Monday, 29 June 2009

Digital identity management primer for policy makers & others

Diagram 1: Individuals (Data Subjects [smileyface]) and Providers of Services, Claims, and Identifiers: Who Holds the Personal Data and What are the Links between These Parties?
(Click diagram to enlarge)

A very good concise introductory non-technical guide /summary of the main issues.
To quote from its foreword, it:
"aims to provide policy makers a broad-brush understanding of the various dimensions of digital identity management (IdM). Consistent with the Seoul Ministerial Declaration [for the future of the internet economy], it also aims to support efforts to address public policy issues for securely managing and protecting digital identities, with a view to strengthening confidence in the online activities crucial to the growth of the Internet Economy."
On IdM for individuals only, not non-natural persons; but has an excellent overview of:
  • key concepts / processes
  • how (very broadly) idM may be used in government, business and socially, and
  • technical / organisational / public policy issues.

Table 1: Features of Technology Models for IdM systems

Siloed Centralised Federated User-Centric
of Authentication
The user authenticates to each account
when he wishes to use it.
The user authenticates to one main account.
The user authenticates to an identity
provider, with this one authentication serving for the federation.
The user authenticates to identity providers,
and service providers have to rely on that authentication.
of Identity Information
Identity information is stored in separate
service provider accounts.
Identity information is stored in the
one main account, a super account.
Service providers in the federation
keep separate accounts in different locations. They may have agreements
for sharing information.
Identity information is stored by identity
providers chosen by the user. The user can help prevent the build-up
of profiles that others hold about him.
of linking accounts/ learning if they belong to the same person

There is no linking between accounts
and no information flow between them.
Linking between accounts is not applicable.
(A user’s full profile resides in that single place.)
The identity provider can indicate what
identifiers for accounts with federation members correspond to the same
Uses of cryptography can prevent linkages
between a user’s different digital identities, leaving the user in
Characteristics (who is dependent on whom, for what)
The user is reliant on the service provider
to protect their information, even if limited. The absence of information
sharing has privacy advantages.
The user is reliant on the service provider
to maintain the privacy and security of all of his or her data.
Users have rights from contracts, but
they may be unfamiliar with options. The federation has leverage as
it is in possession of the user’s information.
Users can keep accounts separate and
still allow information to flow, but bear greater responsibility.
Siloed accounts are inconvenient for
users and service providers due to multiple authentications, redundant
entry of information, and lack of data flow.
This arrangement is easy for the user
since he or she only has to deal with one credential to call up the
account and since he or she has to authenticate just once.
Other members of the federation avoid
the burden of credential management. Organisations that provide services
to a user can coordinate service delivery.
Users may be ill-equipped to manage
their own data (also a vulnerability) and may need training and awareness-raising.
Siloed systems offer the advantage of
having limited data on hand, thus creating less of an incentive for
attack. They also have a better defined and stronger security boundary
to keep attackers out and limit exposure from failures.
The central party controls the person’s
entire profile; other entities have little to check that profile against,
and an insider could impersonate the person or alter data. Currently
there is no way to safeguard data after it has been shared.
Users have little input into the business-partner
agreements. Some service providers will set up federation systems to
exploit users. Currently there is no way to safeguard data after it
has been shared.
Concentration in the market for identity
providers could leave them with much power. Currently there is no way
to safeguard data after it has been shared.

Note: The diagram and table above are excerpts from the above OECD paper (pp. 18 and 19) and are © OECD 2009.

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.