Identity 2.0
From Wikipedia, the free encyclopedia
Identity 2.0, also called digital identity, is the anticipated revolution of identity verification on the internet using emerging user-centric technologies such as the OpenID standard or Microsoft Windows CardSpace. Identity 2.0 stems from the Web 2.0 theory of the world wide web transition. It's emphasis is a simple and open method of identity transactions similar to those in the physical world, such as driver's license.
Industry analyst firm the Burton Group, described it as "in Identity 2.0, usage of identity more closely resembles today's offline identity systems, but with the advantages of a digital medium. As with a driver's license, the issuer provides the user with a certified document containing claims. The user can then choose to show this information when the situation requires."
The current internet model makes taking one's identification (information) difficult from site to site. This was described in the Burton Group report as, "today's identity systems—which represent a “1.0” architecture, feature strong support for domain management but exhibit scalability and flexibility limitations when faced with the broader identity requirements of Internet scenarios." In that light, user-centric proponents believe "federation protocols (from Liberty Alliance, the Organization for the Advancement of Structured Information Standards [OASIS], and the Web Services working group) are bastions of a domain-centric model but do little to recast the architectural foundations of identity systems to support grander structures." See "User-Centric Identity Management and the Enterprise Why Empowering Users is Good for Business", Mike Neuenschwander, Burton Group, Dec. 2005.
A major road block to creating Identity 2.0 is the strength of the existing infrastructure. Industry analysts Gartner Research reflect this perspective in their August 2006 report, stating
"Identity 2.0 will be relevant to online companies — and particularly consumer-focused companies — but not before 2008. There are various Identity 2.0 initiatives — including Microsoft's CardSpace (formerly InfoCard), Sxip and Higgins. While all the initiatives leverage Internet and Web protocols, there are different approaches for storing identity attributes and in securing the interactions; these different approaches are not clearly interoperable and lack a unifying standards-based framework.
Success for Identity 2.0 approaches will also require service providers to modify their Web sites and services to request, accept and authenticate identity data from clients and identity providers. This presents a potential "chicken and egg" problem whereby consumers don’t perceive the need to create digital personas until services are available to use them."
In an Identity 2.0 approach, rather than using multiple username/passwords to register onto a website (like the current model), Identity 2.0 would allow users to use one ID that is transparent and flexible. Identity 2.0 is focused around the user, not centered around a directory. It requires identified transactions between users and agents (websites) using verifiable data, thus providing more traceable transactions.
Using one identity all of the time may lead to a corrosion of privacy. Especially in the following cases:
- when users would not usually chose to use a strongly authenticated identity but are forced to do so by system properties or market pressure,
- when unrelated actions are linked with the purpose of predicting or controlling the behaviour of a user.
Verifiable but unlinkable data can be provided by users via anonymous digital credentials. The subtleties of building up trust in situations of less than perfect knowledge, which are intuitively understood in the physical world, are investigated by trust negotiation.
Contents |
[edit] Compared to Identity 1.0
[edit] Identity 1.0
- site registration
- unverified
- directory centric
- username and password
- immobile
- opaque
[edit] Identity 2.0
- ID providers
- verifiable
- user centric
- identity credentials
- mobile
- transparent
[edit] Companies, Protocols, and Technologies Involved with Digital Identification
- Higgins trust framework
- OpenID
- LID
- SAML
- Sxip Identity
- Sxipper
- Trusted Network Technologies [1]
- NetMesh Inc.
- Whobar
- Windows Live ID
- Windows CardSpace
- XRI XDI
- YADIS
[edit] References
- Dion Hinchcliff, Web Services Journal, How Can We Best Make "The Writeable Web" A Responsible Place?, January 23, 2006
- Dion Hinchcliff, ZDNet, [Identity 1.x: Microsoft Live ID and Google Accounts], July 6, 2006
- Mike Neuenschwander, Burton Group, User-Centric Identity Management and the Enterprise Why Empowering Users is Good for Business", Dec. 2005
- Roberta Witty, Gartner Research Identity 2.0 Is Too Ill-Defined for Imminent Deployment, August 2006
[edit] Further reading
- Identity 2.0 blog
- Identity Assurance
- Kaliya Hamlin: Identity 2.0 Gathering: Getting to the Promised Land
- Dick Hardt, Identity 2.0 expert and CEO of Sxip Identity: Lecture at OSCON Identity 2.0 video
- Phil Windley: Identity Management Architectures and Digital Identity
- David Weinberger: CNET Interview with Dick Hardt- What might user-focused digital identity look like?