Entries in Identity (2)


Merging of digital and real worlds — Your Street Identity

Not that digital world is not real, but Google wants to bring more realness to your digital identity on the internet. They want your digital identity to be tied to real-world physical things e.g. your home address, cell-phone number, the car you drive etc etc. To this end, they are proposing a new framework called Street Identity. Street Identity is a framework designed to increase the Level of Assurance (LoA) of OpenID to level 2/3 (Some/High confidence in the asserted identity’s validity), but instead of Identity Provider validating each entity's identity, the validation process is crowd-sourced.

Today users can create identities on sites like Microsoft Live, Yahoo and Google without having to validateSample postcard with code to validate the street address any of their information; therefore, those IDs are not suitable for transactions that might involve sensitive data or financial exchanges. These identities need a higher Level of Assurance — they need to be validated by a trusted 3rd party. However, the problem with the Identity Provider or Government taking on the task of validating each entity's Identity is that the process is too time-consuming, costly, not internet scalable. The crowd-sourcing method of validating the identity that Google is proposing, relieves the Identity Provider from this over-bearing task. Instead the onus is on the entity to build the assurance of their internet identity. This proposed process may sometimes involve very low-tech method, like snail-mailing a postcard to a human entity to validate their real home address. The Attribute Provider (AP) is verifying the user's address by sending a postcard to their claimed street address.  That postcard would tell them to come back to the AP's site and enter a unique code printed on the postcard.

Each of the identity attributes can be handled be different parties, referred to as Attribute Providers byAttribute Provider (AP), Identity Provider (IdP), and the Relaying Party (RP) relationshiip Google in the framework, so there is no one party doing all the work.

It is an interesting concept, and very doable, but will take the entire ecosystem of Identity Providers, Relaying Parties, and Attribute Providers to make it work.

I hope this works. This will really help in cleaning up the internet and making it a safer place.Google has a description of the framework and a nice working example here. Check it out and tweet me your thoughts.


OpenID SWOT Analysis and TWOS Matrix

Kick Willemse of OpenID Foundation has put together an excellent SWOT Analysis and TWOS Matrix for OpenID. The entire presentation is available on slideshare. Here is is the TWOS Matrix mapping the strategic options:


Read more .. ..