Requirements for a Global Identity Management Service
A Position Paper from OneName Corporation
for the W3C Workshop on Web Services, 11-12 April 2001, San Jose, CA USA
The evolution of the Web from a global library to a global marketplace is well summarized by the introduction to the W3C XML Protocol Activity charter:
“Today, the principal use of the World Wide Web is for
interactive access to documents and applications. In almost all cases, such
access is by human users, typically working through Web browsers, audio
players, or other interactive front-end systems. The Web can grow significantly
in power and scope if it is extended to support communication between
applications, from one program to another.”
To undergo this transition, machines must turn from passive clients and servers of information into agents actively exchanging and managing information on behalf of their owners. To act in this capacity, these agents must represent real-world identities, and must be able to authenticate and certify those identities for sensitive personal and business transactions. Since such functions are central to any web services framework, the purpose of this document is to outline the major requirements for a global identity management service serving both people and businesses.
Like a passport in the real world, the first requirement of a global identity management service is that identity owners be able to use it across all applications, services, and trust domains. This means:
· The service must use globally unique identifiers in a common interchange format, ideally XML text strings.
· The service must support extensible mapping to these identifiers from other commonly used identifiers, including real-world names, domain names, national IDs, phone numbers, email addresses, database keys, etc.
· The service must use a common protocol for asserting and authenticating a global identity. (This protocol should also support multiple credential levels; see #5 below.)
Since there is no limit to the attributes that may be associated with identity, a second key requirement of a global identity management service is that it provide an extensible attribute vocabulary. This means:
· The service and protocol should be based on XML and XML Schemas for universal data representation and schema definition.
· The service must support global vocabulary definition both for identity attributes as well as for control structures used in the protocol itself, including authentication, resolution, and negotiation control vocabulary.
· The service should support distributed local vocabulary definition so that all identity owners may extend data or message definitions as needed for specialized uses.
A true global identity management service must interoperate between all jurisdictions and trust domains. In these circumstances it is impossible to specify all relevant privacy and security requirements. Thus privacy and security must be able to be negotiated on an agent-to-agent basis. This means:
· The service must allow identity owners to control their information subject only to the requirements of their legal jurisdiction.
· The service must use a common a negotiation protocol to allow agent owners to control the privacy and security terms under which they are willing to assert identity or exchange information.
· The protocol must support anonymity and pseudonymity for protection of personal privacy when assertion of real-world identity is not required or desired.
In order for people and businesses worldwide to develop trust and confidence in the ability of automated agents to represent their identity, the infrastructure for a global identity management service must provide adequate accountability, much as the international banking and credit card systems do today. This means:
· All identity owners and service providers should agree to common terms regarding accountability for the representations, negotiations, and actions of their agents. These terms should be set by an independent governing authority (see #7 below).
· The accountability framework should be based on universal legal principles as widely recognized in international law as possible.
· Standard dispute resolution mechanisms should be specified wherever possible make enforcement practical and efficient.
Because of its cross-jurisdictional nature, a global identity management service should not rely on a single registration authority, but rather provide a common protocol and framework for any number of registration authorities. This means:
· The service should support both hierarchical and peer-to-peer registration models; the former providing structured delegation and the latter supporting organic communities.
· In the hierarchical model, common standards and protocols should apply to all registration authorities so that all entities that meet them are free to compete on an equal and non-discriminatory basis.
· Registrations should be portable to other registration authorities as agent owners choose to change service providers.
As with registration, the trans-jurisdictional nature of a global identity management service means that it cannot rely on a single trust network, but must offer an extensible protocol and framework for multiple trust networks. This means:
· The service should support both hierarchical and peer-to-peer certification models; the former providing delegated trust hierarchies and the latter providing organic trust networks.
· In the hierarchical model, common standards and protocols should apply to all certification authorities so that identity owners can be confident in the service as a whole and feel safe crossing trust domains.
· These standards should support multiple trust levels so that simple transactions can be kept simple and identity owners need only be certified to the trust level necessary for the transactions in which they engage.
· These standards should be extensible to new attributes so that specialized trust models can be developed for specific industries and applications.
Any global identification management service meeting the above requirements is inherently an endeavor beyond any single constituency. It requires an independent governing body that represents all constituencies—people, businesses, non-governmental organizations, and governmental bodies—equally and without discrimination. This means:
· The governing authority should be chartered as an international non-profit organization so it is industry-, vendor-, and government-neutral in all respects.
· It should set both technical and operational standards for the service, as the two are tightly intertwined.
· It should manage global vocabulary development for universal identity attributes and global protocol control structures.
· It should set the accountability terms for all agents, including registration and certification authorities.
· It should serve as an impartial root authority for hierarchical registration or certification models.
Adoption and operation of a global web services framework requires that human beings rely on machine agents to a greater extent than ever before. In order for these agents to accomplish real-world business, they must assert and represent real-world identity. For people and businesses, identity is inextricably linked to privacy, security, accountability, and trust. The importance and sensitivity of these issues strongly suggests that any web services framework should include as a core component a global identity management service based on the XML family of standards for interoperability and extensibility. This service should provide negotiated privacy and security under common standards for accountability; be open to all registration and certification authorities; and support both hierarchical and peer-to-peer trust models. Most importantly, such standards should be set by an independent governing authority representing all constituencies impartially and without discrimination.
Extensible Name Service (XNS) and the XNS Public Trust Organization (XNSORG) have been under development since 1998 to meet the requirements for a global identity management service set forth in this paper. Launched in September 2000, XNS is evolving rapidly under the direction of XNSORG as an independent international non-profit organization. The long-term governance model for XNS is currently being developed by the XNSORG Governance Working Group. Since XNS is based closely on the XML standards from W3C, XNSORG welcomes participation by the W3C and its member companies and organizations. For more details and contact information please see http://www.xns.org.