Identity Landscape

= Introduction =

The Identity Landscape is a community project to create a shared living "map" of the Internet identity space -- the projects, technologies, and standards that are coming together to create an interoperable identity layer for the Internet.

Note: this page is currently a placeholder for the outcome of presentations and discussions at the Internet Identity Workshop to be held in Mountain View December 4-6. In the meantime, feel free to add any content you feel would be appropriate to building an identity landscape.

A lot of the material in the next three sections was taken, with permission, from the blog article of Johannes Ernst at http://netmesh.info/jernst/Digital_Identity/who-is-what-in-identity.html.

Ryan Janssen joined Newbies for Newbies and has contributed significant updates.

= Groups, Communities, Projects =

Bandit
Open-source project that builds a set of loosely-coupled components for Authentication, Authorization, and Auditing. Initiated by Novell. http://www.bandit-project.org.

Concordia
Recently initiated in the context of the Liberty Alliance (see below), Concordia will initially focus on use cases for multi-protocol interoperability. Concordia is legally part of the Liberty Alliance, I believe, but there are some talks (though no actions yet) to charter it under the Identity Commons. http://projectconcordia.org.

DataPortability.org
The purpose of this project is to put existing technologies, techniques, policies and initiatives in context in order to facilitate translation, education, advocacy and ultimately implementation of data portability. http://dataportability.org/

FOAF+SSL
This project uses the SSL stack available in all current browsers to create a global single identity using the X509v3 Subject Alternative Name extension. With this it is possible to create a global identity, one click sign on, access control for the Social Web. Reference to this work can be found on the wiki http://esw.w3.org/topic/foaf+ssl

Higgins
An open-source project currently part of the Eclipse Foundation that develops multi-protocol software components. For example, the Higgins project is developing open-source information card selectors similar to Microsoft CardSpace for other platforms. http://www.eclipse.org/higgins.

Identity Commons
The Identity Commons is an industry association for the collaborative development of the technical, social and legal aspects of a user-centric identity layer on the internet. Many of the other initiatives listed here are chartered as working groups in the Identity Commons. Some of them are formed to accomplish a specific objective and disband shortly thereafter. Others are expected to keep going for a long time. You're already here.

Identity Gang
The Identity Gang is an invitation-based mailing list and public wiki bringing together most of the movers and shakers around identity. Operating as Working Group of the Identity Commons. http://identitygang.org.

IETF
A technical standards body for internet protocol standards. No identity-related work is currently performed there, but there are several related activities. http://www.ietf.org.

ITU-T Focus Group on Identity Management
The ITU is a technical standards body for telecommunications-related protocol standards following international standardization processes. The objective of the Focus Group is to facilitate the development of a generic Identity Management framework, by fostering participation of all telecommunications and ICT experts on Identity Management. http://www.itu.int/ITU-T/studygroups/com17/fgidm.

Kerberos Consortium
Just recently created, the MIT Kerberos Consortium intends "to establish Kerberos as the universal authentication platform for the world's computer networks.". http://www.kerberos.org.

Liberty Alliance
An industry association for the development and promotion of federated identity standards. Established in 2001, it has focused mostly on intra and inter-enterprise scenarios. http://projectliberty.org. UPDATE - As of June 2009, the work of the Liberty Alliance is transitioning to the Kantara Initiative.

Oath
Organization and technology standards to define open authentication protocols. for universal strong authentication on many kinds of devices and networks. http://www.openauthentication.org.

OASIS
A technical standards body for structured information standards. The development of XRI, XDI and SAML identity protocols resides here. http://www.oasis-open.org.

OpenID
OpenID is a community and a set of user-centric identity protocols, facilitated by the OpenID Foundation. OpenID is also chartered as a working group in the Identity Commons. http://openid.net.

OSIS
Organizes and harmonizes the development of software components for the internet-scale identity system by focusing on specific interoperability use cases, and demonstrating these multi-vendor scenarios at public events. Organized as a working group of the Identity Commons. http://osis.netmesh.org.

PRIME
European research project to develop a working prototype of a privacy-enhancing identity management system. https://www.prime-project.eu.

Shibboleth
Part of the Internet 2 project, Shibboleth is an open-source project that provides Web-based Single-Sign-On. http://shibboleth.internet2.edu.

VRM
Initiated by Doc Searls at the Berkman Center at the Harvard Law School, the Vendor Relationship Management project is a community-driven effort to support the creation and building of VRM tools. The VRM project is expected to be chartered under the Identity Commons. http://cyber.law.harvard.edu/projectvrm/Main_Page.

W3C
A technical standards body for web standards. No identity-related work is currently performed there, but there are several related activities. http://www.w3.org.

XDI.org
A non-profit governing the XDI and XRI infrastructure. It also holds the XRI and XDI intellectual property. http://www.xdi.org.

= Conferences=

Digital Identity World
The main identity trade show and conference in the United States.

Identity Open Space
A series of "unconference"-style events produced by Kaliya Hamlin, Doc Searls and Phil Windley, in association with other events such as Digital Identity World. See also Internet Identity Workshop.

Internet Identity Workshop
A series of "unconference"-style workshops produced twice a year by Kaliya Hamlin, Doc Searls and Phil Windley. It is the primary face-to-face gathering of the various individuals and groups working on user-centric identity. It operates as Working Group of the Identity Commons.

IDtrust at NIST
Annual conference at NIST in Gaithersburg, MD (D.C. area). Originally a PKI academic workshop, it has morphed into a more general identity symposium. Attendees consist largely of representatives from higher education and government (both domestic and foreign). http://middleware.internet2.edu/idtrust.

= Protocols, Technology, Projects =

Kerberos
Network authentication protocol developed at MIT and the basis for both Windows and Mac authentication. http://web.mit.edu/Kerberos/

LID
LID uses URLs as identifiers, is fully decentralized and supports multiple underlying protocols such as OpenID, Yadis and PGP/GPG. It was the first URL-based identity technology. http://lid.netmesh.org/

OpenID
OpenID is an open, decentralized, free framework for user-centric digital identity that takes advantage of of already existing internet technology (URI, HTTP, SSL, Diffie-Hellman). http://openid.net/

OAuth
OAuth allows the user to grant access to their private resources on one site (the Service Provider), to another site (called Consumer). OAuth is about giving access to your information without sharing all of your identity. http://oauth.net

SAML
Security Assertion Markup Language (SAML) is an XML security standard It's token based architecture serves as an important component in Liberty, Higgins, Cardspace, and Shibboleth. http://www.oasis-open.org/committees/security/

Shibboleth
Shibboleth is an open source middleware which uses SAML to provides web single sign-on across or within organizational boundaries. http://shibboleth.internet2.edu/

X.509
Cryptography standard that defines most elements of the internet's current PKI components (public key certificates, certificate revocation lists, and attribute certificates) http://www.itu.int/rec/T-REC-X.509/en

Yadis
Meta-data discovery framework for identity services. Now required for OpenID implementations, but useful for many other applications as well that need to discovery services from URLs or other identifiers. http://yadis.org.

VRM
VRM, or Vendor Relationship Management, is the reciprocal of CRM or Customer Relationship Management. It provides customers with tools for engaging with vendors in ways that work for both parties. http://www.projectvrm.org

= Items to Place =

This is simply a starting list of items in alphabetical order to place on the map (taken from a thread on the Identity Gang mailing list).

It's now what's left after the above.


 * i-names and i-numbers
 * OpenPGP
 * Tor

See also


 * http://openliberty.org/wiki/index.php/RelatedProjects

= Other Maps/Lists =

On the Identity Gang list, Ashraf Motiwala recommended the following:


 * http://docs.safehaus.org/display/HAUS/Id+OSS+Map is a map of identity Open Source projects.
 * http://identityaccessmanagement.blogspot.com/2005/05/vendor-list.html is a list of vendors in the identity space.

More maps


 * http://www.xmlgrrl.com/blog/archives/2007/03/28/the-venn-of-identity/ is by Eve Maler and the Liberty Alliance
 * http://identity4all.blogspot.com/2005/11/topology-of-identity-standards.html is a draft of standards and their inter-relations