Identity Metasystem & Claims
Introduction to the Identity Metasystem and Claims
The Identity Metasystem and claims provide very powerful tools for modeling the identity and access aspects of systems of all scales and complexity. The ideas and principles behind them, however, are simple and very intuitive. This session will lay down the basic concepts behind the Identity Metasystem, will introduce you to the terminology and in general provide a level set on the subject. If you are not fully familiar with the claims based approach, this session will equip you with the means to get the most from the “Identity Metasystem & Claims” track and to proficiently participate in the industry dialogue on this fundamental topic.
Claims, Reputation and Behavioral Analysis of Online Identities
The goal of confirming an identity of a user remains a challenge in today’s online and offline worlds. To uphold the fundamental laws of identity that a subject is the same as itself: A ≡ A, different attributes of A must be known to discover A. There are several ways prevalent today. It includes word of mouth such as I know this user or he is who he claims to be, it also includes verifying an identity from trusted third parties like Governments, Certificate Authorities, etc.
The subject presents claims and those claims are used to match to known attributes. If these claims are issued by a trusted third party, they are verified offline or online with the third party. To know that the subject presenting claims is the unique subject, enough claims must be collected and matched with known attributes. The richer the sets of attributes about the subjects, and the increased number of claims the subject can possess, the better it is for the systems that can affirm the equation A ≡ A. Also to enhance this model further, it is essential to confirm these claims about ubjects against known attributes in real time. This will avoid TOC‐TOU errors.
Another dimension to this issue is the total number of claims the subject is presenting. Presenting all the possible claims explicitly, can lead to a bad and slow experience. E.g. In an online world, if a user is asked to enter his driver’s license, his redit card number, password, address, phone number, zip code every time he tries to access a web site, it will be a very unpleasant user experience.
In this presentation, we present how to enhance attributes about an subject that include reputation and behavior of the subject. The claims presented by subjects are transparent to the subject and yet it gives a richer set of attributes matching capabilites of the system.
For example, in an online world, behavioral characteristics include how user uses his system, which machines he uses to access he system, how he uses keyboards, mice, where he shops, what type of item he buys, etc. contrast usability/privacy/security properties of the proposal and tie that to user centric identities.
Using Claims to Convey Trust Across Identity Boundaries
This presentation will show how Trust that is created in the real world via In-Person Proofing events, can be leveraged to create digital identities and enable safer online transactions. It describes how one of the leading school district in the US is using claims-based access platform to simplify the deployment of educational resources and reduce management costs.
The case study is relevant beyond the educational sector and in many diverse enterprise contexts such as authorization and procurement. It is an invitation to developers—in education and elsewhere—to start building claims-aware applications that span across identity boundaries.