openid and-usercentric-identity-its-all-about-me-1199787052835912-2

Joint Information Systems Committee

OpenID and User-Centric Identity: It’s All About MeNicole Harris, JISC Executive


An Apology

Today, I will be saying very little about OpenID


What are we talking about?

Identity 2.0??


“in Identity 2.0, usage of identity more closely resembles today's offline identity systems, but with the advantages of a digital medium. As with a driver's license, the issuer provides the user with a certified document containing claims. The user can then choose to show this information

when the situation requires.”

Burton Group


What are we talking about?

The multiple identity problem?


Multiple Identities


Approaches to managing multiple affiliations

and lots more……


Identity 2.0 Is Too Ill-Defined for Imminent Deployment

Gartner, 9th August 2006


We are talking about…

What services are users accessing?

Who is responsible?


Access and Identity Within the UK

Service Provider Credentials

Single Central Identity Provider

Devolved A

uthentication

User C

entric Identity??


Managing Identity or..


Managing Resource Access


What’s the difference?


It’s All About Me


What is my Identity? Personal Information

27th April 1977 [email protected]

Victoria

07734 058308


What is my Identity? Stuff I like


What is my Identity? Stuff I am Allowed to do


Disconnecting Identity from Resources


Can I manage my own identity?


Redefining the institutional role as identity provider and service provider for students


The role of the broker


Direct Relationship between User-Institution-Resource


No Direct Relationship Between User-Institution-Resource


Questions

When is it better for the institution to physically host the resource for an end-user? Institution provided blogs, wikis, google video etc.?

When is it better for the institution to manage an identity for the end-user? (registration / revocation).

When is it better for the institution to verify identity for service providers? (authentication)

When is it better for the institution to broker access to resources for the end-user (authorisation process)? Can this be disaggregated from all service providers?

Do we have the infrastructure to allow institutions to broker access against a user-managed identity?

Where will this be important?

Who benefits, and where?


So, OpenID?

Important role to play in providing the infrastructure to allow us to move forward.

Better than e-mail verification.

Role for institutions as an OpenIDprovider?

Links to ‘policy-lite’ approaches.

Single digital identity very important.

Great for people without an identity provider.


What is JISC Doing?

Full review of access and identity management against the Information Environment.

Identity Project: reporting soon. Focus on current landscape within institutions.

OpenID / external identity provision study to be commissioned.

Identity Metasystems study to be commissioned.

Personalisation study.

E-Portfolio work: ULN??

Importance of links to repositories work.

Users and Innovation Programme.


Contacts

[email protected]

[email protected]

www.jisc.ac.uk

mailto:[email protected]

mailto:[email protected]

http://www.jisc.ac.uk/

openid and-usercentric-identity-its-all-about-me-1199787052835912-2

Business

information environment

personal information

identity management

disconnecting identity

usage of identity

identity project

todays offlineidentity

usercentric identity