Identity Assertion: Enabling Trust While Limiting Identity Theft Exposure
By John Yoakum, Emerging Opportunities, Nortel
The Internet is quickly becoming a natural meeting place of people, as is apparent
from the popularity of social interaction sites such as YouTube, Second Life,
MySpace, and Facebook, as well as the wide adoption of instant messaging and
Internet voice. This is in addition to already being recognized as the most
readily available source of information on just about any topic and a powerful
catalyst of commerce. Simple, secure identity assertion -- the ability to present
what is essential to establish enough trust to interact -- is one of those quantum
enablers essential in allowing geographically dispersed interaction, whether
it be with someone next door, or a system, or individuals halfway around the
world. In the emerging era of hyperconnectivity, where the number of devices,
nodes, and applications connected to the network far exceeds the number of people
using the network, new methods are needed to represent and assert identity,
so that users and systems can maintain full control over their credentials and
identity details. The key is sharing just enough insight in each interaction
to quickly establish sufficient trust, while preventing this information from
being used or abused in some other context.
Identity should be asserted much more than it should be managed. Identity is
a set of attributes of an entity -- a human, an application, or even a sensor.
It must be recognized that, at times, "anonymous" is a valid and useful
identity. Meaningful interactions are highly dependent on trust between the
parties interacting. Trust itself is relative to each specific context, and
different situations demand vastly different levels of trust. Unfortunately,
if a third party knows most or all of the identity-related information of a
specific entity, it is easy for them to falsely assume that identity. As the
world of hyperconnectivity materializes, virtually every device will need to
have one or more affiliations with one or more identities at any given time,
and many permutations will exist. As a multitude of devices are enabled to interact
over networks, ask yourself this: how will you decide which ones are yours or
represent you, and whom they can play with in this new electronic sandbox?
One of the keys to understanding identity is to realize that it has nothing
to do with devices like phones or computers. Devices are things people use,
not representations of who they are. For many years, the architectures of telephony
networks have convoluted the concept of identity by projecting people as phone
numbers. Identity is an attribute of someone or something, while addresses and
phone numbers are network or physical artifacts.
People inherently have more than one identity, and each exists within a specific
context or role, such as their personal life, their employment, or their hobbies.
Each of these roles can be thought of in Internet terms as belonging to a "domain."
Complications arise when a person wants to use the same device, like a mobile
phone, in conjunction with more than one of their identities. This explains
why you see people with two or more cell phones on their belt, something cell
phone makers think is wonderful, but most people feel is undesirable.
One of the easiest ways to discuss identity is to think about people as having
a unique identity within each specific context or role they play in a domain-centric
model. A domain is simply a grouping of entities (in this case, people) which
share some affiliation. A good example is all the people who work for a business
belong to the domain of that business. The e-mail address nomenclature provides
a simple way to think about domain-based identities.
The following are illustrations of different identities for the same person
in several contexts:
Work - firstname.lastname@example.org
Family - email@example.com
Mobile - firstname.lastname@example.org
Hobby - email@example.com
Volunteer - firstname.lastname@example.org
All these identities are independent of devices or locations, and each identity
belongs to the person. However, the domain controls how identities in its domain
may be used. The person enjoys the ability to represent themselves to others
as having affiliation with the domain and its reputation and credentials. In
many cases, if it can be easily verified that an identity truly belongs to a
specific domain, then just knowing the domain may be enough to establish sufficient
trust for some interactions. A good example is one employee of a business calling
Due to the lack of efficient identity technologies, and to some degree political
influences, people today are often required to establish sets of information
about themselves unique to each entity with whom they desire to interact. This
virtual representation of the person is used to query them in an attempt to
determine they are who they claim to be each time they try to interact. Some
of the latest advances in identity technology involve collecting several more
pieces of personal data from people, such as their pet's name or where they
went to school. Under the guise of enhanced security, people are prompted for
more of these previously disclosed personal details.
These pseudo identities essentially belong to the application or organization
that stores them instead of the person they represent. These sets of information
can be deleted or altered without their knowledge or consent, and cannot easily
be used by the person they represent in any context other than where they are
stored. Unfortunately, all these personal details can be shared with others,
either purposefully or at times accidentally, without the permission or knowledge
of the person they represent. The fact that all this personal information ends
up stored in so many places under the control of many entities contributes heavily
to identity theft problems.
As bandwidth continues to become more economical, we will have the ability
to present various real-time extracted characteristics of people asserting their
identity, like encrypted finger prints, voice prints, and images. Capabilities
of this nature can be utilized to better approximate the experience of being
face-to-face. In electronic identity assertion, people need to be able to present
specific claims from one or more applicable credentials, just like how people
show a drivers license or passport in person. Some of their credentials may
need to be from independent sources that others have a reason to trust. Credentials
need to be owned and stored under the control of the people themselves, not
the entities they interact with. One enhancement from classical credential methodologies
that is needed is the ability to divulge only specific claims from credentials
without exposing all their information.
In situations where credentials may not be meaningful or available from a source
the intended recipient has a reason to trust, reputation systems ("Lots
of people I have dealt with say I am honest") and social relationships
("I am a friend of your friend Ralph") may be useful in providing
information necessary to make trust decisions.
University and industry research exploring identity assertion has uncovered
some interesting ideas. For example, we have identified new concepts around
copy-resistant credentials, distributed credentials, minimal information disclosure,
identity authorities, identity agents, and limited usage authorizations.
The amount and granularity of identity information necessary is not constant
in every situation. When someone needs to know that I am over 21, they do not
need to know the exact date I was born. The overall goal of identity assertion
technology must be to supply the minimum information necessary to quickly establish
adequate trust as defined by each unique situation. A very promising idea is
the concept of creating copy-resistant credentials that allow for minimal information
disclosure. You can think of this as holding your drivers license out for someone
to look at, with your thumb covering the information they really do not need
to see in the context of the interaction.
As we enter the age of hyperconnectivity, where people will often have multiple
network-attached devices, and some devices may be used by several people, identity
assertion takes on even more dimensions. A single device may need to project
multiple identities of the same person or separate identities of several people.
Luckily, the fact that a device has network connectivity opens the door to using
network-attached resources to assist users in asserting their most desirable
identity in any given situation. This leads to the concept of an identity agent
capable of performing various activities in relation to identity and other personal
information of a specific person. The key to keeping an identity agent under
the strict control of the person it assists is to use one-time, limited duration,
contextually-scoped, and unique-to-each-interaction authorizations to the identity
agent to allow each specific interaction with another entity.
Identity agents can perform many different activities and can be repositories
of portions of personal information to make such claims more easily available
across multiple devices, and from devices with limited user interfaces. This
concept enables credentials to be stored in a distributed fashion, minimizing
what is stored in mobile devices (which are inherently subject to being lost
or stolen). A mobile device can have an association with an identity agent that
is based on an encrypted shared secret, so breaking this linkage can render
the mobile device useless if compromised.
Identity assertion is an area ripe for disruptive innovation providing a universal
solution. Several industry efforts today are focusing on identity in web services,
transactional, or single-logon environments. Separate efforts are addressing
interactive communications and sensor networks. It is highly likely that a single
identity assertion methodology can address all these areas and even extend into
interactions in the physical world. Investments are being made to find a universal
way to put identity back in the control of the people or system it represents.
About the Author
John Yoakum is a champion of emerging opportunities and disruptive technologies at Nortel. He serves as an evangelist for keeping the "future in focus" and promoting the potential of disruptive technologies. Yoakum concentrates on building collaborative relationships with customers and partners. He joined Nortel in 1987, where he has been instrumental in identifying and architecting leading-edge multimedia communications products, building external technology partnerships, modernizing software development environments, and helping the industry define signaling standards enabling true multi-vendor multimedia communications networks. Yoakum holds several patents and publishes internally and externally. Previous to Nortel, he spent 12 years in R&D at Motorola.