Digital identity
Encyclopedia
For related uses, see Internet identity
Internet identity
Internet identity may refer to:* Online identity - personal self-concept as it relates to the Internet * Digital identity -...


Digital identity is the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things. Digital identity also has another common usage as the digital
Digital
A digital system is a data technology that uses discrete values. By contrast, non-digital systems use a continuous range of values to represent information...

 representation of a set of claims made by one digital subject about itself or another digital subject.

Digital subject

A digital subject is an entity represented or existing in the digital realm which is being described or dealt with. Every digital subject has a finite, but unlimited number of identity attributes. A digital subject can be human or non-human. Non-human examples include:
  • Devices and computers (with which we have built the "digital realm" in the first place);
  • Digital resources (which attract us to it);
  • Policies and relationships between other digital subjects (e.g., between humans and devices or documents or services).

Identity through relationship

An observer's perception of the digital identity of an entity is inevitably mediated by the subjective viewpoint of that observer (just as it is with physical identity). In order to attribute
Attribution
Attribution may refer to:Something, such as a quality or characteristic, that is related to a particular possessor; an attribute.*Attribution , concept in copyright law requiring an author to be credited...

 a digital representation to an entity, and so to elide the two as a digital subject, the attributing party (the observer) must trust that the representation does indeed pertain to the entity (see Authentication below). Conversely, the entity may only grant the observer selective access to its informational attributes (according to the identity of the observer from the perspective of the entity). In this way, digital identity is better understood as a particular viewpoint within a mutually-agreed relationship than as an objective property. This contextual nature of digital identity is referred to as contextual identity.

Authentication

Authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...

 is a key aspect of trust-based identity attribution, providing a codified assurance of the identity of one entity to another. Authentication methodologies include the presentation of a unique object such as a bank credit card, the provision of confidential information such as a password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....

 or the answer to a pre-arranged question, the confirmation of ownership of an e-mail address, and more robust but relatively costly solutions utilising encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...

 methodologies. In general, business-to-business authentication prioritises security while user to business authentication tends towards simplicity. New physical authentication techniques such as iris scanning, handprinting, and voiceprint
Voiceprint
Voiceprint can refer to the spectrogram of a voice. More specific uses include:* VoicePrint, Canada's broadcast reading service* Voiceprint Records, an English record label* The stored template used to identify a person via their voice in Speaker recognition...

ing are currently being developed and in the hope of providing improved protection against identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...

. Those new techniques fall into the area of Biometry (biometrics
Biometrics
Biometrics As Jain & Ross point out, "the term biometric authentication is perhaps more appropriate than biometrics since the latter has been historically used in the field of statistics to refer to the analysis of biological data [36]" . consists of methods...

), which belongs to the area of Artificial Intelligence or Machine Learning.

Identifiers

Digital identity fundamentally requires digital identifiers—strings or tokens that are unique within a given scope (globally or locally within a specific domain, community, directory, application, etc.). Identifiers are the key used by the parties to an identification relationship to agree on the entity being represented. Identifiers may be classified as omnidirectional and unidirectional. Omnidirectional identifiers are intended to be public and easily discoverable, while unidirectional identifiers are intended to be private and used only in the context of a specific identity relationship.

Identifiers may also be classified as resolvable or non-resolvable. Resolvable identifiers, such as a domain name
Domain name
A domain name is an identification string that defines a realm of administrative autonomy, authority, or control in the Internet. Domain names are formed by the rules and procedures of the Domain Name System ....

 or e-mail address
E-mail address
An email address identifies an email box to which email messages are delivered. An example format of an email address is lewis@example.net which is read as lewis at example dot net...

, may be dereferenced into the entity they represent, or some current state data providing relevant attributes of that entity. Non-resolvable identifiers, such as a person's real-world name, or a subject or topic name, can be compared for equivalence but are not otherwise machine-understandable.

There are many different schemes and formats for digital identifiers. The most widely used is Uniform Resource Identifier
Uniform Resource Identifier
In computing, a uniform resource identifier is a string of characters used to identify a name or a resource on the Internet. Such identification enables interaction with representations of the resource over a network using specific protocols...

 (URI) and its internationalized version Internationalized Resource Identifier
Internationalized Resource Identifier
On the Internet, the Internationalized Resource Identifier is a generalization of the Uniform Resource Identifier . While URIs are limited to a subset of the ASCII character set, IRIs may contain characters from the Universal Character Set , including Chinese or Japanese kanji, Korean, Cyrillic...

 (IRI)—the standard for identifiers on the World Wide Web
World Wide Web
The World Wide Web is a system of interlinked hypertext documents accessed via the Internet...

. OpenID
OpenID
OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities...

 and Light-Weight Identity
Light-Weight Identity
LID is a management system for online digital identities developed in part by . It was first published in early 2005, and is the original URL-based identity system, later followed by OpenID. LID uses URLs as a verification of the user's identity, and makes use of several open-source protocols...

 (LID) are two web authentication protocols that use standard HTTP URIs (often called URLs), for example.

Digital Object Architecture

Digital Object Architecture (DOA) provides a means of managing digital information in a network environment. A digital object has a machine and platform independent structure that allows it to be identified, accessed and protected, as appropriate. A digital object may incorporate not only informational elements, i.e., a digitized version of a paper, movie or sound recording, but also the unique identifier of the digital object and other metadata about the digital object. The metadata may include restrictions on access to digital objects, notices of ownership, and identifiers for licensing agreements, if appropriate.

The Handle System

The Handle System
Handle System
The Handle System is a technology specification for assigning, managing, and resolving persistent identifiers for digital objects and other resources on the Internet...

 is a general purpose distributed information system that provides efficient, extensible, and secure identifier and resolution services for use on networks such as the internet. It includes an open set of protocols, a namespace
Namespace
In general, a namespace is a container that provides context for the identifiers it holds, and allows the disambiguation of homonym identifiers residing in different namespaces....

, and a reference implementation of the protocols. The protocols enable a distributed computer system
Distributed computing
Distributed computing is a field of computer science that studies distributed systems. A distributed system consists of multiple autonomous computers that communicate through a computer network. The computers interact with each other in order to achieve a common goal...

 to store identifiers, known as handles, of arbitrary resources and resolve those handles into the information necessary to locate, access, contact, authenticate, or otherwise make use of the resources. This information can be changed as needed to reflect the current state of the identified resource without changing its identifier, thus allowing the name of the item to persist over changes of location and other related state information. The original version of the Handle System technology was developed with support from the Defense Advanced Research Projects Agency (DARPA).

Extensible Resource Identifiers

A new OASIS
OASIS (organization)
The Organization for the Advancement of Structured Information Standards is a global consortium that drives the development, convergence and adoption of e-business and web service standards...

 standard for abstract, structured identifiers, XRI (Extensible Resource Identifiers), adds new features to URIs and IRIs that are especially useful for digital identity systems. OpenID
OpenID
OpenID is an open standard that describes how users can be authenticated in a decentralized manner, eliminating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities...

 also supports XRIs, and XRIs are the basis for i-name
I-name
I-names are one form of an XRI — an OASIS open standard for digital identifiers designed for sharing resources and data across domains and applications. I-names are human readable XRIs intended to be as easy as possible for people to remember and use. For example, a personal i-name could be =Mary...

s.

Policy aspects of digital identity

There are proponents of treating self-determination and freedom of expression of digital identity as a new human right
Human rights
Human rights are "commonly understood as inalienable fundamental rights to which a person is inherently entitled simply because she or he is a human being." Human rights are thus conceived as universal and egalitarian . These rights may exist as natural rights or as legal rights, in both national...

. Some have speculated that digital identities could become a new form of legal entity.

Taxonomies of identity

Digital identity attributes—or data—exist within the context of ontologies
Ontology (computer science)
In computer science and information science, an ontology formally represents knowledge as a set of concepts within a domain, and the relationships between those concepts. It can be used to reason about the entities within that domain and may be used to describe the domain.In theory, an ontology is...

. A simple example of a taxonomy is "A cat
Cat
The cat , also known as the domestic cat or housecat to distinguish it from other felids and felines, is a small, usually furry, domesticated, carnivorous mammal that is valued by humans for its companionship and for its ability to hunt vermin and household pests...

 is a kind of animal
Animal
Animals are a major group of multicellular, eukaryotic organisms of the kingdom Animalia or Metazoa. Their body plan eventually becomes fixed as they develop, although some undergo a process of metamorphosis later on in their life. Most animals are motile, meaning they can move spontaneously and...

." An entity represented in this ontology as a "cat" is therefore invariably also considered an "animal." In establishing the contextual relationship of identity attributes to one another, taxonomies are able to represent identity in terms of pre-defined structures. This in turn allows computer applications to process identity attributes in a reliable and useful manner. XML
XML
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....

 (eXtensible Markup Language) has become a de facto standard for the abstract description of structured data.

Taxonomies inevitably reflect culturally
Cultural relativism
Cultural relativism is the principle that an individual human's beliefs and activities should be understood by others in terms of that individual's own culture. This principle was established as axiomatic in anthropological research by Franz Boas in the first few decades of the 20th century and...

 and personally relative world views. Consider two possible elaborations of the above example:
  1. "A cat is a kind of animal. A domestic cat is a kind of cat and is a pet."
  2. "A cat is a kind of animal. A domestic cat is a kind of cat and is edible by humans."


Someone searching the first taxonomy for pets would find "domestic cat," whereas a search of the second taxonomy for foodstuffs would yield the same result! We can see that while each taxonomy is useful within a particular cultural context or set of contexts, neither represents a universally valid point of view on domestic cats.

The development of digital identity network solutions that can interoperate taxonomically-diverse representations of digital identity is a contemporary challenge. Free-tagging
Folksonomy
A folksonomy is a system of classification derived from the practice and method of collaboratively creating and managing tags to annotate and categorize content; this practice is also known as collaborative tagging, social classification, social indexing, and social tagging...

 has emerged recently as an effective way of circumventing this challenge (to date, primarily with application to the identity of digital entities such as bookmarks and photos) by effectively flattening identity attributes into a single, unstructured layer. However, the organic integration of the benefits of both structured and fluid approaches to identity attribute management remains elusive.

Networked identity

Identity relationships within a digital network may include multiple identity entities. However, in a decentralised network like the Internet, such extended identity relationships effectively require both (a) the existence of independent trust relationships between each pair of entities in the relationship and (b) a means of reliably integrating the paired relationships into larger relational units. And if identity relationships are to reach beyond the context of a single, federated ontology of identity (see Taxonomies of identity above), identity attributes must somehow be matched across diverse ontologies. The development of network approaches that can embody such integrated "compound" trust relationships is currently a topic of much debate in the blogosphere
Blogosphere
The blogosphere is made up of all blogs and their interconnections. The term implies that blogs exist together as a connected community or as a social network in which everyday authors can publish their opinions...

.

Integrated compound trust relationships allow, for example, entity A to accept an assertion or claim about entity B by entity C. C thus vouches for an aspect of B's identity to A.

A key feature of "compound" trust relationships is the possibility of selective disclosure from one entity to another of locally relevant information. As an illustration of the potential application of selective disclosure, let us suppose a certain Diana wished to book a hire car without disclosing irrelevant personal information (utilising a notional digital identity network that supports compound trust relationships). As an adult, UK resident with a current driving license, Diana might have the UK's Driver and Vehicle Licensing Agency
Driver and Vehicle Licensing Agency
The Driver and Vehicle Licensing Agency is the organisation of the UK Government responsible for maintaining a database of drivers and a database of vehicles in Great Britain; its counterpart in Northern Ireland is the Driver & Vehicle Agency...

 vouch for her driving qualification, age and nationality to a car-rental company without having her name or contact details disclosed. Similarly, Diana's bank might assert just her banking details to the rental company. Selective disclosure allows for appropriate privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...

 of information within a network of identity relationships.

A classic form of networked digital identity based on international standards is the "White Pages".

An electronic white pages links various devices, like computers and telephones, to an individual or organization. Various attributes such as X.509v3 digital certificates for secure cryptographic communications are captured under a schema, and published in a LDAP
Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network...

 or X.500
X.500
X.500 is a series of computer networking standards covering electronic directory services. The X.500 series was developed by ITU-T, formerly known as CCITT, and first approved in 1988. The directory services were developed in order to support the requirements of X.400 electronic mail exchange and...

 directory. Changes to the LDAP standard are managed by working groups in the IETF, and changes in X.500 are managed by the ISO. The ITU did significant analysis of gaps in digital identity interoperability via the FGidm, focus group on identity management.

Implementations of X.500[2005] and LDAPv3 have occurred world wide but are primarily located in major data centers with administrative policy boundaries regarding sharing of personal information. Since combined X.500 [2005] and LDAPv3 directories can hold millions of unique objects for rapid access, it is expected to play a continued role for large scale secure identity access services. LDAPv3 can act as a lightweight standalone server, or in the original design as a TCP-IP based Lightweight Directory Access Protocol compatible with making queries to a X.500 mesh of servers which can run the native OSI protocol.

This will be done by scaling individual servers into larger groupings that represent defined "administrative domains", (such as the country level digital object) which can add value not present in the original "White Pages" that was used to look up phone numbers and email addresses, largely now available through non-authoritative search engines.

The ability to leverage and extend a networked digital identity is made more practicable by the expression of the level of trust associated with the given identity through a common Identity Assurance Framework.

Academic work

Research on identity is done in a variety of disciplines such as law
Law
Law is a system of rules and guidelines which are enforced through social institutions to govern behavior, wherever possible. It shapes politics, economics and society in numerous ways and serves as a social mediator of relations between people. Contract law regulates everything from buying a bus...

, technology
Technology
Technology is the making, usage, and knowledge of tools, machines, techniques, crafts, systems or methods of organization in order to solve a problem or perform a specific function. It can also refer to the collection of such tools, machinery, and procedures. The word technology comes ;...

, and information systems
Information systems
Information Systems is an academic/professional discipline bridging the business field and the well-defined computer science field that is evolving toward a new scientific area of study...

 alongside other social
Social
The term social refers to a characteristic of living organisms...

, political and management
Management
Management in all business and organizational activities is the act of getting people together to accomplish desired goals and objectives using available resources efficiently and effectively...

 issues.

See also

  • Authentication
    Authentication
    Authentication is the act of confirming the truth of an attribute of a datum or entity...

  • Digital footprint
    Digital footprint
    A digital footprint is a trail left by an entity's interactions in a digital environment; including their usage of TV, mobile phone, internet and world wide web, mobile web and other devices and sensors...

  • E-Authentication
    E-Authentication
    E-authentication is a shorthand for electronic authentication. Authentication is a process closely related to identification. In online environments, the username identifies the user, while the password authenticates that the user is whom he claim to be....

  • Entity
    Entity
    An entity is something that has a distinct, separate existence, although it need not be a material existence. In particular, abstractions and legal fictions are usually regarded as entities. In general, there is also no presumption that an entity is animate.An entity could be viewed as a set...

  • Federated Identity
    Federated identity
    A federated identity in information technology is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems....

  • FIDIS (Future of Identity in the Information Society)
  • Global Trust Center
    Global Trust Center
    Global Trust Center is an international not-for-profit organisation that aims to develop policies to protect the rights and integrity of individual users of digital communications while reaffirming accountability and legal values...

  • Global Trust Council
    Global Trust Council
    The Global Trust Council is a non-profit, independent and international organisation which creates frameworks for digital transactions. Its headquarters are located in Malmo, Sweden...

  • Identity
    Identity (social science)
    Identity is a term used to describe a person's conception and expression of their individuality or group affiliations . The term is used more specifically in psychology and sociology, and is given a great deal of attention in social psychology...

  • Identity management
    Identity management
    Identity management is a broad administrative area that deals with identifying individuals in a system and controlling access to the resources in that system by placing restrictions on the established identities of the individuals.Identity management is multidisciplinary and covers many...



  • Identity 2.0
    Identity 2.0
    Identity 2.0, also called digital identity, is set of methods for identity verification on the internet using emerging user-centric technologies such as Information Cards or OpenID. Identity 2.0 stems from the Web 2.0 theory of the World Wide Web transition...

  • IDsec An open source, digital identity software.
  • Informational self-determination
    Informational self-determination
    The term informational self-determination was first used in the context of a German constitutional ruling relating to personal information collected during the 1983 census....

  • Online identity
    Online identity
    An online identity, internet identity, or internet persona is a social identity that an Internet user establishes in online communities and websites...

  • Pseudonymity
    Pseudonymity
    Pseudonymity is a word derived from pseudonym, meaning 'false name', and anonymity, meaning unknown or undeclared source, describing a state of disguised identity. The pseudonym identifies a holder, that is, one or more human beings who possess but do not disclose their true names...

  • Privacy
    Privacy
    Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...

  • Quantum cryptography
    Quantum cryptography
    Quantum key distribution uses quantum mechanics to guarantee secure communication. It enables two parties to produce a shared random secret key known only to them, which can then be used to encrypt and decrypt messages...

  • Social map
    Social map
    In social geography a social map the cartographic, twodimensional representation of social institutions or processus projected on a plane. The first social maps date from the early 20th century. A recent example is the mapping of the residences of U.S...


External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK