Saturday, September 13, 2008

Identity 2.0

Traditionally Identity has been limited to one source and one verification agent of the same source. Identity information stored at one web portal or site cannot be shared with some other portal or site. Overcoming these limitations, Identity 2.0 resembles the real life Identity Systems where user has one driving license or passport which s/he can use as a proof of identity as and when required. The term Identity 2.0 stems from the web 2.0 term (world wide web transition).

Identity 2.0 is also called digital Identity is a revolution of Identity verification over the internet using technologies like Information cards and OpenID. Every entity (user) can have different Information cards as we have in real life like Driving license, Passport, SSN number etc. User can chose to present one of those available cards as an Identity proof while verification.

Now when user register to a new site, user can present one of the information cards and he need not give any other information. Site can communicate with the Identity provider and validate user's identity and gets other information associated with the user from the Identity provider. This helps user where s/he does not need to remember many user profiles at the same time it also helps site in reducing cost associated with the user management.

Having said this, the transition from Identity 1.0 (Traditional Identity) to Identity 2.0 is not as easy as it looks. There are many technologies which could be used for communication between verification agent and Identity provider like federation (SAML 1.1, SAML 2.0, Liberty), web services but there are no standerds around this. At the same time trust of Identity Provider also remains one of the major issue to be addressed. Uninterrupted availability of Identity provider also is a matter of concern. If user'e identity is compromised, The impact is much more than what i could have been with Identity 1.0 because Identity is shared across multiple sites.

What I would love to see happening with Identity 2.0 is, user owns his Identity data. User has a some sort of device or may be a web page exposing user's Identity information in standerd format. All the sites whom I authorize, can fetch that inforamtion. With this, I become the owner of my Identity information. It brings in its own chellenges of securing data and making sure that only authorized sites can access it user's information.

Following are the technologies will bring difference to Identity 2.0
Web 2.0
Information Cards
Higgins trust framework

From all the technologies listed above, I think Higgins framework will bring in the most difference as there are many giants involved in its development that will help to bring in standerds around it.