DizzyD presented on Passel and The Identity Gang is in the HOUSE! Johanes, Doc, Phil, Mary and Mary – wow three identity women.
He also didn’t really approach it right he didn’t get all the different systems and how they worked and we were all in the audience correcting him. It really highlighted the need for the workshop we are hosting in October.
Here is the summary:
How do I as user my identity on the web?
The ‘story that started it all’
Wife’s machine got Trojan. I had to change all passwords everywhere.
What is Identity?!
Identity is just another class of information we manage.
It’s a second-order problem. When I get on the net I get on it to do Identity Management other tasks.
What is Identity [Italicized] ?
Depends on the setting
Bottom line two fundamental types
third party vouch for and self asserted
His summary of the other stuff..
What are the options:
Passport
All others are not inherently evil.
everyone is throwing protocols against the wall and seeing which ones stick.
who do you trust to host you identity?
SAML
SAML/Liberty
trust relatinoship between two entities on your behalf
“asserting” used a lot in this world….and I will use it a lot
Standards are well documented and widely deployed. Lots of infrastructure required for trust relationships. Conditionals and trust relationships not viable from an open source stand point. Took a lot of time for a second order problem.
SXIP
Identity is locked into who the identity provider. You can change home sites. not locked in. Run on own machine. Powerful for users with centralized for user to move.
LID
Send information back and forth and urls based.
OpenID
No dynamic scripting needed. You have your identity URL tell via meta tag where identity server is. enter URL – blog URL. LiveJournal do you allow it to authenticate?
Can’t i-names do this?
He asserted wrongly that there was not reputation (global services launch will embed reputation in the messaging/contact system.
For Internet-scale Identity needs
- Aggregate IDentity
- Decentralized and open
- Divers programming Language/environments
- Interoperable implementations
- Bootstrap off existing trust models
PASSEL
Gives you more control over data
Aggregates your identity via user-centric three-piece architechure
implemntations already started Perl, PHP, Java and C#
Pluggable trust models.
Generalized model for proving any DNS-based identifier
Trust Model
- how you prove the signer
- person x
- Moving identity information proving that a
- protocol how move around
- plug in how you trust information
PIECES:
Agent (principle’s computer)
- aggregates into portfolio
- public private key and fingerprint
- natively if not
- Zip file on key – use on different locations
Signer (site that makes assertions)
- signer issues token with for example 4 hour life span
- agent must retrieve new token from dizzyd.com
Target (relying party)
- how does the
- retrieval of public key.