Some reflections from IIW XVIII

The Internet Identity Workshop, IIW, is held twice a year at the Computer Historical Museum in Mountain View. Identity specialists gather at IIW to discuss a wide range of topics in the Identity space, basically a mosaic of all topics you can think of. Topics are discussed in an un-conference manor which means that there is no preset agenda, the agenda is built on site by all participants.

Some of the notable sessions that I visited during the days at IIW XVIII are outlined below.

Social Identities in the Enterprise

This session was about the use of social identities in the enterprise meaning reusing a users login and identity at user centric networks such as Facebook, Twitter, Google and LinkedIn.

In a social identity it is the user that initiates the creation of the identity and also provides key attributes that are used to propagate to others such as name, address, birth date etc. These attributes, or claims, are important others as they can help to identity a person. But here is the weakness of social identities, since claims are self-asserted a user is capable of entering any attribute to make a claim, for instance there is nothing that stops me from impersonating some one else and then try a make others trust my social identity. Looking into the future I’m sure that we will have methods to validate the trust level of self-claimed identities.

One topic that was discussed during the session was assurance level of social identities and lack of trust frameworks. Here social graphs might be able to address parts of it in combination with some kind of reputation score. There was also some ideas around invites or better called vouch which is then that user A will vouch the identity claims of user B when talking to user C 

There are also issues with unique identifiers for social identity providers as they don’t provide the unique id apart from reusing the e-mail address which is something that will work for some users but not all as a large portion of users uses multiple email-addresses.

The discussion also contained the need for trust frameworks and standardization of attributes used.

NSTIC

A session around the status of NSTIC that was very interesting. The four targets that has been setup are good fundaments of an Identity Eco System;

• Interoperable
• Enhance Privacy
• Resilient
• User Friendly

In the end of the session there was an international discussion and other countries that have successfully deployed eID. That is true today, it is mostly good and works for these countries but there are some potential upcoming issues in these infrastructures that needs to be managed soon.

Per Hägerö

CTO

Introduction to Vendor Relationship Management

Very interesting session hosted by Doc Searls that started off with that vendors need to change the perception they have of the customer. Today everything is about making a customer buy things when we actually should focus on a customer owning things – quite obvious actually. Going to think a bit about that more.

Then a lot of other good discussions such as;

• How do we apply ID Management in user-centric environments?
• Security for Internet of Things, what does it cover?
• What Identity standards that can be apply on Internet of Things?
• Authentication and Authorization for Constrained Environments
• Updates on SSO) for authentication and identity management.">OpenID Connect, UMA, SCIM and OAuth

For full notes visit http://iiw.idcommons.net/IIW_18_Notes