Thursday, June 15, 2006
Dick Hardt put an interesting item on Identity 2.0. It is an attempt at a layered model for Identity. The 4 layers being: 4. asserted identity 3. entity identity 2. profile identity 1. session identity Go to (http://identity20.com/?p=58) for the details. I have been thinking more about these 4 layers of identity. Between layer 3 and 4 (entity identity and asserted identity) does it make sense to establish an additional layer: Inferred Identity. If you think about it on a daily basis when we conduct transactions we make inferences from the data we are dealing with. If we compile enough identity fragments we make an inference about the legitimate identity of an individual. For example: A vendor may accept a copy of a billing statement from a utility vendor in conjunction with one or two other items of identification to determine if a person can open an account. Each identity fragment on its own may not be from a "trusted source" but when we see a group of fragments that demonstrate a common thread, such as home address, we infer that all of the combined fragments are valid. Therefore: 3.5 Inferred Identity is where multiple, partially overlapping identity fragments from multiple untrusted sources are combined to make a statement about the entity or session. This could be that a series of sites confirm that the user is based at the same home address of record and the last 4 digits of the users credit card is recorded as the same by one of these sites plus an additional site.
Posted by Mark Scrimshire at 11:16 PM