There has been some discussion on the idworkshop list about defining an identity stack, on the premise that it would help clarify the discussion similiar to how the 7 layers of networking provided clarity. (I was not around at the time, so don’t know first hand if it helped 🙂
It reminded me of some brainstorming we had done here at Sxip — so I’ll toss out these 4 layers of identity:
4. asserted identity
3. entity identity
2. profile identity
1. session identity
- Session identity is knowing it is the same the same entity throughout a session. Cookies are often used to track this in web applications.
- Profile identity is user asserted data about themselves such as postal address, favorite colour, photo etc.
- Entity identity is knowing it is the same entity across sessions, and perhaps even across servers. Providing the same username/password can provide entity identity. A URL provided by OpenID does a similar task.
- Asserted identity is where a trusted 3rd party makes a statement about the entity or session. This could be that the user is an employee of a company, is over 21, is Star Alliance Gold, has an email address etc.
Does this make sense or am I smoking crack?
Update
Discussion on the gang list has moved to agreeing that the concept of a “stack” or a “layers” is likely not the right way of looking at the problem. An architecture may be a better approach. Stay tuned.
Dick,
I think the four layers makes sense but it runs the risk of over simplifying. The concept of discrete persona(e) which an individual may keep separate does not seem to flow logically through this model.
May be we need to present the concepts as a multi-dimensional cube rather than layers. This may help people visualize that an individual may have multiple discrete persona that are constructed from multiple elements in each of these layers.
Another way of thinking about this issue is when we consider how to handle our personal and work personae. If I were to hold a sensitive position as an employee with special security clearances I may not want any of that information to be associated with any aspect of my personal identity. For example, if someone was an undercover agent they might in fact have a completely independent multi-faceted identity.
So I meander back to supporting your four basic layers but need some recognition of the multi-dimensional challenge.
Dick,
You are not smoking crack! But the concepts you laid down are like crack – They keep dragging me back in to this mind bending dimension!
I have been thinking more about your 4 layers of identity. I am not as familiar as you with the concepts behind the four layers so I have a question/comment.
Between layer 3 and 4 (entity identity and asserted identity) does it make sense to establish an additional layer: Inferred Identity.
If you think about it on a daily basis when we conduct transactions we make inferences from the data we are dealing with. If we compile enough identity fragments we make an inference about the legitimate identity of an individual.
For example: A vendor may accept a copy of a billing statement from a utility vendor in conjunction with one or two other items of identification to determine if a person can open an account. Each identity fragment on its own may not be from a "trusted source" but when we see a group of fragments that demonstrate a common thread, such as home address, we infer that all of the combined fragments are valid.
Therefore:
3.5 Inferred Identity is where multiple, partially overlapping identity fragments from multiple untrusted sources are combined to make a statement about the entity or session. This could be that a series of sites confirm that the user is based at the same home address of record and the last 4 digits of the users credit card is recorded as the same by one of these sites plus an additional site.
Dick,
Loved your presentation. Not entirely sure I love the topic material.
In your presentation (which was magnificent) you discussed modeling the identity system to the real world. Well… One facet of the real world that should be taken into account is that we rarely have to identify ourselves, thus anonymity. The cashier at McDonald’s doesn’t care who I am when I pay with cash. Perhaps we need a cash card infrastructure that doesn’t map to identity? Most of the time, they don’t care when I pay with credit card either (but that is another issue).
Now we look at the Internet, very rarely are there ever websites who don’t care who you are. It breaks the fundamental model of advertisements and personalization of content. However, in order to model the real world, there needs to be a release of identity to provide a lack of identity for transactions that aren’t important (reading news). However, given organizations like doubleclick or other similar outfits, I doubt this will happen. Again, several models would need to change in order to reflect the real world, for instance, I generally don’t have to identify myself in order to speak, even on services like the radio. Where as on the blog sites, I do.
Comments like the last commenter who stated that we should add a layer to combine partial identity information for inference are dangerous. What if this layer was exposed? In the government, that is what Intelligence personnel do. They infer based on fragments and their sometimes quite good at it. I wouldn’t want that type of power in industry inferring my buying habits, or worse, that type of power in the black market inferring my credit card information (or stealing my non-identifiable cash card and pin).