A Sufficiently Rich Model of
(Id)entity, Authentication and Authorisation
Roger Clarke
Xamax Consultancy, Canberra
Visiting Professor – Cyberspace Law & Policy Centre @ UNSW
and at the ANU and the Uni. of Hong Kong
http://www.rogerclarke.com/ID/IdModel-090605 {.html,.ppt}
http://www.rogerclarke.com/ID/IdModelGloss.html
IDIS 2009 – Workshop on Identity in the Information Society
LSE – 5 June 2009
Copyright
1987-2009
1
A Dialect to Support Discourse on
'Identity in the Information Society'
AGENDA
•
•
Preliminaries
The Model
•
The Basic Model
•
•
Identity, Identifier; Entity, Entifier; Nym
Sample Applications
(Id)entification
•
Authentication
•
Authorisation
Applications of the Model
•
•
Copyright
1987-2009
2
Copyright
1987-2009
3
Preliminaries
•
•
•
•
•
•
Deep discourse in a domain needs a specialist dialect
Sufficient richness involves about 50 concepts
and relationships among the concepts
50 neologisms is too much, so use existing terms
Existing terms carry a lot of baggage
Each term:
•
requires explicit definition
•
must be related to other terms in the model
For each term, the specialist meaning will conflict with
the (in most cases, many) existing usages
Copyright
1987-2009
4
Identity and Identifier
Names
Codes
Roles
Copyright
1987-2009
5
The Entity/ies underlying an Identity
Copyright
1987-2009
6
Entity and Entifier
Copyright
1987-2009
7
Nymity
Copyright
1987-2009
8
Copyright
1987-2009
9
(Id)entification
•
Identification
The process of associating data with a particular Identity
Achieved by acquiring an Identifier for the Identity
Copyright
1987-2009
10
(Id)entification
•
Identification
The process of associating data with a particular Identity
Achieved by acquiring an Identifier for the Identity
•
Entification
The process of associating data with a particular Entity
Achieved by acquiring an Entifier for the Entity
Copyright
1987-2009
11
(Id)entification
•
Identification
The process of associating data with a particular Identity
Achieved by acquiring an Identifier for the Identity
•
Entification
The process of associating data with a particular Entity
Achieved by acquiring an Entifier for the Entity
•
Token
A recording medium for an Entifier or Identifier
•
Identity Silo
A restricted-purpose Identity, and associated Identifier(s)
Copyright
1987-2009
12
Authentication of Assertions
•
•
•
Authentication: A process that establishes
a level of confidence in an Assertion
Assertion: a proposition relating to ...
Assertion Types: a fact, the quality of a Dataitem, the value of an Entity, the Location of an Entity,
an Attribute of an Entity or an Identity,
an Entity, or an Identity
Copyright
1987-2009
13
Authentication of Assertions
•
•
•
•
•
•
Authentication: A process that establishes
a level of confidence in an Assertion
Assertion: a proposition relating to ...
Assertion Types: a fact, the quality of a Dataitem, the value of an Entity, the Location of an Entity,
an Attribute of an Entity or an Identity,
an Entity, or an Identity
Authenticator: evidence ...
Credential: a physical or digital Authenticator
EOI: an Authenticator for Identity Assertions
Copyright
1987-2009
14
Copyright
1987-2009
Authorisation
15
Copyright
1987-2009
Authorisation
16
Authorisation:
Access Control
Copyright
1987-2009
17
Applications
•
•
•
•
•
•
•
•
Copyright
1987-2009
Goods
Packaging
Animals
Vehicles
Devices
Software
Organisations
Humans
18
Proxies for Humans
•
•
•
•
•
•
•
•
Copyright
1987-2009
Goods
Packaging
Animals
Vehicles
Devices
Software
Organisations
Humans
•
Personal Goods
•
•
Pets
Personal Vehicles
Personal Handhelds
Reg-Code, IP-Address
•
Embedded Chips
•
•
19
Case 1 – Mobile Phones
•
•
•
•
Entifier for the Product – model-name, model-number
Entifier for the Handset – Serial-Number of the device
•
Mobile Equipment Identity (IMEI) – GSM / UMTS
•
Electronic Serial Number (ESN) or
Mobile Equipment Identifier (MEID) – CDMA
Identifier for the Persona – Serial-Number of a chip
•
Subscriber Identity Module (SIM) – GSM / UMTS
•
Removable User Identity Module (R-UIM) or
CDMA Subscriber Identity Module (CSIM) – CDMA
•
Universal Subscriber Identity Module (USIM) – 3G
Proxy-(Id)entifier – MAC Address / NICId, or IP-Address
Copyright
1987-2009
20
Case 2 – Organisations
•
Organisations are non-corporeal, 'shared hallucinations'
•
'Incorporation' is illusory
•
A register-entry is evidence, not substantiation
Copyright
1987-2009
21
Case 2 – Organisations
•
Organisations are non-corporeal, 'shared hallucinations'
•
'Incorporation' is illusory
•
A register-entry is evidence, not substantiation
•
Entifier
•
name, registration-code
Identifier
•
business division, business name, brand, logo
(Id)entity Authentication
•
corporate seal?? signatures??
•
•
•
All 'corporate acts' are done by human agents, so ...
Copyright
1987-2009
22
Case 3 – Humans
Copyright
1987-2009
23
Defined Terms in the Model
•
•
•
•
•
entity, identity, anonymity, pseudonymity, nymity, attributes
record, data item, digital persona, data silo
(id)entifier, (id)entification, token, nym, anonym, pseudonym,
identity silo, multi-purpose / general-purpose identifier
authentication, authentication strength, assertion, assertion
categories, authenticator, credential, (id)entity authentication,
evidence of (id)entity, (id)entity credential
authorisation/permission/privilege,
user, loginid/userid/username, account,
access control, registration, pre-authentication, enrolment,
single sign-on, simplified sign-on, identity management
Copyright
1987-2009
24
A Dialect to Support Discourse on
'Identity in the Information Society'
AGENDA
•
•
Preliminaries
The Model
•
The Basic Model
•
•
Identity, Identifier; Entity, Entifier; Nym
Sample Applications
(Id)entification
•
Authentication
•
Authorisation
Applications of the Model
•
•
Copyright
1987-2009
25
A Sufficiently Rich Model of
(Id)entity, Authentication and Authorisation
Roger Clarke
Xamax Consultancy, Canberra
Visiting Professor – Cyberspace Law & Policy Centre @ UNSW
and at the ANU and the Uni. of Hong Kong
http://www.rogerclarke.com/ID/IdModel-090605 {.html,.ppt}
http://www.rogerclarke.com/ID/IdModelGloss.html
IDIS 2009 – Workshop on Identity in the Information Society
LSE – 5 June 2009
Copyright
1987-2009
26