Identity 2.0

I saw a presentation on Identity 2.0 by Dick Hardt (founder & CEO, Sxip) at OSCON 2005, and I must say that it was quite interesting. Sxip is trying to provide a secure, on-demand and universal digital identity.

The problem with digital indentities today are that they are bound to a website or a group of websites that you visit and use. So for instance a single Yahoo login can get you into most of the Yahoo sites, but you can't use the same login/password to go shop on Amazon or check your Google mail. Your identity is tied down to these individual companies. Microsoft tried to make everyone use Passport as a universal single sign-on, but nobody liked it and it only worked in Microsoft's servers and software so it's fate was sealed as soon as they announced it.

Digital identities need to follow some of the basic laws of identity, which are as follows:

1. User Control and Consent
   Technical identity systems must only reveal information identifying a user with the user's consent.
2. Minimal Disclosure for a Constrained Use
   The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.
3. Justifiable Parties
   Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.
4. Directed Identity
   A universal identity system must support both "omni-directional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
5. Pluralism of Operators and Technologies
   A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.
6. Human Integration
   The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.
7. Consistent Experience Across Contexts
   The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

Digital identity today is an interesting problem that needs to be solved. Sxip is just one of the companies trying to solve the problem. Their presentation at OSCON gives you a fairly decent idea of the digital identity problem. The presentation style is also very interesting and makes it worth watching, so check it out!

Links

• Identity 2.0 presentation at OSCON 2005
• The Laws of Identity
• Sxip Identity