DOC PREVIEW
Yale CPSC 457 - Digital Identity Management on the Internet

This preview shows page 1-2-3-4-5 out of 16 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

IntroductionWhat is Digital Identity?Identity in the Physical WorldDigital Identity and Its LimitationsDigital Identity ManagementDigital Identity on the Internet: Current ProblemsUnreliable Identification of SubjectsAccount ManagementInconsistent User ExperienceLack of FederationSecurity WeaknessesVast Propagation of Sensitive InformationLegislative SolutionsExisting Technological Solutions.NET PassportLiberty AllianceSAMLCommunicating Identity Information SecurelyThe Liberty Alliance Project and ShibbolethOngoing Technological DevelopmentsURL-Based Identity ManagementOpenID and Similar Identity Management SystemsSXIPPros and Cons of URL-Based IdentityThe WS-* Architecture: An Identity MetasystemImplementing WS-*: Microsoft’s InfoCard Identity SelectorThe Future of Digital Identity ManagementProblems Solved By WS-* and InfoCardUnreliable Identification of SubjectsAccount managementInconsistent User ExperienceLack of FederationVast Propagation of Sensitive InformationRemaining Issues with WS-* and InfoCardSecurityInfoCard ManagementPrivacyBarriers to AdoptionConclusionReferencesDigital Identity Management on the InternetWill TsuiApril 28, 2006CPSC 457: Sensitive Info in a Wired WorldProfessor Joan FeigenbaumIntroductionIt did not take long for the Internet to evolve from a time when the primary use of the web was for public distribution of static files to an era of Internet services designed to disseminate information based on the unique needs of a single networked user or entity. As Internet technologies have matured and become more cost-effective to utilize, individuals and organizations throughout the world have set up online services that take advantage of the convenience of the global network to enable communication and facilitate business transactions. Because the existing Internet architecture, based on the IP protocol, was designed with simplicityin mind, it provides an effective way to connect devices but does not concern itself with whom orwhat is being networked. As a result, Internet users wishing to take part in private communications or transactions ordinarily have had to establish their identities by manually creating separate accounts at each Internet service. Additionally, with transactions of higher and higher value being made over the Internet, a large, new community of hackers has formed to pray on the weaknesses of the existing Internet architecture to seize the identities of both Internetusers and service providers. These issues, among others, illustrate the overwhelming need for a new solution to the digital identity problem on the Internet, in hopes that some day Internet users will be able to make transactions on the Internet safely, privately, and conveniently.What is Digital Identity?Identity in the Physical WorldAccording to the Merriam-Webster dictionary, identity is “the condition of being the same with something described or asserted.” Essentially, identity is made up of characteristics that describe “an entity, be it a person or thing.” [16] While as humans we tend to feel entirely unique, each with our own undefined, irreplaceable sense of individuality, in the real, physical world, one’s identity does come down to how one is described, either by self-assertions or by assertions of another.For example, in order to purchase alcohol in the United States, it is the policy of every law-abiding liquor store that you must be 21 years of age. If your appearance obviously indicatesthat you are aged well past 21 years, it is often the case that the merchant will see this self-asserted age characteristic as your true identity and conduct the transaction without further verification. If you do not fit into this category with your appearance, you are required to furnish to the merchant a credential that asserts your age is at least 21. The credential must, too, be identified by the merchant to ensure that it is valid and government-issued. Only if the merchant identifies it as a valid, government credential, the credential’s photo matches your self-asserted appearance, and the credential asserts that you are the appropriate age, are you able to legally purchase alcohol.In addition, there are limitations to how well a person or entity can be identified. In the event of a crime from which the perpetrator’s DNA was recovered, it’s possible that the DNA recovered was sampled from the innocent suspect’s identical twin. Or, even if the true criminal was apprehended, it’s possible (though very unlikely) that, when undergoing blood tests for a DNA comparison, the blood drawn from the criminal’s arm had been from a small, surgically-installed sack containing another individual’s blood. Thus, in this situation it could not be proventhat he was the criminal.In any authentication system, there are only three known authentication factors: something you have, something you are, and something you know. [16] Additionally, combinations of the three factors can be use to strengthen authentication. Things that you have, like physical, metal keys, can be stolen. Things you retain in your memory, like passwords, can be communicated to other parties. Attributes that are part of you, like your fingerprints and facialappearance, are not easily transferable but can still not be absolutely attributed to your one, true identity. Identity in the real, physical world can never be proven with 100% certainty. Digital Identity and Its LimitationsIf real-world identity is a set of characteristics used to describe oneself asserted by oneself or another, similarly, a digital identity is a set of characteristics asserted “by one digital subject about itself or another digital subject, in a digital realm.” [2] A digital subject, like a subject in real life, is anything that is described—it need not be human.As in real life, where the certainty of proving a subject’s identity is limited by the strength of one or more authentication factors, a subject’s digital identity can never be proven 100%. In the digital realm, where interactions occur with easy-to-manipulate, easy-to-replicate transmissions of bits, identifying a subject is inherently more difficult. An online liquor store could never sell alcohol to an Internet user who sends in, as proof of his age, a digital photo of anobviously old man.Digital Identity ManagementDigital identity management, as opposed to digital identity itself, is focused on maintaining these asserted characteristics of subjects


View Full Document
Download Digital Identity Management on the Internet
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Digital Identity Management on the Internet and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Digital Identity Management on the Internet 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?