Learning Digital Identity

Learning Digital Identity

by Phillip J. Windley
Released January 2023
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098117696

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

Why is it difficult for so many companies to get digital identity right? If you're still wrestling with even simple identity problems like modern website authentication, this practical book has the answers you need. Author Phil Windley provides conceptual frameworks to help you make sense of all the protocols, standards, and solutions available and includes suggestions for where and when you can apply them.

By linking current social login solutions to emerging self-sovereign identity issues, this book explains how digital identity works and gives you a firm grasp on what's coming and how you can take advantage of it to solve your most pressing identity problems. VPs and directors will learn how to more effectively leverage identity across their businesses.

This book helps you:

  • Learn why functional online identity is still a difficult problem for most companies
  • Understand the purpose of digital identity and why it's fundamental to your business strategy
  • Learn why "rolling your own" digital identity infrastructure is a bad idea
  • Differentiate between core ideas such as authentication and authorization
  • Explore the properties of centralized, federated, and decentralized identity systems
  • Determine the right authorization methods for your specific application
  • Understand core concepts such as trust, risk, security, and privacy
  • Learn how digital identity and self-sovereign identity can make a difference for you and your organization

Publisher resources

View/Submit Errata

Table of contents

  1. Foreword
  2. Preface
    1. Who Is This Book For?
    2. Conventions Used in This Book
    3. O’Reilly Online Learning
    4. How to Contact Us
    5. Acknowledgments
    6. Credits
    7. In Memoriam
  3. 1. The Nature of Identity
    1. A Bundle of Sticks?
    2. Identity Is Bigger Than You Think
    3. No Universal Identity Systems
    4. The Road Ahead
  4. 2. Defining Digital Identity
    1. The Language of Digital Identity
    2. Identity Scenarios in the Physical World
    3. Identity, Security, and Privacy
    4. Digital Identity Perspectives
      1. Tiers of Identity
      2. Locus of Control
    5. Reimagining Decentralized and Distributed
    6. A Common Language
  5. 3. The Problems of Digital Identity
    1. Tacit Knowledge and the Physical World
    2. The Proximity Problem
    3. The Autonomy Problem
    4. The Flexibility Problem
    5. The Consent Problem
    6. The Privacy Problem
    7. The (Lack of) Anonymity Problem
    8. The Interoperability Problem
    9. The Scale Problem
    10. Solving the Problems
  6. 4. The Laws of Digital Identity
    1. An Identity Metasystem
    2. The Laws of Identity
      1. User Control and Consent
      2. Minimal Disclosure for a Constrained Use
      3. Justifiable Parties
      4. Directed Identity
      5. Pluralism of Operators and Technologies
      6. Human Integration
      7. Consistent Experience Across Contexts
    3. Fixing the Problems of Identity
  7. 5. Relationships and Identity
    1. Identity Niches
    2. Relationship Integrity
    3. Relationship Life Span
      1. Anonymity and Pseudonymity
      2. Fluid Multi-Pseudonymity
    4. Relationship Utility
    5. Transactional and Interactional Relationships
    6. Promoting Rich Relationships
  8. 6. The Digital Relationship Lifecycle
    1. Discovering
    2. Co-Creating
    3. Propagating
    4. Using
    5. Updating or Changing
    6. Terminating
    7. Lifecycle Planning
  9. 7. Trust, Confidence, and Risk
    1. Risk and Vulnerability
    2. Fidelity and Provenance
    3. Trust Frameworks
    4. The Nature of Trust
    5. Coherence and Social Systems
    6. Trust, Confidence, and Coherence
  10. 8. Privacy
    1. What Is Privacy?
      1. Communications Privacy and Confidentiality
      2. Information Privacy
      3. Transactional Privacy
    2. Correlation
    3. Privacy, Authenticity, and Confidentiality
    4. Functional Privacy
    5. Privacy by Design
      1. Principle 1: Proactive Not Reactive; Preventive Not Remedial
      2. Principle 2: Privacy as the Default Setting
      3. Principle 3: Privacy Embedded into Design
      4. Principle 4: Full Functionality—Positive-Sum, Not Zero-Sum
      5. Principle 5: End-to-End Security—Full Lifecycle Protection
      6. Principle 6: Visibility and Transparency—Keep It Open
      7. Principle 7: Respect for User Privacy—Keep It User-Centric
    6. Privacy Regulations
      1. General Data Protection Regulation
      2. California Consumer Privacy Act
      3. Other Regulatory Efforts
    7. The Time Value and Time Cost of Privacy
    8. Surveillance Capitalism and Web 2.0
    9. Privacy and Laws of Identity
  11. 9. Integrity, Nonrepudiation, and Confidentiality
    1. Cryptography
      1. Secret Key Cryptography
      2. Public-Key Cryptography
      3. Hybrid Key Systems
      4. Public-Key Cryptosystem Algorithms
      5. Key Generation
      6. Key Management
    2. Message Digests and Hashes
    3. Digital Signatures
    4. Digital Certificates
      1. Certificate Authorities
      2. Certificate Revocation Lists
      3. Public-Key Infrastructures
    5. Zero-Knowledge Proofs
      1. ZKP Systems
      2. Noninteractive ZKPs
    6. Blockchain Basics
      1. Decentralized Consensus
      2. Byzantine Failure and Sybil Attacks
      3. Building a Blockchain
      4. Other Ways of Countering Sybil Attacks
      5. Classifying Blockchains
      6. Should You Use a Blockchain?
    7. The Limitations of PKI
  12. 10. Names, Identifiers, and Discovery
    1. Utah.gov: A Use Case in Naming and Directories
    2. Naming
      1. Namespaces
      2. Identifiers
      3. Zooko’s Triangle
    3. Discovery
      1. Directories
      2. Domain Name System
      3. WebFinger
    4. Heterarchical Directories
      1. Personal Directories and Introductions
      2. Distributed Hash Tables
      3. Using Blockchains for Discovery
    5. Discovery Is Key
  13. 11. Authentication and Relationship Integrity
    1. Enrollment
      1. Identity Proofing
      2. Biometric Collection
      3. Attribute Collection
    2. Authentication Factors
      1. Knowledge Factor: Something You Know
      2. Possession Factor: Something You Have
      3. Inherence Factor: Something You Are
      4. Behavior Factor: Something You Do
      5. Location Factor: Somewhere You Are
      6. Temporal Factor: Some Time You’re In
    3. Authentication Methods
      1. Identifier Only
      2. Identifier and Authentication Factors
      3. Challenge-Response Systems
      4. Token-Based Authentication
    4. Classifying Authentication Strength
      1. The Authentication Pyramid
      2. Authentication Assurance Levels
    5. Account Recovery
    6. Authentication System Properties
      1. Practicality
      2. Appropriate Level of Security
      3. Locational Transparency
      4. Integrable and Flexible
      5. Appropriate Level of Privacy
      6. Reliability
      7. Auditability
      8. Manageability
      9. Federation Support
    7. Authentication Preserves Relationship Integrity
  14. 12. Access Control and Relationship Utility
    1. Policy First
      1. Responsibility
      2. Principle of Least Privilege
      3. Accountability Scales Better Than Enforcement
    2. Authorization Patterns
      1. Mandatory and Discretionary Access Control
      2. User-Based Permission Systems
      3. Access Control Lists
      4. Role-Based Access Control
      5. Attribute- and Policy-Based Access Control
    3. Abstract Authorization Architectures
    4. Representing and Managing Access Control Policies
    5. Handling Complex Policy Sets
    6. Digital Certificates and Access Control
    7. Maintaining Proper Boundaries
  15. 13. Federated Identity—Leveraging Strong Relationships
    1. The Nature of Federated Identity
    2. SSO Versus Federation
    3. Federation in the Credit Card Industry
    4. Three Federation Patterns
      1. Pattern 1: Ad Hoc Federation
      2. Pattern 2: Hub-and-Spoke Federation
      3. Pattern 3: Identity Federation Network
    5. Addressing the Problem of Trust
    6. Network Effects and Digital Identity Management
    7. Federation Methods and Standards
      1. SAML
      2. SAML Authentication Flow
      3. SCIM
      4. OAuth
      5. OpenID Connect
    8. Governing Federation
    9. Networked Federation Wins
  16. 14. Cryptographic Identifiers
    1. The Problem with Email-Based Identifiers
    2. Decentralized Identifiers
      1. DID Properties
      2. DID Syntax
      3. DID Resolution
      4. DID Documents
      5. Indirection and Key Rotation
    3. Autonomic Identifiers
      1. Self-Certification
      2. Peer DIDs
      3. Key Event Receipt Infrastructure
      4. Other Autonomic Identifier Systems
    4. Cryptographic Identifiers and the Laws of Identity
  17. 15. Verifiable Credentials
    1. The Nature of Credentials
      1. Roles in Credential Exchange
      2. Credential Exchange Transfers Trust
    2. Verifiable Credentials
    3. Exchanging VCs
      1. Issuing Credentials
      2. Holding Credentials
      3. Presenting Credentials
    4. Credential Presentation Types
      1. Full Credential Presentation
      2. Derived Credential Presentation
    5. Answering Trust Questions
    6. The Properties of Credential Exchange
    7. VC Ecosystems
    8. Alternatives to DIDs for VC Exchange
    9. A Marketplace for Credentials
    10. VCs Expand Identity Beyond Authn and Authz
  18. 16. Digital Identity Architectures
    1. The Trust Basis for Identifiers
    2. Identity Architectures
      1. Administrative Architecture
      2. Algorithmic Architecture
      3. Autonomic Architecture
    3. Algorithmic and Autonomic Identity in Practice
    4. Comparing Identity Architectures
    5. Power and Legitimacy
    6. Hybrid Architectures
  19. 17. Authentic Digital Relationships
    1. Administrative Identity Systems Create Anemic Relationships
    2. Alternatives to Transactional Relationships
    3. The Self-Sovereign Alternative
    4. Supporting Authentic Relationships
      1. Disintermediating Platforms
      2. Digitizing Auto Accidents
    5. Taking Our Rightful Place in the Digital Sphere
  20. 18. Identity Wallets and Agents
    1. Identity Wallets
    2. Platform Wallets
    3. The Roles of Agents
    4. Properties of Wallets and Agents
    5. SSI Interaction Patterns
      1. DID Authentication Pattern
      2. Single-Party Credential Authorization Pattern
      3. Multiparty Credential Authorization Pattern
      4. Revisiting the Generalized Authentic Data Transfer Pattern
    6. What If I Lose My Phone?
      1. Step 1: Alice Revokes the Lost Agent’s Authorization
      2. Step 2: Alice Rotates Her Relationship Keys
      3. What Alice Has Protected
      4. Protecting the Information in Alice’s Wallet
      5. Censorship Resistance
    7. Web3, Agents, and Digital Embodiment
  21. 19. Smart Identity Agents
    1. Self-Sovereign Authority
      1. Principles of Self-Sovereign Communication
      2. Reciprocal Negotiated Accountability
    2. DID-Based Communication
    3. Exchanging DIDs
    4. DIDComm Messaging
      1. Properties of DIDComm Messaging
      2. Message Formats
    5. Protocological Power
      1. Playing Tic-Tac-Toe
      2. Protocols Beyond Credential Exchange
    6. Smart Agents and the Future of the Internet
    7. Operationalizing Digital Relationships
      1. Multiple Smart Agents
      2. Realizing the Smart Agent Vision
    8. Digital Memories
  22. 20. Identity on the Internet of Things
    1. Access Control for Devices
      1. Using OAuth with Devices
      2. OAuth’s Shortcomings for the IoT
    2. The CompuServe of Things
      1. Online Services
      2. Online 2.0: The Silos Strike Back
      3. A Real, Open Internet of Things
    3. Alternatives to the CompuServe of Things
    4. The Self-Sovereign Internet of Things
      1. DID Relationships for IoT
      2. Use Case 1: Updating Firmware
      3. Use Case 2: Proving Ownership
      4. Use Case 3: Real Customer Service
    5. Relationships in the SSIoT
      1. Multiple Owners
      2. Lending the Truck
      3. Selling the Truck
    6. Unlocking the SSIoT
  23. 21. Identity Policies
    1. Policies and Standards
    2. The Policy Stack
    3. Attributes of a Good Identity Policy
    4. Recording Decisions
    5. Determining Policy Needs
      1. Business-Inspired Projects and Processes
      2. Security Considerations
      3. Privacy Considerations
      4. Information Governance
      5. Meeting External Requirements
      6. Feedback on Existing Policies
    6. Writing Identity Policies
    7. Policy Outline
    8. The Policy Review Framework
    9. Assessing Identity Policies
    10. Enforcement
    11. Procedures
    12. Policy Completes the System
  24. 22. Governing Identity Ecosystems
    1. Governing Administrative Identity Systems
    2. Governing Autonomic Identity Systems
    3. Governing Algorithmic Identity Systems
    4. Governance in a Hybrid Identity Ecosystem
    5. Governing Individual Identity Ecosystems
      1. Credential Fidelity and Confidence
      2. Credential Provenance and Trust
      3. Domain-Specific Trust Frameworks
    6. The Legitimacy of Identity Ecosystems
  25. 23. Generative Identity
    1. A Tale of Two Metasystems
      1. The Social Login Metasystem
      2. The Self-Sovereign Identity Metasystem
    2. Generativity
    3. The Self-Sovereign Internet
      1. Properties of the Self-Sovereign Internet
      2. The Generativity of the Self-Sovereign Internet
    4. Generative Identity
      1. The Generativity of Credential Exchange
      2. Self-Sovereign Identity and Generativity
    5. Our Digital Future
  26. Index
  27. About the Author

Product information

  • Title: Learning Digital Identity
  • Author(s): Phillip J. Windley
  • Release date: January 2023
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098117696