Identity

A person's "identity" is a nebulous concept. We perceive a person's identity as an innate definition of a person that uniquely describes that person as an individual.

In reality, our understanding of a person's identity is built upon an incomplete set of attributes that we deem sufficient to differentiate one person from everyone else, but this attribute set is generally far from complete and is at an insufficient level of granularity to uniquely define a person. We normally rely on some level of human recognition that we consider sufficient.

If we meet someone in person, we typically rely on our visual recognition of the person. If we haven't seen the person in several years, we make allowances for the fact that he or she will look older. We still might be surprised if the person has aged significantly since our last meeting, but in general we are able to "identify" the person.

If we don't get to meet face-to-face but only talk to the person on the telephone, we rely on our auditory recognition of the person's voice.

We expect the accent, speech patterns, and voice inflections to match our recollection of the last time we talked. Again, we must make allowances for aging, particularly if the person is young, and we must compensate for poor telecommunications services. In effect, we are content to make compromises in our determination of a person's identity.

While this human recognition cannot occur in the online world, recognizing a person's "digital persona" must similarly make compromises. We must be willing to proceed to offer our online products and services on the basis that a person's identity definition is "good enough" for the purpose to which we are going to use it. We accept a level of risk that matches the application.

In an identity management system, a compromise occurs at two main points:

• In establishing an identity record, trust is placed in the validation of the source documents that verify a person's identity.

• When a person seeks access to a service, trust is placed in the authenticating mechanism (e.g., password, digital certificate).

What Are the Components of a Person's Identity?

An identity is typically defined by a combination of

• Generic attributes, such as name, address, and contact details

• One or more specific attributes that are meaningful to the organization maintaining the identity details

Generic attributes normally apply across identity domains, while specific attributes apply within an identity domain. Within an identity domain, an identity is typically unique.

For instance, a bank will store account details, a company will store payroll numbers, and a town council will store property definitions. Each of these entities represents an identity domain, and each will have one or more identity stores. The specific attributes typically will make the identity unique.

Uniqueness is an inherent requirement in an identity store. If an identity cannot be distinguished from all other identities in the store, it is of little use to systems relying on the identity store. Organizations therefore often append numbers to the end of your name when assigning you an account on their systems to distinguish you from other people in their database who have similar names. (This approach is often the most expedient one for organizations such as Hotmail, but, as you will see in Chapter 3, it is not good practice.)

The definition of some terminology is appropriate at this point. An identity (a person or business) refers to the unique entity defined by a number of attributes, such as name, age, hair color, fingerprint, and so on for a person or name, location, business number, tax number, and so on for a corporation. A person or business can have only one identity in an identity domain. A domain is typically the environment in which the person or business has an identity definition. Each domain might have one or multiple identity stores.

For instance, a teacher has an identity within a school. But the teacher might also be the parent of a son or daughter at the school. In some cases, the school might define two identity domains — one for teachers and one for parents — and maintain separate identities in each, but this practice reduces the effectiveness of the identity management system. For example, there might be computer system access that is permissible for a teacher but not for a parent. If the school is defined as a single identity domain, the policy that prohibits a parent from accessing a system can be enforced, but if the system cannot identify a teacher as being a parent, it cannot.

So Where Does Privacy Fit In?

The problem with privacy is that it is intensely personal; a wide range of perceptions exists regarding what is considered acceptable and what is clearly a violation of privacy. Some people have little concern about the information they will readily provide when applying for a product or service; others will rarely divulge anything more than is absolutely necessary.

Mistrust of organizations, including government agencies, that collect personal information fuels privacy concerns. Stories are legion about hospitals that inadvertently release sensitive patient information or banks that discard client records with banking details still visible.

It is not surprising, therefore, that as the use of online services has increased in recent years, so too has concern about privacy. In a number of areas, privacy advocates have arisen with the express mandate to safeguard the public's privacy. Indeed, civil libertarians often cite privacy concerns in seeking either to stop the deployment of an online service or to severely restrict how a service may collect and use personal data.

Partly in response to such concerns, the attention to privacy protection by online service providers has improved significantly over the past few years, with notable improvement in the protection of private details about their clientele. Most Internet sites now include a privacy statement advising why they are collecting identity information and what they might do with those details. It is unfortunate that so few users bother to read these statements and that even fewer refuse to partake of the service when they disagree with the potential use of their data.

In a recent Web site development project by a state government agency for a community of companies involved in shipping containers through a local port, an...