FIDIS
Future of Identity in the Information Society (No. 507512)
D2.3
[Final], Version: 2.0
File: fidis-wp2-del2.3.models.doc
Page 10
For instance, this document may help to answer (or provide some guide) to a set of identity-
related questions that different audiences may ask, such as:
•
From the end user: What can an Information System really “know” about me?
•
From the IMS designers: How do different application domains deal with identity (in
particular one that I do not know)? Are there some standards that I could use or that
could help me structuring my work?
•
From the researcher: What is done in other disciplines? Can I get inspired, and find
new ideas?
•
From the defenders of privacy: What categories of information are stored in
Information Systems?
•
From government officials: What information on people could I potentially exploit to
provide better public services? (On the condition that the usage of this information is
in conformance with the law).
•
For companies exploiting customer information: What information can I get about my
clients (existing or potential)? (On the condition that the usage of this information is in
conformance with the law).
This document relies in particular on a review of different standards used for representing
identity (such as
LDAP for directory management, HR-XML used in human resource, CIQ -
Customer Information Quality - used in direct-marketing, or Global JXDM used in law
enforcement) to understand the level of representation of identity of the person and the usage
in different application domains.
Note: The description of the standards, which is out of the scope of this document (and is
something that may subsequently be addressed in WP4 ‘interoperability’), is only provided in
the Annex to illustrate more concretely some of the attributes used to represent person’s
information in digital infrastructures.
1.3 The content and structure of this document
The first section of this document is this introduction that sets the scope, the objective and the
structure of this document.
The second section provides an overall presentation of the management of identity
categorisation and of the representation of this identity (or how the person is represented in
Information Systems).
The third section presents in more detail the different categories of attributes used to model
the person, and how they are used in different application domains.
The next section makes an overview of the representation of the person in different
application domains, and of the different standards that can be used “identity-informed”
Information Systems.
The last section concludes the document and provides some directions for future work.
This document finishes with an annex presenting some of the standards (LDAP, vCard, HR-
XML, IMS LIP) that are used to represent person’s information.
FIDIS
Future of Identity in the Information Society (No. 507512)
D2.3
[Final], Version: 2.0
File: fidis-wp2-del2.3.models.doc
Page 11
2 The Management and the Representation of Identity in
Information Systems: an Overview
This section provides a categorised overview of how identity is managed in Information
Systems (for instance how this identity can be controlled by the user, by a trusted third party,
by a non-trusted third party), and how this identity can be represented (for instance, the
different categories of identity attributes that can be distinguished). For a better understanding
two perspectives are taken: the social perspective and the perspective of a person or
individual. This section also indicates what different approaches can be used to acquire
identity related information to describe a person.
Parts of the chapter 2.1 are summarised for a better understanding of “Del 5.2 Thematic
Workshop on ID-theft, privacy and security” and “Del 3.1 Overview on IMS”.
2.1 Categories of IMS, and their application in social systems
2.1.1 Types of IMS
Taking a look at the market of existing IMS (Identity Management Systems), on prototypes,
concepts and IM-related tools, we determine several approaches towards IMS which differ,
e.g. in
a.
Procedure of management (by whom? which operations on data offered?)
b.
Type of managed data (possession of the data: personal or organisational?
comprehensive profiles or selection of roles or partial identities? anonymity or
identifiability?)
With respect to these properties, we observe three main types of IMS (which are explained
and further investigated in Deliverable 3.1):
Type 1: IMS for account management
Type 1 IMS are used for implementing authentication, authorisation, and accounting
2
:
a.
Procedure of management mainly centralised; within groups of organisations which
trust each other administration can be somewhat decentralised to a group of (trusted)
administrators (federated identity management systems, see D3.1)
b.
Type of managed data mainly organisational, roles determined by the provider of the
central system, data in most cases linkable to the individual person
2
http://infosecuritymag.techtarget.com/2002/apr/cover_casestudy.shtml
,
http://www.oracle.com/technology/products/id_mgmt/index.html
http://www3.ca.com/Solutions/ProductFamily.asp?ID=4839