Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- D2.1: Inventory of Topics and Clusters.
- D2.2: Set of use cases and scenarios.
- D2.3: Models.
- D2.6: Identity in a Networked World – Use Cases and Scenarios.
- D2.13: Virtual Persons and Identities.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D2.2: Set of use cases and scenarios
 |
Title: IDENTITY AND IDENTIFICATION |
 |
Identity and Identification
Identity
In the following we refer to a community of reference. Such a community C is either a set of subjects or a set of virtual persons.
Definition 5 (Identifier)An identifier I is a set of information. I is an identifier w.r.t. a community C if and only if there exists a unique element in C that is compatible with I.
For example:
Dad is an identifier in my family,
Fingerprints are supposed to be identifiers w.r.t. the world population,
BIE1 is an identifier w.r.t. the people working at the Berne University of applied Sciences and
A pseudonym can be an identifier w.r.t. the virtual persons active in a chatroom; it may not be relevant outside of it (where other people use the same pseudonym).
Definition 6 (Identity)An identifier I with respect to a community C is an identity of P with respect to the community C and according to an observer if and only if this observer can link I to the element P of C.
Note that according to these definitions, an identifier is independent of any observer whereas an identity always depends on the observer.
For instance, a valid 4-tuple containing name, first name, date of birth and address is an identity of some physical person living in Switzerland for almost any observer in Switzerland. On the other hand, BIE1 is an identity with respect to the employees of the BFH only according to the observers knowing the abbreviation scheme. A so-called Cookie on the Internet is an identity of the virtual person «the one using this browser on this machine» with respect to the users of a web site, according to the administrator of this web site. For most other observers this might be just an identifier.
Identification
Definition 7 (Identification)Identification is a process done by an observer; identification means the process of linking a virtual person to another virtual person or to a subject.
In the identification process, the observer must answer two questions
Do I trust the existence of a link?
Do I trust the non-existence of a link?
There are three cases (Fig.4):
yes / no
no / no
no / yes
The thresholds used in this process to make a decision depend on the application.
Figure 4: The three cases
For the identification of a client by the doorkeeper of a bar, C1 is quite low. On the other hand the confidence in the identity of the person launching a nuclear rocket has to be much higher.
The identification as introduced above leads to two generic cases:
validation of a claimed link (verification of an identity)
search for existing links (search for matches)
Use Cases
Verification of an Identity
We present two typical examples for such a process; of course many more can be thought of.
Login on a System Fig. 5.
Figure 5: Login on a system
The server has to deal with two initially distinct virtual persons: the first one is the virtual person “The one who knows the password of the user FRODO”, the other one is the virtual person “The one sitting at the keyboard”. Moreover, the observer has access to some information tautologically identifying the first virtual person, e.g. an MD5 digest of FRODO’s password. The second virtual person claims to be the first one. Here the server has to check this claim, and usually will do this by asking to provide the password. The level of confidence of the server in the existence of a link between both virtual persons is high enough if and only if the password is correct.
Note that the server can never be sure of the real existence of this link. But to give access to the resources, it is only necessary that the level of confidence in this link be high enough.
Border ControlConsider the situation where you stand in front of a guard at a border, cf. Fig. 6. Usually the guard will ask you to show your passport in order to “check your identity”. More precisely, here again, several entities interact: the guard at the border acting as the observer, the virtual person “The one described by the passport” and the virtual person “The holder of the passport”.
Figure 6: Border Control
Often, the guard will make two different tests:
First, he will try to figure out the validity of the passport; in a way he tries to check the validity of the link between this passport and a subject.
Then, he will check the existence of a link between both virtual persons, using the information available in the passport: a photo or some biometric data.
Search of a Link
The following examples deal with the second kind of identification: search for a possible match between one given virtual person and members of a community of virtual persons. For example, which member of the community matches «best» the given virtual person.
Typical examples: Who is the murderer? To whom do these fingerprints belong? Who is the tallest person in this room?
Chat: Whom do I talk to?You know that your friend Alice spends a lot of time in the evening chatting in a chatroom on the Internet. You know very well which chatroom she’s usually in, and therefore on a Saturday evening, you decide to enter the same one. Several virtual persons are already in the chatroom, and you would like to know behind which pseudonym your friend Alice really is, cf. Fig .7.
The pseudonyms used in the chatroom are tautological identities of the corresponding virtual persons.
Figure 7: Whom do I talk to in this chat?
In this situation, you are the observer of the situation and the community is the set of virtual persons currently active in this chatroom. You know well the virtual person “My friend Alice” and have some information about her. In the chatroom, there are actually n different virtual persons, each one having a name (pseudonym) and some other attributes which are visible to you: for example, how long he/she has been in the chatroom, as well as the partners one specific virtual person is chatting with. You can even eavesdrop on some of the conversations going on and get information thereof. Your goal, as the observer, is now to select the virtual person(s) in the chatroom which you think matches “My friend Alice”.
In an optimal situation, you find only one virtual person that matches Alice’s profile with high probability from your point of view; but in other cases you might not be so sure. Note that in Fig. 7, there are two virtual persons, members 1 and 2 of the chatroom, which belong to the same subject. Such a situation is clearly possible.
What’s her name? Fig. 8.
You quickly go through your memory and try to match one of the virtual persons you’ve met before with the virtual person “Person now standing in front of you”. Again, in this situation, you are the observer trying to get a link that you can trust while eliminating all the other ones.
Figure 8: What’s her name?
| |
   |
|
| 16 / 69 |
