SlideShare a Scribd company logo

Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway

Dazza Greenwood
Dazza Greenwood

These slides went with Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway.

TechnologyBusiness
1 of 7
Download to read offline
1 May 7/8; Trondheim, Norway Context, Terms, Models and Options for Digital Identity Management Daniel “Dazza” Greenwood Lecturer, Massachusetts Institute of Technology Director, MIT eCommerce Architecture Program Principal, CIVICS.com http://ecitizen.mit.edu http://www.civics.com dazza@media.mit.edu Presented at the OECD Workshop on Digital Identity Management In Cooperation With the Norwegian Ministry of Education & Research and Ministry of Government Administration & Reform Global Identity Management Daz Greenwood: www.CIVICS.com Digital Identity is Inextricably Part of Identity, Writ Large Narrowly, Identity Management Speaks to the Life-Cycle Milestones, Data and Processes For Records Related to Individual User Accounts on ICT Systems. Requirements & Constraints for ID Systems Differ Depending Upon the Context: The Types of Users Identified (vendor, customer, citizen, friend, congregant, whistleblower, etc), the Types of Transactions, Applicable Law and Custom, etc. Agreed International Identity Infrastructures are Needed to Allow and Protect Interoperability, Integrity, Individuals
2 Three Clarifying Questions (and one key comment) 1. What is Authentication and Authorization? (Proving ID & What You Can Do With It) 2. What is Identity? (Who we authenticate - complex, evolving with blurred boundaries) 3. What is Identity Management in the Context of this OECD Workshop? * The OECD Privacy Guidelines Structured Thinking and Propelled Good Policy for Decades – An International Identity Bill of Rights is Needed Now, to Safeguard Identity Autonomy, And Create a Global Infrastructure for the Interoperability and Integrity of Identity and Authentication in All Sectors Old Concepts of Self: Names are “Significant” and the Power to Name is the Power to Control Biblical names • In the Old Testament, the names of individuals are meaningful; for example, Adam is named after the "earth" (Adama) from which he was created. (Genesis 2) • A change of name indicates a change of status. For example, the patriarch "Abram" is renamed "Abraham" before he is blessed with children. His wife, "Sarai" is similarly renamed "Sarah." (Genesis 17) Talmudic attitudes • The Babylonian Talmud maintains that names exert an influence over their bearers: • From where do we know that a name has a causal effect ("shama garim"). Says Rabbi Elazar: the verse says, (Psalms 46:9) "Go see the works of God, who puts desolation (shamot) in the earth." Read not "desolation" but "names" (shemot). (B.T. Berachot 7b) • Furthermore, a change of name is one of four actions that can avert an evil heavenly decree. (B.T. Rosh Hashana 16b) • Commentators differ as to whether this influence is metaphysical - a connection between name and essence - or psychological. (See Meiri, Ritva to B.T. Rosh Hashana 16b) • Talmudic sage, Rabbi Meir, would infer a person's nature from his or her name. The Talmud also states that all those who descend to Gehennom will rise, except for three, including he who calls another by a derisive nickname. (B.T. Yoma 83b; J.T. Rosh Hashana 3:9; B.T. Yoma 38a; B.T. Bava Metzia 58a) • From Wikipedia Article on Names
3 From Economic Modeling and Risk Management in Public Key Infra-- strutuctures, available at: http://www.masse.org/rsa97/ index.html Core Identity Vs. Non-Core Identity Data Three Models of Identity Management Systems 1. Centralized Ownership and Decision Making a) The people identified are not in charge of their identity within this system b) The system adheres based upon command and control from the center c) Nearly all X.500, LDAP, X.509 and other directory related identity management systems fall under this category. 2. Federated Ownership and Decision Making a) The people identified are typically not in charge of their identity within this system, 3. Individual Ownership and Decision Making The Pretty Good Privacy application is a good example of this model, allowing individual users to trade
4 Three Trust Models 1. Authority Based (agreement is based upon legal obligations sourcing from public law) a) National Identity Card or National Passport, whereby a nation-state requires a particular approach according under the authority of national law. b) Public Benefits programs (welfare) whereby the government identifies eligible recipients of a privilege according to enabling legislation, granting legal authority to that agency for such purposes. 2. Power Based (agreement is either based on adhesion or coercion) a) Large buyer topping a supply chain dictates the authentication and identity management used for systems feeding into its eProcurement application. b) Large industry player dictates standards and practices required to interoperate with it’s systems or applications (however, note that even Microsoft was unable to leverage it’s considerable market power to build Passport into an accepted standard). c) Employer with large workforce may, of course, require use of on or more particular Identity Management solutions as a condition of employment (e.g. “We use Acme HR System here”). 3. Agreement Based (agreement is based on free choice among equals) a) Federated systems, whereby the participating organizations agree to play be common standards and practices. b) Systems based upon individual agreement to participate (web of trust, etc). Three Organizational Models 1. Funnel (Usually comprised of a single enterprise, perhaps containing many subordinate organizations, Taking all-comers and homogenizing them into a prescribed, assimilated amalgam, from many creating one, “Self to self”). 2. Flock (Clusters of Participating Organizations, Opt-In/Scalable, Common Standards Connecting Heterogeneous Systems, “Open but Bounded”, “Friend to Friend”). Liberty Alliance based federations are examples of these clusters, as are the few organizations that have attempted to “cross-certify” using PKI. 3. Fractal (Assertion-Based, No Prior Agreement Between Parties Needed, Permits Compex/Emergent Networks of Relationship, “Stranger-to- Stranger”)[PGP, E-Mail]. [Note: MySpace and eBay type systems, while permitting serendipitous encounters among people, are not examples of this because each party has already opted to comply with an agreement (terms of service, terms and conditions, user contract, etc) and operate within a constrained artificial market created to contain, structure and enable certain types of activities – they are not “free range” systems, such as e-mail on the Internet or spontaneous agreement to exchange PGP keys or E-mail addresses – both forms of identity – between potentially any parties.]
5 Three Technical Architectures 1. CDLIS/Real ID “Pointer-System” a) Central Pointer File, containing subset of key “disambiguating” information, comprised of records for each identified user b) Each mini-record in the central file contains a “pointer” to the then current database where the entire record can be found. c) The pointer information is updated, as the user record migrates from one to another backend databases (representing a move of the user from one jurisdiction to another) d) The full record pointed to from a central file and residing in a local database is under the ownership and control of the local organization. 2. Probabilistic or Heuristic Systems a) Based on scoring confidence a given user in fact has a given identity, and that the various partial element of identity in fact combine to a particular individual user. b) May be based on complex algorithms, contextually weighting information of various types or sources, following contingent or decision trees, and leveraging simple inference or fuzzy logic. c) Frequently includes query and response with user, posing various questions, using knowledge-based- authentication, and checking responses against a variety of backend or linked systems. 3. Credential Service Provider and Multiple Relying Party Systems a) An authentication credential (replete with and sometimes merged into the identity information for the subject identified in the credential) is issued by a Credential Service Provider (CSP) to each end-user. b) The token may be hardware, software or another approach. An X.509 certificate is a good example of such a token. A SAML assertion can also serve as such a credential. Of course, a username, physical token or other data, software or thing may serve equally. c) The end-user, upon seeking authentication by a participating party, presents their credential and that party then validates the token by reference to the CSP or an outsourced repository of the CSP, and upon satisfactory confirmation may then reply upon the credential and the identity of the end-user. The context within which the end-users identity exists in one such system may, however, be quite different in another, hence affecting assumptions about authority or role from system to system. Three Contexts of Identity 1. Digital Identity (Username, IP/MAC, E- Mail Address) 2. Physical Identity (Passport, Driver License, Club Card) 3. Dual Identity (RFID exemplar of “Converged Identity”, HSPD-12, MIT ID applications – Real ID?)
6 Architecture of a Safe House for Identity Protection An International Information Infrastructure for Integrity and Interoperability of Internet Identities (i7)(i5), creating in effect a "white-list" or “Safe Zone” to prevent spam and Identity Theft and unlawful tracking or other information sharing and abuse. In essence, every participating country or organization agrees to certain rules by contract (Operating Rules). The agreement include a commitment to operate or outsource a help-desk for how-to and complaints and commencing dispute resolution (from ID Theft, to tech problems to complaints about the stewards of the identity system). Cluster of Rights and Duties Under Concept of Identity Autonomy Includes: - Right to “Not Carry” (anonymity, absent particular non-trivial act) - Right to Ombuds Attention and Follow Through and Public Reporting - Right to Reclaim Identity and Start Anew (like bankruptcy) - Right to Multiple Disposable Pseudonyms - Right to Encryption of Personal Data - Responsible for Reporting Suspected Compromise ASAP - Responsible for Costs and Liability up to a Ceiling (e.g. Reg E, Reg Z) - Responsible for Using Identity(ies) Without Intent to Deceive or Defraud Identity Management Control Panel for Each Individual Made Possible by an Agreed International Guideline on Identity Autonomy - Including “Relationship Management” Panel for Other Individuals or Organizations - Including “Consent Assertion Markup Language” Management Panel - Including Logs and Alerts for Prior and Pending Requests, Wizard for Future - Including Location-Aware, Presence-Aware, Context- Sensitive Privacy/Access Filters for Tracking - Link to Static Government Identity When Needed by User or for Lawful Demand, Never Otherwise. - Provisioning of Pseudonyms on Real-Time, Disposable Basis and Real Time Swap-Out of Compromised Authentication or Even Identity
7 Alternative Title: P/I+U=N or Does the “I” In Identity and the “U” in User Equal the “Person” in Personalization? Solving for “N” in Name Contact Information For More Information: http://ecitizen.mit.edu http://www.civics.com dazza@media.mit.edu 650-504-5474 Daniel J. Greenwood, Esq. Lecturer, Media Lab, MIT Director, MIT E-Commerce Architecture Program Principal, CIVICS.com

Recommended

Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCIKaliya "Identity Woman" Young
 
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...ijtsrd
 
Privacy Preservation And Data Security In Location Based Services
Privacy Preservation And Data Security In Location Based ServicesPrivacy Preservation And Data Security In Location Based Services
Privacy Preservation And Data Security In Location Based ServicesEditorJST
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
GDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationGDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationSteven Meister
 
My Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessMy Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessKaliya "Identity Woman" Young
 
History of Identity in Computers
History of Identity in ComputersHistory of Identity in Computers
History of Identity in ComputersKaliya "Identity Woman" Young
 
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationInsight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationKaliya "Identity Woman" Young
 

Recommended

Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCIKaliya "Identity Woman" Young
 
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...Investigation of Blockchain Based Identity System for Privacy Preserving Univ...
Investigation of Blockchain Based Identity System for Privacy Preserving Univ...ijtsrd
 
Privacy Preservation And Data Security In Location Based Services
Privacy Preservation And Data Security In Location Based ServicesPrivacy Preservation And Data Security In Location Based Services
Privacy Preservation And Data Security In Location Based ServicesEditorJST
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
GDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationGDPR BigDataRevealed Readiness Requirements and Evaluation
GDPR BigDataRevealed Readiness Requirements and EvaluationSteven Meister
 
My Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessMy Identiverse: The Evolution of Digital Identity and Openness
My Identiverse: The Evolution of Digital Identity and OpennessKaliya "Identity Woman" Young
 
History of Identity in Computers
History of Identity in ComputersHistory of Identity in Computers
History of Identity in ComputersKaliya "Identity Woman" Young
 
Insight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationInsight analytics: Identity Nexus - The Future of Consumer Personal Information
Insight analytics: Identity Nexus - The Future of Consumer Personal InformationKaliya "Identity Woman" Young
 
Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper Mike Nejad
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Kaliya "Identity Woman" Young
 
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET Journal
 
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward SecurityCost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security1crore projects
 
Domains of Identity
Domains of IdentityDomains of Identity
Domains of IdentityKaliya "Identity Woman" Young
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age Cartesian (formerly CSMG)
 
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ... COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...IJCSIS Research Publications
 
Blockchain v Cryptocurrency: Talk for BridgeSF
Blockchain v Cryptocurrency: Talk for BridgeSF Blockchain v Cryptocurrency: Talk for BridgeSF
Blockchain v Cryptocurrency: Talk for BridgeSF Kaliya "Identity Woman" Young
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modiMohit Modi
 
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...kcortis
 
My DocSafe white paper 1
My DocSafe white paper 1My DocSafe white paper 1
My DocSafe white paper 1danielstachowiak
 
Personal Data Store Project
Personal Data Store ProjectPersonal Data Store Project
Personal Data Store ProjectKaliya "Identity Woman" Young
 
Blockchain: it's much more than Bitcoin
Blockchain: it's much more than BitcoinBlockchain: it's much more than Bitcoin
Blockchain: it's much more than BitcoinKuba Tymula
 
KYC using Blockchain
KYC using BlockchainKYC using Blockchain
KYC using Blockchainijtsrd
 
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, MicrosoftBlockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, Microsoftbernardgolden
 
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...cscpconf
 
Cryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David JuddCryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David Judderaser Juan José Calderón
 
Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?Nicole Black
 
Blockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation InternetBlockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation InternetJohn Domingue
 
Nist.ir.8202
Nist.ir.8202Nist.ir.8202
Nist.ir.8202IT Strategy Group
 
Tbilisi Conference 1977
Tbilisi Conference 1977Tbilisi Conference 1977
Tbilisi Conference 1977erinnvw
 
Enzyme part 1
Enzyme part 1Enzyme part 1
Enzyme part 1Sulaimani Biochemistry
 

More Related Content

What's hot

Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper Mike Nejad
 
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET Journal
 
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward SecurityCost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security1crore projects
 
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ... COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...IJCSIS Research Publications
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modiMohit Modi
 
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...kcortis
 
Blockchain: it's much more than Bitcoin
Blockchain: it's much more than BitcoinBlockchain: it's much more than Bitcoin
Blockchain: it's much more than BitcoinKuba Tymula
 
KYC using Blockchain
KYC using BlockchainKYC using Blockchain
KYC using Blockchainijtsrd
 
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, MicrosoftBlockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, Microsoftbernardgolden
 
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...cscpconf
 
Cryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David JuddCryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David Judderaser Juan José Calderón
 
Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?Nicole Black
 
Blockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation InternetBlockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation InternetJohn Domingue
 

What's hot (20)

Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper Blockchain for ePedigree - Whitepaper
Blockchain for ePedigree - Whitepaper
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016
 
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
IRJET- Identity & Relationship Resolution Approach Supported with Sample ...
 
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward SecurityCost-Effective Authentic and Anonymous Data Sharing with Forward Security
Cost-Effective Authentic and Anonymous Data Sharing with Forward Security
 
Domains of Identity
Domains of IdentityDomains of Identity
Domains of Identity
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age
 
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ... COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
COIRS: Cost Optimized Identity based Ring Signature with Forward Secrecy in ...
 
Blockchain v Cryptocurrency: Talk for BridgeSF
Blockchain v Cryptocurrency: Talk for BridgeSF Blockchain v Cryptocurrency: Talk for BridgeSF
Blockchain v Cryptocurrency: Talk for BridgeSF
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modi
 
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
Discovering Semantic Equivalence of People behind Online Profiles (RED 2012 -...
 
My DocSafe white paper 1
My DocSafe white paper 1My DocSafe white paper 1
My DocSafe white paper 1
 
Personal Data Store Project
Personal Data Store ProjectPersonal Data Store Project
Personal Data Store Project
 
Blockchain: it's much more than Bitcoin
Blockchain: it's much more than BitcoinBlockchain: it's much more than Bitcoin
Blockchain: it's much more than Bitcoin
 
KYC using Blockchain
KYC using BlockchainKYC using Blockchain
KYC using Blockchain
 
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, MicrosoftBlockchain-Anchored Identity -- Daniel Buchner, Microsoft
Blockchain-Anchored Identity -- Daniel Buchner, Microsoft
 
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
GLOBAL MUSIC ASSET ASSURANCE DIGITAL CURRENCY: A DRM SOLUTION FOR STREAMING C...
 
Cryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David JuddCryptocollege how blockchain can reimagine higher education. J. David Judd
Cryptocollege how blockchain can reimagine higher education. J. David Judd
 
Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?Does Cloud Computing Compromise Clients?
Does Cloud Computing Compromise Clients?
 
Blockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation InternetBlockchains as a Component of the Next generation Internet
Blockchains as a Component of the Next generation Internet
 
Nist.ir.8202
Nist.ir.8202Nist.ir.8202
Nist.ir.8202
 

Viewers also liked

Tbilisi Conference 1977
Tbilisi Conference 1977Tbilisi Conference 1977
Tbilisi Conference 1977erinnvw
 
There's no room for my hat
There's no room for my hatThere's no room for my hat
There's no room for my hatJoo Teoh
 
101102 fresno local briefing power point
101102 fresno local briefing power point101102 fresno local briefing power point
101102 fresno local briefing power pointPreschoolCalifornia
 
Are branded apps dead?
Are branded apps dead?Are branded apps dead?
Are branded apps dead?Joo Teoh
 
conceptkrafters
conceptkraftersconceptkrafters
conceptkrafterstrue1578
 
Jne phils. inc. (plating company) company profile 번역
Jne phils. inc. (plating company) company profile 번역Jne phils. inc. (plating company) company profile 번역
Jne phils. inc. (plating company) company profile 번역JNE Philippines Inc.
 

Viewers also liked (9)

Tbilisi Conference 1977
Tbilisi Conference 1977Tbilisi Conference 1977
Tbilisi Conference 1977
 
Enzyme part 1
Enzyme part 1Enzyme part 1
Enzyme part 1
 
There's no room for my hat
There's no room for my hatThere's no room for my hat
There's no room for my hat
 
101102 fresno local briefing power point
101102 fresno local briefing power point101102 fresno local briefing power point
101102 fresno local briefing power point
 
Collab.email
Collab.emailCollab.email
Collab.email
 
Are branded apps dead?
Are branded apps dead?Are branded apps dead?
Are branded apps dead?
 
Uu 5 tahun 2009
Uu 5 tahun 2009Uu 5 tahun 2009
Uu 5 tahun 2009
 
conceptkrafters
conceptkraftersconceptkrafters
conceptkrafters
 
Jne phils. inc. (plating company) company profile 번역
Jne phils. inc. (plating company) company profile 번역Jne phils. inc. (plating company) company profile 번역
Jne phils. inc. (plating company) company profile 번역
 

Similar to Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway

A system for distributed minting and management of persistent identifiers
A system for distributed minting and management of persistent identifiersA system for distributed minting and management of persistent identifiers
A system for distributed minting and management of persistent identifiersLukasz Bolikowski
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersIAEME Publication
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersIAEME Publication
 
Data Security And The Security
Data Security And The SecurityData Security And The Security
Data Security And The SecurityRachel Phillips
 
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...David Sweigert
 
Uport a blockchain platform for self-sovereign identity
Uport a blockchain platform for self-sovereign identityUport a blockchain platform for self-sovereign identity
Uport a blockchain platform for self-sovereign identityIan Beckett
 
An approach to revoke blacklisted anonymous credential users through ttp
An approach to revoke blacklisted anonymous credential users through ttpAn approach to revoke blacklisted anonymous credential users through ttp
An approach to revoke blacklisted anonymous credential users through ttpIAEME Publication
 
Identical Users in Different Social Media Provides Uniform Network Structure ...
Identical Users in Different Social Media Provides Uniform Network Structure ...Identical Users in Different Social Media Provides Uniform Network Structure ...
Identical Users in Different Social Media Provides Uniform Network Structure ...IJMTST Journal
 
blockchain ppt for research puropse in the university
blockchain ppt for research puropse in the universityblockchain ppt for research puropse in the university
blockchain ppt for research puropse in the universitygugan7097
 
IRJET- A Decentralized Voting Application using Blockchain Technology
IRJET- A Decentralized Voting Application using Blockchain TechnologyIRJET- A Decentralized Voting Application using Blockchain Technology
IRJET- A Decentralized Voting Application using Blockchain TechnologyIRJET Journal
 
Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...Shruti Sk S K
 
Blockchain in Healthcare
Blockchain in HealthcareBlockchain in Healthcare
Blockchain in HealthcareSusan Dart
 
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Migrant Systems
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...IJNSA Journal
 
Mi health care - multi-tenant health care system
Mi health care - multi-tenant health care systemMi health care - multi-tenant health care system
Mi health care - multi-tenant health care systemConference Papers
 
Secure system based on recombined fingerprints for sharing multimedia files i...
Secure system based on recombined fingerprints for sharing multimedia files i...Secure system based on recombined fingerprints for sharing multimedia files i...
Secure system based on recombined fingerprints for sharing multimedia files i...eSAT Journals
 

Similar to Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway (20)

A system for distributed minting and management of persistent identifiers
A system for distributed minting and management of persistent identifiersA system for distributed minting and management of persistent identifiers
A system for distributed minting and management of persistent identifiers
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
 
Data Security And The Security
Data Security And The SecurityData Security And The Security
Data Security And The Security
 
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
Understanding the Computer Abuse and Data Recovery Act, Fla.Stat. §668.801 (“...
 
Uport a blockchain platform for self-sovereign identity
Uport a blockchain platform for self-sovereign identityUport a blockchain platform for self-sovereign identity
Uport a blockchain platform for self-sovereign identity
 
Block chain explained
Block chain explainedBlock chain explained
Block chain explained
 
An approach to revoke blacklisted anonymous credential users through ttp
An approach to revoke blacklisted anonymous credential users through ttpAn approach to revoke blacklisted anonymous credential users through ttp
An approach to revoke blacklisted anonymous credential users through ttp
 
Identical Users in Different Social Media Provides Uniform Network Structure ...
Identical Users in Different Social Media Provides Uniform Network Structure ...Identical Users in Different Social Media Provides Uniform Network Structure ...
Identical Users in Different Social Media Provides Uniform Network Structure ...
 
blockchain ppt for research puropse in the university
blockchain ppt for research puropse in the universityblockchain ppt for research puropse in the university
blockchain ppt for research puropse in the university
 
IRJET- A Decentralized Voting Application using Blockchain Technology
IRJET- A Decentralized Voting Application using Blockchain TechnologyIRJET- A Decentralized Voting Application using Blockchain Technology
IRJET- A Decentralized Voting Application using Blockchain Technology
 
Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...Preserving Privacy and Security for Information Brokering System in Distribut...
Preserving Privacy and Security for Information Brokering System in Distribut...
 
Blockchain
BlockchainBlockchain
Blockchain
 
Privacy preserving
Privacy preservingPrivacy preserving
Privacy preserving
 
Blockchain in Healthcare
Blockchain in HealthcareBlockchain in Healthcare
Blockchain in Healthcare
 
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
Shared Authority Based Privacy-preserving Authentication Protocol in Cloud Co...
 
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
AUTHENTICATION MECHANISM ENHANCEMENT UTILISING SECURE REPOSITORY FOR PASSWORD...
 
Mi health care - multi-tenant health care system
Mi health care - multi-tenant health care systemMi health care - multi-tenant health care system
Mi health care - multi-tenant health care system
 
Blockchain 101 - Blockchain Explained
Blockchain 101 - Blockchain ExplainedBlockchain 101 - Blockchain Explained
Blockchain 101 - Blockchain Explained
 
Secure system based on recombined fingerprints for sharing multimedia files i...
Secure system based on recombined fingerprints for sharing multimedia files i...Secure system based on recombined fingerprints for sharing multimedia files i...
Secure system based on recombined fingerprints for sharing multimedia files i...
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Daniel "Dazza" Greenwood's Keynote Address on Digital Identity to the OECD in Norway

  • 1. 1 May 7/8; Trondheim, Norway Context, Terms, Models and Options for Digital Identity Management Daniel “Dazza” Greenwood Lecturer, Massachusetts Institute of Technology Director, MIT eCommerce Architecture Program Principal, CIVICS.com http://ecitizen.mit.edu http://www.civics.com dazza@media.mit.edu Presented at the OECD Workshop on Digital Identity Management In Cooperation With the Norwegian Ministry of Education & Research and Ministry of Government Administration & Reform Global Identity Management Daz Greenwood: www.CIVICS.com Digital Identity is Inextricably Part of Identity, Writ Large Narrowly, Identity Management Speaks to the Life-Cycle Milestones, Data and Processes For Records Related to Individual User Accounts on ICT Systems. Requirements & Constraints for ID Systems Differ Depending Upon the Context: The Types of Users Identified (vendor, customer, citizen, friend, congregant, whistleblower, etc), the Types of Transactions, Applicable Law and Custom, etc. Agreed International Identity Infrastructures are Needed to Allow and Protect Interoperability, Integrity, Individuals
  • 2. 2 Three Clarifying Questions (and one key comment) 1. What is Authentication and Authorization? (Proving ID & What You Can Do With It) 2. What is Identity? (Who we authenticate - complex, evolving with blurred boundaries) 3. What is Identity Management in the Context of this OECD Workshop? * The OECD Privacy Guidelines Structured Thinking and Propelled Good Policy for Decades – An International Identity Bill of Rights is Needed Now, to Safeguard Identity Autonomy, And Create a Global Infrastructure for the Interoperability and Integrity of Identity and Authentication in All Sectors Old Concepts of Self: Names are “Significant” and the Power to Name is the Power to Control Biblical names • In the Old Testament, the names of individuals are meaningful; for example, Adam is named after the "earth" (Adama) from which he was created. (Genesis 2) • A change of name indicates a change of status. For example, the patriarch "Abram" is renamed "Abraham" before he is blessed with children. His wife, "Sarai" is similarly renamed "Sarah." (Genesis 17) Talmudic attitudes • The Babylonian Talmud maintains that names exert an influence over their bearers: • From where do we know that a name has a causal effect ("shama garim"). Says Rabbi Elazar: the verse says, (Psalms 46:9) "Go see the works of God, who puts desolation (shamot) in the earth." Read not "desolation" but "names" (shemot). (B.T. Berachot 7b) • Furthermore, a change of name is one of four actions that can avert an evil heavenly decree. (B.T. Rosh Hashana 16b) • Commentators differ as to whether this influence is metaphysical - a connection between name and essence - or psychological. (See Meiri, Ritva to B.T. Rosh Hashana 16b) • Talmudic sage, Rabbi Meir, would infer a person's nature from his or her name. The Talmud also states that all those who descend to Gehennom will rise, except for three, including he who calls another by a derisive nickname. (B.T. Yoma 83b; J.T. Rosh Hashana 3:9; B.T. Yoma 38a; B.T. Bava Metzia 58a) • From Wikipedia Article on Names
  • 3. 3 From Economic Modeling and Risk Management in Public Key Infra-- strutuctures, available at: http://www.masse.org/rsa97/ index.html Core Identity Vs. Non-Core Identity Data Three Models of Identity Management Systems 1. Centralized Ownership and Decision Making a) The people identified are not in charge of their identity within this system b) The system adheres based upon command and control from the center c) Nearly all X.500, LDAP, X.509 and other directory related identity management systems fall under this category. 2. Federated Ownership and Decision Making a) The people identified are typically not in charge of their identity within this system, 3. Individual Ownership and Decision Making The Pretty Good Privacy application is a good example of this model, allowing individual users to trade
  • 4. 4 Three Trust Models 1. Authority Based (agreement is based upon legal obligations sourcing from public law) a) National Identity Card or National Passport, whereby a nation-state requires a particular approach according under the authority of national law. b) Public Benefits programs (welfare) whereby the government identifies eligible recipients of a privilege according to enabling legislation, granting legal authority to that agency for such purposes. 2. Power Based (agreement is either based on adhesion or coercion) a) Large buyer topping a supply chain dictates the authentication and identity management used for systems feeding into its eProcurement application. b) Large industry player dictates standards and practices required to interoperate with it’s systems or applications (however, note that even Microsoft was unable to leverage it’s considerable market power to build Passport into an accepted standard). c) Employer with large workforce may, of course, require use of on or more particular Identity Management solutions as a condition of employment (e.g. “We use Acme HR System here”). 3. Agreement Based (agreement is based on free choice among equals) a) Federated systems, whereby the participating organizations agree to play be common standards and practices. b) Systems based upon individual agreement to participate (web of trust, etc). Three Organizational Models 1. Funnel (Usually comprised of a single enterprise, perhaps containing many subordinate organizations, Taking all-comers and homogenizing them into a prescribed, assimilated amalgam, from many creating one, “Self to self”). 2. Flock (Clusters of Participating Organizations, Opt-In/Scalable, Common Standards Connecting Heterogeneous Systems, “Open but Bounded”, “Friend to Friend”). Liberty Alliance based federations are examples of these clusters, as are the few organizations that have attempted to “cross-certify” using PKI. 3. Fractal (Assertion-Based, No Prior Agreement Between Parties Needed, Permits Compex/Emergent Networks of Relationship, “Stranger-to- Stranger”)[PGP, E-Mail]. [Note: MySpace and eBay type systems, while permitting serendipitous encounters among people, are not examples of this because each party has already opted to comply with an agreement (terms of service, terms and conditions, user contract, etc) and operate within a constrained artificial market created to contain, structure and enable certain types of activities – they are not “free range” systems, such as e-mail on the Internet or spontaneous agreement to exchange PGP keys or E-mail addresses – both forms of identity – between potentially any parties.]
  • 5. 5 Three Technical Architectures 1. CDLIS/Real ID “Pointer-System” a) Central Pointer File, containing subset of key “disambiguating” information, comprised of records for each identified user b) Each mini-record in the central file contains a “pointer” to the then current database where the entire record can be found. c) The pointer information is updated, as the user record migrates from one to another backend databases (representing a move of the user from one jurisdiction to another) d) The full record pointed to from a central file and residing in a local database is under the ownership and control of the local organization. 2. Probabilistic or Heuristic Systems a) Based on scoring confidence a given user in fact has a given identity, and that the various partial element of identity in fact combine to a particular individual user. b) May be based on complex algorithms, contextually weighting information of various types or sources, following contingent or decision trees, and leveraging simple inference or fuzzy logic. c) Frequently includes query and response with user, posing various questions, using knowledge-based- authentication, and checking responses against a variety of backend or linked systems. 3. Credential Service Provider and Multiple Relying Party Systems a) An authentication credential (replete with and sometimes merged into the identity information for the subject identified in the credential) is issued by a Credential Service Provider (CSP) to each end-user. b) The token may be hardware, software or another approach. An X.509 certificate is a good example of such a token. A SAML assertion can also serve as such a credential. Of course, a username, physical token or other data, software or thing may serve equally. c) The end-user, upon seeking authentication by a participating party, presents their credential and that party then validates the token by reference to the CSP or an outsourced repository of the CSP, and upon satisfactory confirmation may then reply upon the credential and the identity of the end-user. The context within which the end-users identity exists in one such system may, however, be quite different in another, hence affecting assumptions about authority or role from system to system. Three Contexts of Identity 1. Digital Identity (Username, IP/MAC, E- Mail Address) 2. Physical Identity (Passport, Driver License, Club Card) 3. Dual Identity (RFID exemplar of “Converged Identity”, HSPD-12, MIT ID applications – Real ID?)
  • 6. 6 Architecture of a Safe House for Identity Protection An International Information Infrastructure for Integrity and Interoperability of Internet Identities (i7)(i5), creating in effect a "white-list" or “Safe Zone” to prevent spam and Identity Theft and unlawful tracking or other information sharing and abuse. In essence, every participating country or organization agrees to certain rules by contract (Operating Rules). The agreement include a commitment to operate or outsource a help-desk for how-to and complaints and commencing dispute resolution (from ID Theft, to tech problems to complaints about the stewards of the identity system). Cluster of Rights and Duties Under Concept of Identity Autonomy Includes: - Right to “Not Carry” (anonymity, absent particular non-trivial act) - Right to Ombuds Attention and Follow Through and Public Reporting - Right to Reclaim Identity and Start Anew (like bankruptcy) - Right to Multiple Disposable Pseudonyms - Right to Encryption of Personal Data - Responsible for Reporting Suspected Compromise ASAP - Responsible for Costs and Liability up to a Ceiling (e.g. Reg E, Reg Z) - Responsible for Using Identity(ies) Without Intent to Deceive or Defraud Identity Management Control Panel for Each Individual Made Possible by an Agreed International Guideline on Identity Autonomy - Including “Relationship Management” Panel for Other Individuals or Organizations - Including “Consent Assertion Markup Language” Management Panel - Including Logs and Alerts for Prior and Pending Requests, Wizard for Future - Including Location-Aware, Presence-Aware, Context- Sensitive Privacy/Access Filters for Tracking - Link to Static Government Identity When Needed by User or for Lawful Demand, Never Otherwise. - Provisioning of Pseudonyms on Real-Time, Disposable Basis and Real Time Swap-Out of Compromised Authentication or Even Identity
  • 7. 7 Alternative Title: P/I+U=N or Does the “I” In Identity and the “U” in User Equal the “Person” in Personalization? Solving for “N” in Name Contact Information For More Information: http://ecitizen.mit.edu http://www.civics.com dazza@media.mit.edu 650-504-5474 Daniel J. Greenwood, Esq. Lecturer, Media Lab, MIT Director, MIT E-Commerce Architecture Program Principal, CIVICS.com