Helping to evangelise a more hygienic digital identity landscape.
Access to most online services today, will require a digital identity. At its most basic, that could be a username and password. At its most complex, a huge array of attributes, containing highly personal data, preferences, history, associations and more.
Organisations are struggling to come to terms with the vast spectrum of digital identity demands being thrust upon them.
The Identity Manifesto aims to provide a simple framework upon which identity and access management programmes can be compared.
12 Point Plan
Many of the early 20th century manifesto's - inspired by the likes of Filippo Tommaso Marinetti's "Manifesto of Futurism", take only 10 to 12 steps in order to gain a utopian mindset.
Dynamic Living Thing
The Identity Manifesto is a living organism. Like most technologies, it must adapt to stay relevant. This initial introduction is there to be challenged and changed.
Whilst conceived and created by an individual, the manifesto should be owned by you - the technical identity community - through absorption of the best ideas and contributions.
A digital identity is a valuable object and should be treated like currency that can be applied to a person, a physical object or a piece of data
A digital identity can be made up of multiple attributes from different sources, but must contain at least one unique attribute for each specific domain the identity operates in
A digital identity will have static and dynamic relationships to other identities, things, services and data, which should be defined by clear interfaces, that are modular and cohesive
There must always be an economic "coincidence of wants" with respect to the providing of identity attribute data to a service provider, API or application
An identity authentication or authorization system must operate consistently for different users, devices and contexts
An identity could be represented by many different personas, where a persona is a collection or subset of attributes, bound to a single identity by a shared attribute, with a persona potentially represented by a device
An identity must have a data owner, with that owner having full control of what attributes it discloses to other services, with an explicit ability to revoke previously disclosed attribute data, whilst also knowing which systems currently hold identity data
An identity can have an attribute custodian and that custodian must uphold the confidentiality, integrity and availability of the data at all times
An identity authentication or authorization system should make decisions based on data other than that of the identity
Implicit sharing of identity attribute data, must be transparent to the data owner - If A shares to B, B cannot share to C without transparency to A.
Before an identity is created, transparency surrounding a right (or not) to be forgotten must be made to the identity data owner
An identity authentication, authorization or storage system must be based on modern open standards wherever possible
© Copyright 2016. All Rights Reserved.