identity Your Privacy

What is required for digital identity?

Nat 2004-09-29 No Comments

There have been a lot of articles about digital identity circulating recently, but in this blog I would like to jot down whatever comes to mind, from meta-things like what exactly is required of digital identity, to implementation-related topics.


First, let's start with the very high-level requirements.

  1. The ability to point to identifiers not only for people and things, but also their attributes, and access metadata and data in a REST style.
  2. Access control is possible for this.
  3. Access control must be concluded as a "contract" that has meaning under contract law (this allows for cross-border transactions).
  4. When requesting data, provide a proposed contract so that the data can be obtained only upon contractual execution.
  5. When concluding a contract, rules can be set in advance and automatic contracting is also possible.
  6. If automatic contracting is not possible, a contract request can be presented to the individual.
  7. This contract request must be in a form that an individual can read and understand.
  8. The contract can be applied not only to individuals or corporations, but also to groups (multi-party contract).
  9. Unless absolutely necessary, it will be possible to exchange information on a pseudonymous basis so as to avoid identifying individuals.
  10. Conversely, if real-name integrity is required, they should be able to point to each other by persistent and unique identifiers.
  11. It is also possible to access past data represented by the identifier.
  12. For each individual, entity or object, the certification may be used by third parties.
  13. Third-party auditing and certification of each individual's identity at an operational level is possible, and that information is available and can be used for automated contracting.
  14. A reputation service is available for each identity, allowing automated contracting.

Technical requirements

  1. The number of identities will be huge, so a distributed database is necessary.
  2. Passing around persistent identifiers can be a privacy risk, so we want to avoid giving them out if possible. We need a service that can accept pseudonyms and prove their existence and trustworthiness.
  3. Identifiers must be internationalized.
  4. Identifiers should be URIs.
  5. The resulting data is enveloped in a uniform format (no schema extension required).
  6. To this end, abstract identifiers will be developed as a vocabulary.

For now, these are the things I can think of right away while suffering from a fever.

By the way, I am posting a file that I created for the WSI study group based on the slides from the presentation at Oasis Open Day (2003/11/20) and the lecture at ACIMOD (2004/8).

wsi-xdi

"XDI/XRI Primer" (WS-I study materials 2004/9/30)

Leave a comment

This site uses Akismet to reduce spam.For details of how to process comment data, please click here.