Monday, June 01, 2009 idplatform.eu 1
How to prevent the World Wild Web Identity Crisis
By idplatform.euidplatform.eu a non-profit organization in the process of foundationPresented by Helmer Wieringa
Contact details: [email protected]
Monday, June 01, 2009 idplatform.eu 2
Structure of this presentation A. What is the problem anyway? B. Identity and privacy problemsC. The struggle to solve the problems D. Learned lessonsE. Solution direction: certified open identity providers
F. How would that work G. Some innovations
H. Recommendations for International Collaboration 2.0 I. How could idplatform.eu help
Monday, June 01, 2009 idplatform.eu 3
A. What is the problem anyway?
Monday, June 01, 2009 idplatform.eu 4
Privacy?!...
I don’t care; I have nothing to hide…
Monday, June 01, 2009 idplatform.eu 5
WANTED:YOUR IDENTITY
BYCriminals
GovernmentEmployers
Business RelationsService ProvidersFamily & Friends
TO CONTROL YOU
Monday, June 01, 2009 idplatform.eu 6
But first some definitions…
Identity Personal information Privacy
Monday, June 01, 2009 idplatform.eu 7
There are two sides of the identity coin…
Monday, June 01, 2009 idplatform.eu 8
idem identity, meaning an identity based on an arrangement; the purpose is persistent identification Idem identity
Individual
Monday, June 01, 2009 idplatform.eu 9
ipse identity meaning the way you are identified and categorized by your self and others; the purpose is the construction of the self
Ipse identity
Individual
See summary of Future of Identity In the information Society FDIS The concept identity Ricoeur; Beller; Leerssen
Monday, June 01, 2009 idplatform.eu 10
What includes personal information?
Monday, June 01, 2009 idplatform.eu 11
Some Personal Information Facets*)
*) Reference: Privacy in the clouds, A. Cavoukian, Office of the Information and Privacy Commissionar, Toronto, Canada – combined with p3p categories
Biological Biographical Demographical Genealogical Professional ReputationalRelationalPolitical
AdministrationalComputational Historical Transactional LocationalEmotional Attentional Preferential
Monday, June 01, 2009 idplatform.eu 12
Many definitions of privacy here follows just one…
Monday, June 01, 2009 idplatform.eu 13
An individual's privacy is their ability to control the flow, boundary, andpersistence of their personal information*)
*) Privacy in the Clouds A. Cavoukian
Monday, June 01, 2009 idplatform.eu 14
So, do you want still to be identified without knowing this and why and to be constructed by others?
Monday, June 01, 2009 idplatform.eu 15
I still don’t care
That’s fine but stop listening to
or reading of this presentation
Monday, June 01, 2009 idplatform.eu 16
We return now to the daily problems...
Monday, June 01, 2009 idplatform.eu 17
Users hate to register for services and are frustrated by lengthy enquiries and often back off
Monday, June 01, 2009 idplatform.eu 18
Users can’t remember user names and passwords
Monday, June 01, 2009 idplatform.eu 19
… and have on average hundreds of those user/name password combinations
Monday, June 01, 2009 idplatform.eu 20
Users are exposed to the risk of identity theft
The number of US adult victims of identity fraud 8.4 million in 2007.
Total one year fraud $49.3 billion in 2007
The mean fraud amount per fraud victim $5,720 in 2007.
Monday, June 01, 2009 idplatform.eu 21
Users don’t read privacy policies and don’t trust service providers anyway…
Monday, June 01, 2009 idplatform.eu 22
… and they are right… service providers change privacy policies without notification
Monday, June 01, 2009 idplatform.eu 23
Individuals have no idea what others think to know about them and why
Monday, June 01, 2009 idplatform.eu 24
It is often impossible to unsubscribe from e-newsletters
Monday, June 01, 2009 idplatform.eu 25
Often impossible to correct personal information in databases
Kowsoleea is een Nederlandse ondernemer van Surinaamse afkomst die ten onrechte bij veel overheids-instanties te boek stond als een harddrugscrimineel. De reden hiervan was identiteitsfraude: een verslaafde aan verdovende middelen gaf zich met regelmaat voor hem uit. De overheid slaagde er niet in om de negatieve en zeer belastende registraties op naam van meneer Kowsoleea op de juiste naam, namelijk die van de echte dader te zetten.
Monday, June 01, 2009 idplatform.eu 26
Spam is distributed by the use of your own email address
Monday, June 01, 2009 idplatform.eu 27
Service providers - even with “good” reputation - track your behavior across websites by use of super cookies...
Monday, June 01, 2009 idplatform.eu 28
... only to be removed by special browser add-ons like Better Privacy for Firefox
Monday, June 01, 2009 idplatform.eu 29
Privacy legislation is too complex and is an obstacle for business and innovation;projects with insufficient privacy are rolled back.
Monday, June 01, 2009 idplatform.eu 30
Most organizations are not able to protect confidential data; information breaches are daily news
Monday, June 01, 2009 idplatform.eu 31
April 30, 2009State officials are notifying more than a half-million Virginians that their Social Security numbers may have been contained in a prescription drug database that was targeted by a computer hacker April 30. The hacker gained access to the Prescription Monitoring Program computer system, which is designed to deter prescription drug abuse, and demanded a $10 million ransom. The hacker has not been identified
Virginia patients warned about hacking of state drug Web site
http://hamptonroads.com/2009/06/officials-hacker-may-have-stolen-social-security-numbers
Monday, June 01, 2009 idplatform.eu 32
“Almost one in five businesses in the UK has unwittingly breached the Data Protection Act meaning illegal data transfer to third party” according to research of the British Standards institute
Monday, June 01, 2009 idplatform.eu 33
Enforcement of privacy legislation is practically impossible
Monday, June 01, 2009 idplatform.eu 34
IN SHORT: IT IS A MESS
Monday, June 01, 2009 idplatform.eu 35
We need fundamental change…
Monday, June 01, 2009 idplatform.eu 36
To summarize: we should reduce the cost and effort for…
Monday, June 01, 2009 idplatform.eu 37
… user enrollment and participation in a community, by improving usability and transparency about what is agreed on
Monday, June 01, 2009 idplatform.eu 38
…users to cancel a service and give them assurance that they can….
Monday, June 01, 2009 idplatform.eu 39
…leave without a trace and fear of stalking, resulting in more trust and openness
Monday, June 01, 2009 idplatform.eu 40
users to correct their personal information, by offering read/write access on their data
Monday, June 01, 2009 idplatform.eu 41
…service providers to effectively engage prospects and increase # of registrations, by rigorous standardization of procedures
Monday, June 01, 2009 idplatform.eu 42
… users to receive relevant and effective service and information by giving them control to define their needs in a consistent way.
Monday, June 01, 2009 idplatform.eu 43
…service providers to distribute targeted and effective information
Monday, June 01, 2009 idplatform.eu 44
…service providers to comply to data protection legislation
Monday, June 01, 2009 idplatform.eu 45
…service providers to design innovative personalized services by removing privacy headaches out of development projects
Monday, June 01, 2009 idplatform.eu 46
…service providers to regain trust by their users by embedding privacy enhanced technology
Monday, June 01, 2009 idplatform.eu 47
…providing transparency for users regarding service providers behavior by easy to understand standard notifications PRIVACY
HIGH PRIVACY
MEDIUM PRIVACY
LOW
PRIVACY ASSURED
Monday, June 01, 2009 idplatform.eu 48
…governments to enforce data protection and privacy legislation by embedding real-time auditability
Monday, June 01, 2009 idplatform.eu 49
All these improvements are necessary for two-way trust and effective communication
Monday, June 01, 2009 idplatform.eu 50
We have to reduce the cost and effort for: Participation Correcting personal data Preventing spam & stalking Canceling services
Engagement Data collection Data destruction Personalization
Compliance Obligation management Privacy assurance Enforcement
That is quite a lot… Do you really think that it will sort itself out?
And leave it to some legislation &complying service providers?
Monday, June 01, 2009 idplatform.eu 51
B. World Wild Web Identity Struggle
The struggle to solve the problems
Monday, June 01, 2009 idplatform.eu 52
The problems have been predicted by writers, philosophers but have been actually addressed since 1970 in the information technology domain.
Monday, June 01, 2009 idplatform.eu 53
Explosion of activities to solve the problem…
Monday, June 01, 2009 idplatform.eu 54
… of any scope, shape and form driven by Governments
As legislation developer As service provider As funding provider for programmes
Universities Standardization organizations Multi stake holder platforms Innovation institutes Technology vendors Service providers Online Child protection organizations Self regulation Open source communities Hackers Criminals Human rights organizations Political parties Citizens
Many at the table but the main stakeholder:
the citizen is missing
Monday, June 01, 2009 idplatform.eu 55
And no surprise: no consensus yet
Monday, June 01, 2009 idplatform.eu 56
C. World Wild Web Identity Lessons
Five main learned lessons
Monday, June 01, 2009 idplatform.eu 57
1. Everything should be done to give the user control over the collection, use and disclosure of their personal information by others…
Monday, June 01, 2009 idplatform.eu 58
…which is a critical success factor for any digital identity system to be built
Monday, June 01, 2009 idplatform.eu 59
… ignoring this lesson will result in projects doomed to fail
Monday, June 01, 2009 idplatform.eu 60
2. Self regulation has failed in the privacy and identity domain(does this sound familiar?)
Monday, June 01, 2009 idplatform.eu 61
…so compliance to legislation should be embedded in the technology without losing the freedom of the current Internet practice
Monday, June 01, 2009 idplatform.eu 62
3. Informational dominance ofone or a limited group of parties will not be accepted in the context of personal information…
Monday, June 01, 2009 idplatform.eu 63
4. Storage of personal information should be reduced as much as possible…
Monday, June 01, 2009 idplatform.eu 64
…service providers should adopt the just-enough-data-to-do-the job principle and work with partial identity
Monday, June 01, 2009 idplatform.eu 65
5. Migration strategy & tactics should be very smart and the execution should be a like a military operation…
Monday, June 01, 2009 idplatform.eu 66
…and develop a practical and feasible approach for semantically interoperability (shared profile)
Monday, June 01, 2009 idplatform.eu 67
D. World Wild Web Identity Solutions
idplatform.eu solution directions
Monday, June 01, 2009 idplatform.eu 68
Introduce the conceptCertified Open Identity Provider which…
Monday, June 01, 2009 idplatform.eu 69
… acts on behalf of the individual
Monday, June 01, 2009 idplatform.eu 70
…is a trusted custodian of a part of individuals personal information
Monday, June 01, 2009 idplatform.eu 71
…can be compared to a financial bank: protecting personal information instead of money
Monday, June 01, 2009 idplatform.eu 72
… is intermediary for all personal data transactions
Monday, June 01, 2009 idplatform.eu 73
…should also be able to assure anonymity of users
Monday, June 01, 2009 idplatform.eu 74
…should provide personal information to third parties only with explicit consent of the user
Monday, June 01, 2009 idplatform.eu 75
…should store the history of personal information transactions, only to show the user who knows what about me
Monday, June 01, 2009 idplatform.eu 76
… notify me when a service provider is changing a privacy policy
Monday, June 01, 2009 idplatform.eu 77
…should - if desired - send legal request to delete information about me, as part of a service cancellation
Monday, June 01, 2009 idplatform.eu 78
Service providers can outsource a lot of data protection and privacy compliance headaches to an Identity Provider
Monday, June 01, 2009 idplatform.eu 79
…and focus on their core services
Monday, June 01, 2009 idplatform.eu 80
Some rules and principles for identity providers
Monday, June 01, 2009 idplatform.eu 81
Everybody is allowed to act as an Identity Provider…
Monday, June 01, 2009 idplatform.eu 82
…but there should be some rules…
Monday, June 01, 2009 idplatform.eu 83
…IDPs should be certified by an organization which is installed by government but independent of it (like the legal power)
Monday, June 01, 2009 idplatform.eu 84
Some criteria for certification… Accessibility Usability Transparency Security Reliability Resilience Interoperability Identity portability Data protection Privacy assurance Fraud detection policy
That is quite a lot… Do really think that it will sort itself out?
And leave it to some legislation &complying service providers?
Monday, June 01, 2009 idplatform.eu 85
Users can choose a Identity Provider they trust and should be able to switch/migrate data to another Identity Provider if they wish
Monday, June 01, 2009 idplatform.eu 86
Expectation: individuals will use 5-10 Identity Providers for special domains like travel.id; volunteers.id; financial.id; care.id, ngo.id, governement.id
Monday, June 01, 2009 idplatform.eu 87
Still a lot to remember but better than hundreds of passwords
Monday, June 01, 2009 idplatform.eu 88
Advantages
Assurance of Privacy Security Accessibility
Enabling Effective communication Sustainable commerce Better services Innovation
Cost reduction
Monday, June 01, 2009 idplatform.eu 89
E. How would that work?
Monday, June 01, 2009 idplatform.eu 90
Alice stumbles upon an access controlled site schools4africa.com which is member of i2c.com federation
Monday, June 01, 2009 idplatform.eu 91
Alice enters only i2c.com in a login field on the site school4africa.com and clicks on the let me in button
I2C.com Let me in
Schools4africa is member of i2c learn more>>>
Monday, June 01, 2009 idplatform.eu 92
….meaning: hey schools4africa.com, you don’t know me yet, but let me in quickly the guys at i2c.com know some information about me
Monday, June 01, 2009 idplatform.eu 93
School4africa.com notices some knocking on the door, it is a stranger which is claiming to be member of i2c.com
Monday, June 01, 2009 idplatform.eu 94
Schools4Africa.com goes to i2c.com verify the identity of the stranger and requests do you know this person?
Monday, June 01, 2009 idplatform.eu 95
Two possibilities A. Alice is already logged on at i2c.comB. Alice is not yet logged on at i2c.com
Monday, June 01, 2009 idplatform.eu 96
If Alice is not logged on at i2c.com, 12c.com just requests to log on in traditional way user name/password
Monday, June 01, 2009 idplatform.eu 97
I2C.com does knows Alice’s identifying personal information
Monday, June 01, 2009 idplatform.eu 98
Alice’s identifying information at I2C MasterID: 5r7jd0spmas56dsffgh3ssapg Real name: Alice Waters Date of birth: 19-06-1970 Nationality: Gambia Email address [email protected] Profession: school director Organization: Water management University …… ……
Monday, June 01, 2009 idplatform.eu 99
By the way: Alice does trust I2C because they assure privacy
PRIVACY ASSURED
Monday, June 01, 2009 idplatform.eu 100
I2C.com confirms to Schools4Africa: we know the stranger knocking at your door, what do you want to know about this person?
Monday, June 01, 2009 idplatform.eu 101
Schools4africa to i2c.com: that is great, we need only information about the profession and nationality and the right to contact Alice. Can you ask this on our behalf to Alice?
Monday, June 01, 2009 idplatform.eu 102
I2C.com to Alice: For getting access to Schools4Africa this site would like to know the following information:Profession = “school director” Nationality = “Gambia”and they would like also the right to contact you Alice is that ok with you? … just click OK
Monday, June 01, 2009 idplatform.eu 103
I2C.Com to Alice …and by the way we don’t provide any further information to schools4africa other than an unique, dedicated reference number only known to you and schools4africa an us…
Monday, June 01, 2009 idplatform.eu 104
Assume this number to be an unique number representing your relationship with schools4africa; by the way you don’t have to remember this number: i2c does this for youYour relation number at school4Africa.com is http://i2c.com/re6tgw787w9hdh78wggfew555hh6hhh333656
Monday, June 01, 2009 idplatform.eu 105
Alice thinks that’s cool fasttrack registration! I like those smart guys at Schools4Africa now already. Of course are they allowed to know my nationality and profession.
Monday, June 01, 2009 idplatform.eu 106
So Alice is ok with School4Africa’s requests and confirms with one-clickProfession = Schoolteacher
Nationality = Gambia
Right to contact = yes
OK
Alice if you click ok, this information is sent to schools4africa.com
Monday, June 01, 2009 idplatform.eu 107
Schools4Africa receives just partial information and redirects Alice to the special area about school projects in Gambia
Monday, June 01, 2009 idplatform.eu 108
In future sessions between Schools4Africa and Alice, more information can be requested; But future personal transactions will all be logged by i2c.com
Monday, June 01, 2009 idplatform.eu 109
Schools4Africa does not have Alice’s email address but they have the right to contact…
Monday, June 01, 2009 idplatform.eu 110
…this means that schools4africa can only send messages via the identity provider: [email protected]
Monday, June 01, 2009 idplatform.eu 111
Alice can cancel the account at Schools4Africa and request to delete every data stored about her at Schools4Africa
Monday, June 01, 2009 idplatform.eu 112
It is a pity for Schools4Africa but they can easily fulfill this delete request, because every piece of data is stored under the relation number.
Monday, June 01, 2009 idplatform.eu 113
School4Africa can’t contact Alice anymore the relation number is canceled, but if would illegally an email, they would get caught by I2C.com and receive a warning or a fine. The message will not be forwarded to Alice.
Monday, June 01, 2009 idplatform.eu 114
F. Some innovations
Monday, June 01, 2009 idplatform.eu 115
Facebook connect a transparent user interface…
Monday, June 01, 2009 idplatform.eu 116
Showing the user what is happening
Monday, June 01, 2009 idplatform.eu 117
Vidoop smart password management
Monday, June 01, 2009 idplatform.eu 118
Only three categories to remember
Keys, Castles, Beverages
Q Y P
Every day
a different
password!
Monday, June 01, 2009 idplatform.eu 119
Confirmation of Vidoop registration
Monday, June 01, 2009 idplatform.eu 120
G. Recommendations to parties that want to federate
Monday, June 01, 2009 idplatform.eu 121
Establish an really independent organization to become the Certified Open Identity Provider as described
Monday, June 01, 2009 idplatform.eu 122
1 standard agreement instead of 36 approaches negotiations & contracts
2
1
35
6
4
IDP independent
neutral governance
Monday, June 01, 2009 idplatform.eu 123
… and assure interoperability
Monday, June 01, 2009 idplatform.eu 124
Sharing partial identity across service providers
2
1
35
6
4
IDP independent
neutral governance
Individual:
Yes provider 2 and 3
sharing information about me is fine
Monday, June 01, 2009 idplatform.eu 125
One interoperability example
Monday, June 01, 2009 idplatform.eu 126
Interoperability: User attribute verification
I2C.ID
GAMBIA.GOV.ID
CARE.ID
Schools4Africare6tgw787
Nationality =Gambia
Federated Services providers
I2C.IDhas requested us to confirm your nationalityfor an unknown
service provider
logged on gambia.gov.id
Yes, confirm my nationality
I2C can you confirm nationality of the individual with # re6tgw787….
1
2Gambia.Gov.id can you confirm nationality ?
3
4 5
6Nationality =Gambia
Heath4Africaf45dlnqs9
logged on
Government departments
Monday, June 01, 2009 idplatform.eu 127
Start simple and implement incremental improvements against a roadmap
Monday, June 01, 2009 idplatform.eu 128
H. The professional voluntary network organized by Idplatform.eu can help you with the roadmap and development
Monday, June 01, 2009 idplatform.eu 129
An overview of inspiration, relationships and activities of the IdPlatform.eu
Initiative IdPlatform.eu
Developingawareness
Political parties Public
GovernmentsCompanies Non-Profit
Funding
GouvernementCommercial
Private
StandardsProtocols
Semantics Interoperability
Security
LegalObligations
Enforcement Liability
PortabilityCertification
Idcommons.org
(mainly focused on developments in the usa)
DevelopmentOpen source
UsabilityAccessibility
Project: European
Digital Identity
InnovationVirtual relationmanagement
Privacy enhancement e-Democracy
includes activities:
inspired by seeks
collaborationwith (?)
Idealism Human digital rights organizations KnowledgeVirtual communities UniversitiesInnovation institutes Government programmesStandard organizations Commercial innovation
inspired by:
Knowledge management
Conferenceswiki.idplatform.eu
WorkshopsDevCamps
includes:
Potential Identity Providers
& Software vendors
can support
Potential Relying Service Providers
invited to contribute
Monday, June 01, 2009 idplatform.eu 130
Prototype development
Purpose: digital identity awareness and learning Goal: build an operational identity provider prototype Getting there:
Preparation Aug - Oct 2009 (Roadmap, Working groups, Wiki, Con calls, Open Source
Store ) Prototyping
Kick-off 9 – November Two weekends Delivery end of November
Monday, June 01, 2009 idplatform.eu 131
Roadmap [draft]
Shared Rules & terminology
E-Citizen Rights Shared approachEnrollment &
password managementdevice independent
Shared user attribute
profile schema approach
Shared rules & terminology
privacy policy & privacy assurance
Shared Rules & terminology
identifiers
Select one of more code sets as
starting point
European PrivacyData Protection
Directives
7-Laws of Identity XDI
OpenID/OAuth
PRIMEPrivacy and
identity management for Europe
Collect usability andaccessibility guidelines
Usabilityreview
Usabilityreview
Usabilityreview
Usabilityreview
Shared general architecture
& terminology
Shared approach User Data Exchange
Federation rules
European Digital Identity month location?
Thursday Nov 5 Identity debate Weekend Nov 6-8
Devcamp
Nov 9-21 Documentation
Evaluation
Weekend 23-25 Devcamp
Aug
Sep
t O
ct 0
9 pr
epar
atio
n ph
ase
Monday, June 01, 2009 idplatform.eu 132
Start with available Open Source Code: www.idkee.nl
An OpenId/SREG prototype Hosting sponsor Ruby code available Currently operational
Monday, June 01, 2009 idplatform.eu 133
Proposed prototype extensions Legal framework General usability improvements Identifier management
Directed Identity Anonymous, Pseudonyms, Real-names
Proxy email/Right-to-contact Device independent password challenge
Mobile phone, Phone, Desktop Semantic profile transformation