Overview#
Digital Identity (as Identity) is what binds a entity (or a Person) to his or her reputation, and reputation is what earns that person trust within the community, which in turn facilitates or inhibits that individual’s actions depending on his or her level of trust.The cycle of identification does not end. As we conduct more actions, the volume of our Reputation System data increases and our trust level is continually adjusted through the judgment of the prevailing social, moral, and legal codes.
It can be argued that the role of identity has not changed since the beginning of civilization. Humans use identification to determine in which type of interactions to engage with other people. More specifically, we use identity to facilitate the actions of those we know and trust, and to protect us from those we do not trust or from those we do not know.
This same Reputation System is used with IoT devices as with other Entities
You will not find a simple, single definition on Identity or Digital Identity. Here are some that we have run across that we think are best:
- Digital Identity is a set of attributes related to an Entity. ISO 29115
- Digital Identity is a representation of a set of Claims made by one Party about itself or another Entity.[1]
- Identity is how we keep track of people and things and, in turn, how they keep track of us.[2]
Digital Identity implies that Identification (i.e. that the Entity has been separated from the Anonymity Set) has been performed and the Digital Identity is NOT Anonymous.
Digital Identity has one or more Identifiers which MAY be referred to as Identity Attributes
Interestingly, we tend to call these devices until a Digital Identity Authenticates and then THAT SAME Device is now considered a "Person". Reality is you will never fins a Person on the network or ever seen a Person that has a MAC Address.
Context#
Digital Identity exists within a provided context which usually involves a Relationship which might be within one of the Following:Digital Identity and Relationships#
In a typical Identity and Access Management system additional attributes which defined the relationship that "Digital Identity" might have with various applications. These relationships which are then used in the process authentication and authorization of the Digital Identity when engaging with the application.Digital Identity Enrollment#
A Digital Identity can be created on the fly when a particular identity transaction is desired (Example: OpenID Connect), or persisted in a Data Store to provide a reference for the Digital Identity.Typically when a Digital Identity is created there is a Identity Proofing process
A Digital Identity may be signed by a Digital Identity Provider (IDP) to provide a Level Of Assurance to a Relying Party
Digital Identity, Authentication, Authorization #
Digital Identity, Authentication and Authorization are separate and distinct.Digital Identity are the Claims (Attributes or Identifiers) for a specific entity that provide Identification
Authentication is the process of establishing a Level Of Assurance that the Identification is authentic.
Authorization is when a Trustor grants a Permission to a Digital Identity (a Trustee) to perform a privilege against a Target Resource
Digital Identity is Also Know as#
There are many terms used to represent essentially the same thing.- Resource Owner is used in OAuth 2.0
- Subject is used in Security Assertion Markup Language (SAML)
- User is often used
- Principal is often used
- Consumer of services may be used
- Microsoft Account
- End-User
Please do NOT use Account. An Account is a some place where a Person (or a Digital Identity) puts an Asset in the hands of a Trustee. (Just a thing with Ldapwiki folks.)
Digital Identity, well Identity, is a Facet Of Building Trust
Digital Identity Classification#
There two broad Digital Identity Classifications:- foundational identity - is a multi-purpose, allowing access to multiple services or Resources.
- functional identity - solely for a narrowly defined service or Resource. For example, a medical insurance card is used to access health care and a voter ID card serves the purpose of conducting a vote
People love to make up words and phrases to express themselves.
Digital Identitys may be classified by the type of Identity Provider (IDP):
Digital Identity might also be classified by the Relationship as:
classified by the Identity Management Framework of the Digital Identity:
Digital Identitys may be Classified as one of the following:
- Privileged Identity which may be further Classified
- NORMAL_ACCOUNT
Digital Identity and Context#
A given Digital Identity is typically related to a given Context.How a Digital Identity relates to a Digital Subject#
There should be some further understandings about how a Digital Identity relates to a Digital Subject:- A Digital Identity is a set of Attributes about a Digital Subject for a specific Context
- For any given Digital Subject there will typically exist multiple Digital Identities. For Example:
Digital Identity Data Stores#
Within an Organizational Entity (i.e think of a company there may be the following Data Stores: There is probably a Employee with a Digital Identity defined in each of these Data Stores. Each one of these Data Stores has Attribute Values or Identifiers which could be presented to a Verifier as a Claim so each of them has a seperate Digital Identity that is associated with the same Employee. The combination of these Digital Identities is the Digital Subject within the Organizational Entity. Some folks refer to this as an Identity Cube.More Information#
There might be more information for this subject on one of the following:- AD DOMAIN
- API-Gateway
- Access Control
- Access Control Engine
- Access Control Models
- Access Proxy
- Account
- Account Expiration
- Account Inactivity
- Account Restrictions
- Account termination
- Act (Actor) Claim
- Adaptive Risk
- Administrative Identity
- Anonymous Identity
- Apple ID
- Assurance Level
- AtMention
- Authentication
- Authenticator
- Authorization
- Bandit-project.org
- Blockchain
- Blockchain Identity
- Blockstack
- Bot
- Bring Your Own Identity
- Business Entity
- Business to Business
- CardSpace
- CertiPath
- Certificate
- Certificate Issuer
- Chip Card
- Claim
- Computer account
- CoreID
- Credential
- Curators
- Customer Identity and Access Management
- Customer Relationship Management
- DID Subject
- Data Accuracy
- Data Leakage
- Data aggregator
- Data subject
- De-anonymization
- Decentralized Identity
- Delegation vs Impersonation
- DigiD
- Digital Context
- Digital Identity
- Digital Identity Acceptance Policy
- Digital Subject
- Domain Administrative Accounts
- Domain of OneS Own
- E-residency
- EID
- Emergency Identity
- Enrollment
- Enterprise Directory
- Entitlement
- Entitlement Example
- Entity
- Example Certificate
- Facial Analysis, Comparison, and Evaluation
- Federated Identity
- Federation
- Federation Models
- G-Suite User
- GCP Identity
- Geolocation Attributes
- Glossary Of LDAP And Directory Terminology
- Google Account
- Government Entity
- Group
- Higgins Project
- Hyperledger
- Hyperledger Indy
- IAM Charter
- IDM The Application Developers Dilemma
- IDPro
- IMA Interoperability Framework
- IMA Technical Reference Architecture
- Identifiable
- Identification
- Identifier
- Identify and Authenticate access to system components
- Identity Assurance
- Identity Attributes
- Identity Aware Proxy
- Identity Broker
- Identity Correlation
- Identity Credential and Access Management
- Identity Cube
- Identity Custodian
- Identity Data Store
- Identity Document
- Identity Governance and Administration
- Identity Lifecycle Management
- Identity Management Architecture
- Identity Proofing
- Identity Relation
- Identity Relationship Framework
- Identity Relationship Management
- Identity Sovereignty
- Identity State
- Identity Token
- Identity Trust Framework
- Identity Vault
- Identity Verification Service
- Identity and Access Management
- Impersonation
- Independent Identity
- Information Cards
- Internet of Things
- Intruder Detection
- Iss
- Item of Interest
- JML
- JSON Web Token Best Current Practices
- JSON-LD Examples
- Joiner
- Juridical Person
- Knowledge-Based Authentication
- LDAP Signing
- LIGHTest
- LOA 1
- LOA 2
- LOA 3
- Law of Consistent Experience Across Contexts
- Law of Directed Identity
- Law of Human Integration
- Law of Justifiable Parties
- Law of Pluralism of Operators and Technologies
- Law of User Control and Consent
- Leavers
- Legal Person
- Legitimacy of Social Login
- Level of Identity Proofing
- Lightweight Ethereum Identity
- Local Administrative Accounts
- Local Identity
- Local Security Authority
- MIT TRUST DATA CONSORTIUM
- MSFT Access Token
- Maverick Research The Death of Authentication
- Microsoft Account
- Modular Open Source Identity Platform
- Movers
- NIST.SP.800-63A
- NIST.SP.800-63C
- NOT_DELEGATED
- National Identification Number
- National Strategy for Trusted Identities in Cyberspace
- Neo-Security Stack
- Network Attributes
- Non-Governmental Entity
- Non-person entity
- OAuth 2.0 Token Revocation
- OAuth Confidential Client
- Online
- Open Identity Exchange
- OpenID
- OpenID Connect
- Openliberty.org
- Organizational Attributes
- Organizational Entity
- Organizational Identity
- Password
- Password Flow From Active Directory to eDirectory
- Permid
- Persistent Compute Objects
- Persona
- Personal Entity
- Personal Identification Number
- Principal
- Privacy Considerations
- Privileged Identity
- Profile
- Profile Management
- Provisioning
- Proxy-Authorization
- RFC 7643
- RFC 7644
- RSA SecurID
- Rap Back
- Registration
- Relative IDentifier
- Relying Party
- Repudiation
- Resource
- Resource Provisioning
- Risk-Based Authentication
- Robotic Process Automation
- SAFE-BioPharma
- SAML
- SAML Web Browser Profiles
- SCIM Object
- SECURITY_IMPERSONATION_LEVEL
- SIM Swap
- Scopes vs Claims
- Secure Production Identity Framework For Everyone
- Security Account Manager
- Security Domain
- Security Information and Event Management
- Security Token
- Self-Sovereign Identity
- Self-regulating Provisioning
- Service Account
- Single Sign-On
- Single Sign-On Scenarios
- Social Identity
- Social Login
- Social Websites
- Something You Know
- Sovrin
- Sovrin Foundation
- Sybil
- System for Cross-domain Identity Management
- TLS Client Authentication
- TRUSTED_FOR_DELEGATION
- TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
- Telegram
- Ten Principles of Self-Sovereign Identity
- The Laws of Relationships
- The Seven Laws Of Identity
- Token
- Touch ID
- Tracking
- Trust
- Trust Model
- Unidirectional identifier
- User Self Service
- User-centric Identity
- Username
- Vectors of Trust
- Verified_claims
- Verifier
- Voice recognition
- Web Blog_blogentry_020918_1
- Web Blog_blogentry_030117_1
- Web Blog_blogentry_031017_1
- Web Blog_blogentry_041118_1
- Web Blog_blogentry_140316_1
- Web Blog_blogentry_161018_1
- Web Blog_blogentry_230717_1
- Web Blog_blogentry_250719_1
- Web Blog_blogentry_250816_1
- WebID
- What Is IDM
- Windows Logon
- XDAS Trust Management Events
- Yadis
- Yadis ID
- Zero Trust
- [#1] - The Seven Laws Of Identity/TheLawsOfIdentity.pdf
- [#2] - A Primer on Functional Identity
- based on information obtained 2017-08-14
- [#3] - Identity and Trust
- based on information obtained 2019-08-08
- [#4] - If you turn to page 524
- based on information obtained 2019-09-14