Identity 2.0

From Wikipedia, the free encyclopedia

Identity 2.0 diagram from the Web Services Journal article by Dion Hinchcliffe
Identity 2.0 diagram from the Web Services Journal article by Dion Hinchcliffe

Identity 2.0, also called digital identity, is the anticipated revolution of identity verification on the internet using emerging user-centric technologies such as Information Cards or OpenID. Identity 2.0 stems from the Web 2.0 theory of the world wide web transition. Its emphasis is a simple and open method of identity transactions similar to those in the physical world, such as driver's license.

Industry analyst firm the Burton Group, described it as "in Identity 2.0, usage of identity more closely resembles today's offline identity systems, but with the advantages of a digital medium. As with a driver's license, the issuer provides the user with a certified document containing claims. The user can then choose to show this information when the situation requires".

The current internet model makes taking one's identification difficult from site to site. This was described in the Burton Group report as, "today's identity systems—which represent a “1.0” architecture, feature strong support for domain management but exhibit scalability and flexibility limitations when faced with the broader identity requirements of Internet scenarios." In that light, user-centric proponents believe "federation protocols (from Liberty Alliance, the Organization for the Advancement of Structured Information Standards [OASIS], and the Web Services working group) are bastions of a domain-centric model but do little to recast the architectural foundations of identity systems to support grander structures." See "User-Centric Identity Management and the Enterprise Why Empowering Users is Good for Business", Mike Neuenschwander, Burton Group, Dec. 2005.

A major road block to creating Identity 2.0 is the strength of the existing infrastructure. Industry analysts Gartner Research reflect this perspective in their August 2006 report, stating

"Identity 2.0 will be relevant to online companies — and particularly consumer-focused companies — but not before 2008. There are various Identity 2.0 initiatives — including Microsoft's CardSpace (formerly InfoCard), Sxip and Higgins. While all the initiatives leverage Internet and Web protocols, there are different approaches for storing identity attributes and in securing the interactions; these different approaches are not clearly interoperable and lack a unifying standards-based framework.

Success for Identity 2.0 approaches will also require service providers to modify their Web sites and services to request, accept and authenticate identity data from clients and identity providers. This presents a potential "chicken and egg" problem whereby consumers don’t perceive the need to create digital personas until services are available to use them."

A year later, Gartner published an updated perspective in their 2007 Hype Cycle Report on IAM Technologies, that positions user-centric, Identity 2.0 technologies such as OpenID, CardSpace and Higgins as "technology triggers" that are "on the rise", though two to five years away from mainstream adoption. They recommend that consumer facing organizations monitor the evolution of these "Personal Identity Frameworks".

In an Identity 2.0 approach, rather than using multiple username/passwords to register onto a website (like the current model), Identity 2.0 would allow users to use one ID that is transparent and flexible. Identity 2.0 is focused around the user, not centered around a directory. It requires identified transactions between users and agents (websites) using verifiable data, thus providing more traceable transactions.

Using one identity all of the time may lead to a corrosion of privacy. Especially in the following cases:

  1. when users would not usually chose to use a strongly authenticated identity but are forced to do so by system properties or market pressure,
  2. when unrelated actions are linked with the purpose of predicting or controlling the behaviour of a user.

Verifiable but unlinkable data can be provided by users via anonymous digital credentials. The subtleties of building up trust in situations of less than perfect knowledge, which are intuitively understood in the physical world, are investigated by trust negotiation.

[edit] Companies, protocols, and technologies involved with digital identification

[edit] References


[edit] Further reading

Languages