! Overview
[{$pagename}] (as Identity) is what binds a [entity] (or a [Person]) to his or her [reputation], and [reputation] is what earns that [person] [trust] within the [community], which in turn facilitates or inhibits that individual’s [actions] depending on his or her level of [trust].
The cycle of [identification] does not end. As we conduct more [actions], the volume of our [Reputation System] [data] increases and our [trust] level is continually adjusted through the judgment of the prevailing [social|Social contract], moral, and [legal] codes.
It can be argued that the role of identity has not changed since the beginning of civilization. [Humans] use [identification] to determine in which type of interactions to engage with other [people|Person]. More specifically, we use identity to facilitate the actions of those we know and [trust], and to protect us from those we do not [trust] or from those we do not know.
This same [Reputation System] is used with [IoT] devices as with other [Entities]
You will not find a simple, single definition on Identity or [{$pagename}]. Here are some that we have run across that we think are best:
* [{$pagename}] is a set of [attributes] related to an [Entity]. [ISO 29115]
* [{$pagename}] is a representation of a set of [Claims] made by one [Party|Entity] about itself or another [Entity].[1]
* Identity is how we keep track of [people|Person] and [things] and, in turn, how they keep track of us.[2]
[{$pagename}] implies that [Identification] (i.e. that the [Entity] has been separated from the [Anonymity Set]) has been performed and the [{$pagename}] is __NOT__ [Anonymous].
[{$pagename}] has one or more [Identifiers] which [MAY] be referred to as [Identity Attributes]
Interestingly, we tend to call these [devices] until a [Digital Identity] [Authenticates] and then __THAT SAME [Device]__ is now considered a "Person". Reality is you will never fins a Person on the network or ever seen a Person that has a [MAC Address].
!! [Context]
[{$pagename}] exists within a provided [context] which usually involves a [Relationship] which might be within one of the Following:
* [Organizational Entity]
* [Government Entity]
* [Social|Social Identity Provider]
!! [{$pagename}] and [Relationships]
In a typical [Identity and Access Management] system additional attributes which defined the [relationship] that "[{$pagename}]" might have with various [applications]. These [relationships] which are then used in the process [authentication] and [authorization] of the [{$pagename}] when engaging with the application.
!! [{$pagename}] [Enrollment]
A [{$pagename}] can be created on the fly when a particular identity transaction is desired (Example: [OpenID Connect]), or persisted in a [Data Store|DataStore] to provide a reference for the [{$pagename}].
Typically when a [{$pagename}] is created there is a [Identity Proofing] process
A [{$pagename}] may be signed by a Digital [Identity Provider (IDP)] to provide a [Level Of Assurance] to a [Relying Party]
!! [{$pagename}], [Authentication], [Authorization]
[{$pagename}], [Authentication] and [Authorization] are separate and distinct.
[{$pagename}] are the [Claims] ([Attributes] or [Identifiers]) for a specific [entity] that provide [Identification]
[Authentication] is the process of establishing a [Level Of Assurance] that the [Identification] is __authentic__.
[Authorization] is when a [Trustor] grants a [Permission] to a [{$pagename}] (a [Trustee]) to perform a [privilege] against a [Target Resource]
!! [{$pagename}] is Also Know as
There are many terms used to represent essentially the same thing.
* [Resource Owner] is used in [OAuth 2.0]
* [Subject] is used in [Security Assertion Markup Language] ([SAML])
* [User] is often used
* [Principal] is often used
* [Consumer of services] may be used
* [Microsoft Account]
* [End-User]
Please do NOT use [Account]. An [Account] is a some place where a [Person] (or a [{$pagename}]) puts an [Asset] in the hands of a [Trustee]. (Just a thing with [{$applicationname}] folks.)
[{$pagename}], well Identity, is a Facet Of Building [Trust]
!! [{$pagename}] [Classification]
There two broad [{$pagename}] [Classifications]:
* foundational identity - is a multi-purpose, allowing access to multiple [services] or [Resources].
* functional identity - solely for a narrowly defined [service] or [Resource]. For [example], a medical insurance card is used to access health care and a voter ID card serves the purpose of conducting a vote
People love to make up words and phrases to express themselves.
[{$pagename}]s may be [classified|Classification] by the type of [Identity Provider (IDP)]:
* [Organizational Identity]
* [Government Identity]
* [Social Identity]
* [Anonymous Identity]
[{$pagename}] might also be [classified|Classification] by the [Relationship] as:
* [Employee] ([B2E])
* [Customer] ([B2C])
* [Partners] ([B2B])
* [Contractor] ([B2B])
* [Vender] ([B2B])
* [Citizen]
[classified|Classification] by the [Identity Management] [Framework] of the [{$pagename}]:
* [User-centric Identity]
** [Self-Sovereign Identity]
* [Multi-Source Identity]
[{$pagename}]s may be [Classified|Classification] as one of the following:
* [Privileged Identity] which may be further [Classified|Classification]
* [NORMAL_ACCOUNT]
!! [{$pagename}] and [Context]
A given [{$pagename}] is typically related to a given [Context].
! How a [{$pagename}] relates to a [Digital Subject]
There should be some further understandings about how a [{$pagename}] relates to a [Digital Subject]:
* A [{$pagename}] is a set of [Attributes] about a [Digital Subject] for a specific [Context]
* For any given [Digital Subject] there will typically exist multiple Digital Identities. For [Example]:
** [Yahoo]
** [Google]
** [Microsoft]
** their [bank]
** their [Employee] [{$pagename}] from the company where they work.
! [{$pagename}] [Data Stores]
Within an [Organizational Entity] (i.e think of a [company] there may be the following [Data Stores]:
* [Human Resources]
* [LDAP]
* [Microsoft Active Directory]
* [Databases]
There is probably a [Employee] with a [Digital Identity] defined in each of these [Data Stores]. Each one of these [Data Stores] has [Attribute Values] or [Identifiers] which could be presented to a [Verifier] as a [Claim] so each of them has a seperate [Digital Identity] that is associated with the same [Employee]. The combination of these [Digital Identities|Digital Identity] is the [Digital Subject] within the [Organizational Entity]. Some folks refer to this as an [Identity Cube].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [The Seven Laws Of Identity/TheLawsOfIdentity.pdf]
* [#2] - [A Primer on Functional Identity|https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/topics-and-advance-readings/functional-identity-primer.md|target='_blank'] - based on information obtained 2017-08-14
* [#3] - [Identity and Trust|https://openknowledge.worldbank.org/bitstream/handle/10986/20752/912490WP0Digit00Box385330B00PUBLIC0.pdf|target='_blank'] - based on information obtained 2019-08-08
* [#4] - [If you turn to page 524|https://twitter.com/NishantK/status/1172525318097330176?s=20|target='_blank'] - based on information obtained 2019-09-14
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop