Embed Size (px)
Citation preview
Copyright1987-2009
1
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor – Cyberspace Law & Policy Centre @ UNSW
and at the ANU and the Uni. of Hong Kong
http://www.rogerclarke.com/ID/IdModel-090605 {.html,.ppt}http://www.rogerclarke.com/ID/IdModelGloss.html
IDIS 2009 – Workshop on Identity in the Information Society
LSE – 5 June 2009
A Sufficiently Rich Model of(Id)entity, Authentication and
Authorisation
Copyright1987-2009
2
A Dialect to Support Discourse on 'Identity in the Information Society'
AGENDA• Preliminaries• The Model
• The Basic Model• Identity, Identifier; Entity, Entifier;
Nym• Sample Applications
• (Id)entification• Authentication• Authorisation
• Applications of the Model
Copyright1987-2009
3
Copyright1987-2009
4
Preliminaries• Deep discourse in a domain needs a specialist
dialect• Sufficient richness involves about 50 concepts
and relationships among the concepts • 50 neologisms is too much, so use existing terms• Existing terms carry a lot of baggage• Each term:
• requires explicit definition• must be related to other terms in the model
• For each term, the specialist meaning will conflict with the (in most cases, many) existing usages
Copyright1987-2009
5
NamesCodes
Roles
Identifier + Data-Items
Identity andAttributes
RealWorld
AbstractWorld
Identity and Identifier
Copyright1987-2009
6
Entity andAttributes
RealWorld
AbstractWorld
Identifier + Data-Items
Identity andAttributes
The Entity/ies underlying an Identity
Copyright1987-2009
7
Entity andAttributes
RealWorld
AbstractWorld
Entifier + Data-Items
Identifier + Data-Items
Identity andAttributes
Entity and Entifier
Copyright1987-2009
8
Entity andAttributes
RealWorld
AbstractWorld
Record:
Entifier + Data-Items
Record:
Identifier + Data-Items
Identity andAttributes
Record:
Nym + Data-Items
Identity andAttributes
m
n
m
n
1
1 1
n n n
Nymity
Copyright1987-2009
9
Copyright1987-2009
10
(Id)entification• Identification
The process of associating data with a particular IdentityAchieved by acquiring an Identifier for the Identity
Copyright1987-2009
11
(Id)entification• Identification
The process of associating data with a particular IdentityAchieved by acquiring an Identifier for the Identity
• EntificationThe process of associating data with a particular EntityAchieved by acquiring an Entifier for the Entity
Copyright1987-2009
12
(Id)entification• Identification
The process of associating data with a particular IdentityAchieved by acquiring an Identifier for the Identity
• EntificationThe process of associating data with a particular EntityAchieved by acquiring an Entifier for the Entity
• TokenA recording medium for an Entifier or Identifier
• Identity SiloA restricted-purpose Identity, and associated Identifier(s)
Copyright1987-2009
13
Authentication of Assertions• Authentication: A process that establishes
a level of confidence in an Assertion• Assertion: a proposition relating to ...• Assertion Types: a fact, the quality of a
Data-item, the value of an Entity, the Location of an Entity, an Attribute of an Entity or an Identity, an Entity, or an Identity
Copyright1987-2009
14
Authentication of Assertions• Authentication: A process that establishes
a level of confidence in an Assertion• Assertion: a proposition relating to ...• Assertion Types: a fact, the quality of a
Data-item, the value of an Entity, the Location of an Entity, an Attribute of an Entity or an Identity, an Entity, or an Identity
• Authenticator: evidence ...• Credential: a physical or digital Authenticator• EOI: an Authenticator for Identity Assertions
Copyright1987-2009
15
Authorisation
Copyright1987-2009
16
Authorisation
Copyright1987-2009
17
Authorisation:Access ControlRegistration
Pre-Authenticationof Evidence of
Identity or Attribute
EnrolmentDecide
Access Permissions
Issue ofAuthenticator
Permissions Store Access
Control List
Authenticationusing the Issued
Authenticator
AuthorisationAccessControl
Registerof
Authenticators
Copyright1987-2009
18
Applications
• Goods• Packaging• Animals• Vehicles• Devices• Software• Organisations• Humans
Copyright1987-2009
19
Proxies for Humans
• Goods• Packaging• Animals• Vehicles• Devices• Software• Organisations• Humans
• Personal Goods
• Pets• Personal Vehicles• Personal Handhelds• Reg-Code, IP-Address
• Embedded Chips
Copyright1987-2009
20
Case 1 – Mobile Phones• Entifier for the Product – model-name, model-number• Entifier for the Handset – Serial-Number of the device
• Mobile Equipment Identity (IMEI) – GSM / UMTS• Electronic Serial Number (ESN) or
Mobile Equipment Identifier (MEID) – CDMA• Identifier for the Persona – Serial-Number of a chip
• Subscriber Identity Module (SIM) – GSM / UMTS• Removable User Identity Module (R-UIM) or
CDMA Subscriber Identity Module (CSIM) – CDMA• Universal Subscriber Identity Module (USIM) – 3G
• Proxy-(Id)entifier – MAC Address / NICId, or IP-Address
Copyright1987-2009
21
Case 2 – Organisations• Organisations are non-corporeal, 'shared
hallucinations'• 'Incorporation' is illusory• A register-entry is evidence, not
substantiation
Copyright1987-2009
22
Case 2 – Organisations• Organisations are non-corporeal, 'shared
hallucinations'• 'Incorporation' is illusory• A register-entry is evidence, not substantiation
• Entifier• name, registration-code
• Identifier• business division, business name, brand, logo
• (Id)entity Authentication• corporate seal?? signatures??
• All 'corporate acts' are done by human agents, so ...
Copyright1987-2009
23
Case 3 – Humans
Copyright1987-2009
24
Defined Terms in the Model• entity, identity, anonymity, pseudonymity, nymity, attributes• record, data item, digital persona, data silo• (id)entifier, (id)entification, token, nym, anonym, pseudonym,
identity silo, multi-purpose / general-purpose identifier• authentication, authentication strength, assertion, assertion
categories, authenticator, credential, (id)entity authentication, evidence of (id)entity, (id)entity credential
• authorisation/permission/privilege, user, loginid/userid/username, account, access control, registration, pre-authentication, enrolment, single sign-on, simplified sign-on, identity management
Copyright1987-2009
25
A Dialect to Support Discourse on 'Identity in the Information Society'
AGENDA• Preliminaries• The Model
• The Basic Model• Identity, Identifier; Entity, Entifier;
Nym• Sample Applications
• (Id)entification• Authentication• Authorisation
• Applications of the Model
Copyright1987-2009
26
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor – Cyberspace Law & Policy Centre @ UNSW
and at the ANU and the Uni. of Hong Kong
http://www.rogerclarke.com/ID/IdModel-090605 {.html,.ppt}http://www.rogerclarke.com/ID/IdModelGloss.html
IDIS 2009 – Workshop on Identity in the Information Society
LSE – 5 June 2009
A Sufficiently Rich Model of(Id)entity, Authentication and
Authorisation
