A solution for Web 2.0 identity

August 8, 2007 at 9:13 pm 2 comments

In yesterday’s post, I described an ugly side of Web 2.0 where pseudonymous identity on its own was insufficient to protect a person being impersonated on MySpace. Not an uncommon occurrence but one with unhappy consequences for the victim.

One solution that can overcome this problem is discussed below. I imagine there are several others.

Consider a simple system in which there are multiple SPs (Service Providers) which provide online services to customers. There is an IdP (Identity Provider) which performs the functions of both identification and authentication (logon management).

The IdP is responsible to verify the real identity of a person to a sufficiently high level of confidence. The IdP also manages the person’s logon associated with the unique electronic identity record of the person. The logon could be a username and password or preferably something stronger, e.g. two-factor authentication.

Now, when a person wants to register for a service from a SP, the person is re-directed to log on at the IdP. After confirming the logon is valid, the IdP sends a persistent pseudonymous identifier to the SP which is specific to the SP, i.e. the person will have a different persistent pseudonymous identifier at each SP.

The SP uses the pseudonymous identifier as an internal unique record for the person. Under normal circumstances this provides all the positive benefits of people being able to operate pseudonymous online, including if appropriate, having multiple personas linked to the same unique pseudonymous identifier or internal record.

If things go bad, then it is possible for the pseudonymous identifier to be used to work out from the IdP who the person really is. By “bad” I mean really bad, say criminal activities or fraud. The bar needs to be set high and perhaps only an independent third party, such as a court or police or the privacy commissioner, should be allowed to work backwards from the pseudonymous identifier to the real identity.

To protect privacy further, it would probably be desirable that legislation protect the identity data at the IdP and also prevent aggregation of transaction data by the IdP.

Two refinements to the simple model are suggested.

First, the IdP is split into an IdP that provides pseudonymous authentication and an Attribute Provider (AP) that holds the real identity records.

A downside of the simple system is that the AP knows the SP at which the customer has verified identity. A second refinement is introducing a hub into which the SPs, IdP, and AP connect, to cryptographically overcome this.

Whether or not the solution presented here can actually be implemented depends upon country-specific factors such as the practicality of being able to set up an AP or multiple APs that can provide high quality identification for everyone (without which it is not possible to ensure the uniqueness that underpins the whole system).


Entry filed under: authentication, fraud, government, identity, igovt, personal_info, privacy, strategy, trust, Web_2.0.

The ugly side of Web 2.0 Interoperable authentication credentials

2 Comments Add your own

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

This blog is no longer updated. See the About page for more info. I'm currently active on Twitter.

Follow me on twitter

Error: Twitter did not respond. Please wait a few minutes and refresh this page.


%d bloggers like this: