Identity Assertion: Enabling Trust While Limiting Identity Theft Exposure

Untitled Document

The Internet is quickly becoming a natural meeting place of people, as is apparent from the popularity of social interaction sites such as YouTube, Second Life, MySpace, and Facebook, as well as the wide adoption of instant messaging and Internet voice. This is in addition to already being recognized as the most readily available source of information on just about any topic and a powerful catalyst of commerce. Simple, secure identity assertion -- the ability to present what is essential to establish enough trust to interact -- is one of those quantum enablers essential in allowing geographically dispersed interaction, whether it be with someone next door, or a system, or individuals halfway around the world. In the emerging era of hyperconnectivity, where the number of devices, nodes, and applications connected to the network far exceeds the number of people using the network, new methods are needed to represent and assert identity, so that users and systems can maintain full control over their credentials and identity details. The key is sharing just enough insight in each interaction to quickly establish sufficient trust, while preventing this information from being used or abused in some other context.



Identity should be asserted much more than it should be managed. Identity is a set of attributes of an entity -- a human, an application, or even a sensor. It must be recognized that, at times, "anonymous" is a valid and useful identity. Meaningful interactions are highly dependent on trust between the parties interacting. Trust itself is relative to each specific context, and different situations demand vastly different levels of trust. Unfortunately, if a third party knows most or all of the identity-related information of a specific entity, it is easy for them to falsely assume that identity. As the world of hyperconnectivity materializes, virtually every device will need to have one or more affiliations with one or more identities at any given time, and many permutations will exist. As a multitude of devices are enabled to interact over networks, ask yourself this: how will you decide which ones are yours or represent you, and whom they can play with in this new electronic sandbox?

One of the keys to understanding identity is to realize that it has nothing to do with devices like phones or computers. Devices are things people use, not representations of who they are. For many years, the architectures of telephony networks have convoluted the concept of identity by projecting people as phone numbers. Identity is an attribute of someone or something, while addresses and phone numbers are network or physical artifacts.

People inherently have more than one identity, and each exists within a specific context or role, such as their personal life, their employment, or their hobbies. Each of these roles can be thought of in Internet terms as belonging to a "domain." Complications arise when a person wants to use the same device, like a mobile phone, in conjunction with more than one of their identities. This explains why you see people with two or more cell phones on their belt, something cell phone makers think is wonderful, but most people feel is undesirable.

One of the easiest ways to discuss identity is to think about people as having a unique identity within each specific context or role they play in a domain-centric model. A domain is simply a grouping of entities (in this case, people) which share some affiliation. A good example is all the people who work for a business belong to the domain of that business. The e-mail address nomenclature provides a simple way to think about domain-based identities.

The following are illustrations of different identities for the same person in several contexts:

  • Work - elmer.ziggafoose@company.com
  • Family - elmer@ziggafoose.family
  • Mobile - elmer.ziggafoose@mobileoperator.com
  • Hobby - goalie@icedevils.team
  • Volunteer - president@association.org

All these identities are independent of devices or locations, and each identity belongs to the person. However, the domain controls how identities in its domain may be used. The person enjoys the ability to represent themselves to others as having affiliation with the domain and its reputation and credentials. In many cases, if it can be easily verified that an identity truly belongs to a specific domain, then just knowing the domain may be enough to establish sufficient trust for some interactions. A good example is one employee of a business calling another.

Due to the lack of efficient identity technologies, and to some degree political influences, people today are often required to establish sets of information about themselves unique to each entity with whom they desire to interact. This virtual representation of the person is used to query them in an attempt to determine they are who they claim to be each time they try to interact. Some of the latest advances in identity technology involve collecting several more pieces of personal data from people, such as their pet's name or where they went to school. Under the guise of enhanced security, people are prompted for more of these previously disclosed personal details.

These pseudo identities essentially belong to the application or organization that stores them instead of the person they represent. These sets of information can be deleted or altered without their knowledge or consent, and cannot easily be used by the person they represent in any context other than where they are stored. Unfortunately, all these personal details can be shared with others, either purposefully or at times accidentally, without the permission or knowledge of the person they represent. The fact that all this personal information ends up stored in so many places under the control of many entities contributes heavily to identity theft problems.

As bandwidth continues to become more economical, we will have the ability to present various real-time extracted characteristics of people asserting their identity, like encrypted finger prints, voice prints, and images. Capabilities of this nature can be utilized to better approximate the experience of being face-to-face. In electronic identity assertion, people need to be able to present specific claims from one or more applicable credentials, just like how people show a drivers license or passport in person. Some of their credentials may need to be from independent sources that others have a reason to trust. Credentials need to be owned and stored under the control of the people themselves, not the entities they interact with. One enhancement from classical credential methodologies that is needed is the ability to divulge only specific claims from credentials without exposing all their information.

In situations where credentials may not be meaningful or available from a source the intended recipient has a reason to trust, reputation systems ("Lots of people I have dealt with say I am honest") and social relationships ("I am a friend of your friend Ralph") may be useful in providing information necessary to make trust decisions.

University and industry research exploring identity assertion has uncovered some interesting ideas. For example, we have identified new concepts around copy-resistant credentials, distributed credentials, minimal information disclosure, identity authorities, identity agents, and limited usage authorizations.

The amount and granularity of identity information necessary is not constant in every situation. When someone needs to know that I am over 21, they do not need to know the exact date I was born. The overall goal of identity assertion technology must be to supply the minimum information necessary to quickly establish adequate trust as defined by each unique situation. A very promising idea is the concept of creating copy-resistant credentials that allow for minimal information disclosure. You can think of this as holding your drivers license out for someone to look at, with your thumb covering the information they really do not need to see in the context of the interaction.

As we enter the age of hyperconnectivity, where people will often have multiple network-attached devices, and some devices may be used by several people, identity assertion takes on even more dimensions. A single device may need to project multiple identities of the same person or separate identities of several people. Luckily, the fact that a device has network connectivity opens the door to using network-attached resources to assist users in asserting their most desirable identity in any given situation. This leads to the concept of an identity agent capable of performing various activities in relation to identity and other personal information of a specific person. The key to keeping an identity agent under the strict control of the person it assists is to use one-time, limited duration, contextually-scoped, and unique-to-each-interaction authorizations to the identity agent to allow each specific interaction with another entity.

Identity agents can perform many different activities and can be repositories of portions of personal information to make such claims more easily available across multiple devices, and from devices with limited user interfaces. This concept enables credentials to be stored in a distributed fashion, minimizing what is stored in mobile devices (which are inherently subject to being lost or stolen). A mobile device can have an association with an identity agent that is based on an encrypted shared secret, so breaking this linkage can render the mobile device useless if compromised.

Identity assertion is an area ripe for disruptive innovation providing a universal solution. Several industry efforts today are focusing on identity in web services, transactional, or single-logon environments. Separate efforts are addressing interactive communications and sensor networks. It is highly likely that a single identity assertion methodology can address all these areas and even extend into interactions in the physical world. Investments are being made to find a universal way to put identity back in the control of the people or system it represents.

About the Author

John Yoakum is a champion of emerging opportunities and disruptive technologies at Nortel. He serves as an evangelist for keeping the "future in focus" and promoting the potential of disruptive technologies. Yoakum concentrates on building collaborative relationships with customers and partners. He joined Nortel in 1987, where he has been instrumental in identifying and architecting leading-edge multimedia communications products, building external technology partnerships, modernizing software development environments, and helping the industry define signaling standards enabling true multi-vendor multimedia communications networks. Yoakum holds several patents and publishes internally and externally. Previous to Nortel, he spent 12 years in R&D at Motorola.

More by John Yoakum