Managing Information Security Chapter 4. Online Identity and User Management Services
Digital identity is the ground necessary to guarantee that the Internet infrastructure is strong enough to meet basic expectations such as security and privacy. Anywhere anytime mobile computing is becoming true. In this ambient intelligent world, the choice of the identity management mechanisms will have a large impact on social, cultural, business and political aspects: privacy is a human need and the all of society would suffer from the demise of privacy; people have hectic life and cannot spend their whole time administering their digital identities. The choice of identity mechanisms will change the social, cultural, business and political environment. Furthermore, the identity management is also a promising topic for modern society. In the first version of this book chapter, it seemed that identity management would be based on the paradigm of federated identity management and user-centric identity management. The first one empowers the management of identity and the second the users to actively manage their identity information and profiles. A time of writing this second edition of the chapter, although the technical building blocks detailed in this chapter remains and are improved, they are hidden under a number of major online social networks providers (Google, Facebook, LinkedIn, Twitter...) where users have already created their account and use this account to automatically log into less well-known online Web sites and services. Firstly, we provide an overview of identity management from identity 1.0 to identity 2.0 and higher, with emphasis on user centric approaches. Also we survey how have evolved the requirements for user-centric identity management and their associated technologies with emphasis on the federated approaches and user-centricity. Secondly, we will focus on related standards XRI and LID issued from Yadis project, and platforms mainly ID-WSF, OpenID, InfoCard, Sxip and Higgins. Thirdly, we discuss user management through “social login” that seems to be the only approach that has won large user adoption and that was not expected at time of writing the first edition of this book chapter. At the end, we cover identity management for mobile settings and focus on the future of mobile identity management.