Difference between revisions of "Distributed ID"
From MgmtWiki
(→Context) |
(→Context) |
||
| Line 4: | Line 4: | ||
==Context== | ==Context== | ||
Every one knows the problem with identities on the internet. They are not under the control of users, who are extremely interested in their own [[Identity]] and want their own [[Privacy]]. | Every one knows the problem with identities on the internet. They are not under the control of users, who are extremely interested in their own [[Identity]] and want their own [[Privacy]]. | ||
| − | * [[Decentralized ID]] is a somewhat different concept in that it envisions an [[Identifier]] which is crated by the user, and could serve as a basis for a [[Distributed ID]], but does not address the relationship to other [[Identifier]]s. | + | * [[Decentralized ID]] (DID) is a somewhat different concept in that it envisions an [[Identifier]] which is crated by the user, and could serve as a basis for a [[Distributed ID]], but does not address the relationship to other [[Identifier]]s. |
* The current paradigm in open identity is for each conforming [[Relying Party]] to provide a list of [[Identifier or Attribute Provider]]s that the [[User]] could chose from to allow access. | * The current paradigm in open identity is for each conforming [[Relying Party]] to provide a list of [[Identifier or Attribute Provider]]s that the [[User]] could chose from to allow access. | ||
** In this model it was up to the [[Relying Party]] to establish a link and share a secret with the [[Identifier or Attribute Provider]] in advance of any transactions. | ** In this model it was up to the [[Relying Party]] to establish a link and share a secret with the [[Identifier or Attribute Provider]] in advance of any transactions. | ||
** It also required the user to pre-register with one or more of those providers, typically one of the big social sites, like: Google, Microsoft or Facebook. | ** It also required the user to pre-register with one or more of those providers, typically one of the big social sites, like: Google, Microsoft or Facebook. | ||
| − | * The current most common protocol for some sort of a [[Distributed Identity]] was [[OpenID Connect]] which included [[Self-issued Identifier]], but that feature had not been | + | * The current most common protocol for some sort of a [[Distributed Identity]] was [[OpenID Connect]] which included [[Self-issued Identifier]], but that feature of [[OpenID Connect]] had not been deployed in 2018. |
* Now other organizations believe that they can succeed where the OpenID foundation failed. | * Now other organizations believe that they can succeed where the OpenID foundation failed. | ||
Revision as of 10:07, 2 January 2019
Full Title or Meme
A means to distribute the sources of Identifiers and Attributes while giving more choice to Users.
Context
Every one knows the problem with identities on the internet. They are not under the control of users, who are extremely interested in their own Identity and want their own Privacy.
- Decentralized ID (DID) is a somewhat different concept in that it envisions an Identifier which is crated by the user, and could serve as a basis for a Distributed ID, but does not address the relationship to other Identifiers.
- The current paradigm in open identity is for each conforming Relying Party to provide a list of Identifier or Attribute Providers that the User could chose from to allow access.
- In this model it was up to the Relying Party to establish a link and share a secret with the Identifier or Attribute Provider in advance of any transactions.
- It also required the user to pre-register with one or more of those providers, typically one of the big social sites, like: Google, Microsoft or Facebook.
- The current most common protocol for some sort of a Distributed Identity was OpenID Connect which included Self-issued Identifier, but that feature of OpenID Connect had not been deployed in 2018.
- Now other organizations believe that they can succeed where the OpenID foundation failed.
Problems
- The big problem is Trust where there are no standards or examples of any trust without a history of trusted behavior.
- Proof of Persistent Identity must be provided. This can be little more than the inclusion of a public key in a blockchain, but that cannot provide any Assurance of protection of the Credential.
Solutions
- In this wiki the IAP (Identifier or Attribute Provider) supply a Data Category only when that category has User Consent. To get all of those categories that the Relying Party requires, the request needs to go to a User Agent that is able to release the data held across many providers, some of the Thousand Points of Light that apply to the real-world User, but only those appropriate for the Relying Party request are enabled by the user.
- The Hundred Points of Light serve as a metaphor for the Distributed ID.
References
- Decentralized Digital Identities and Blockchain perspective from Microsoft
