The ultimate goal of an identity system with symmetric recognition is to enable users of one digital ecosystem to securely access data or systems available in another ecosystem. This must happen without the need for a federation of digital ecosystem infrastructures and without further recording of user recognition data on each ecosystem where it must operate.
An identity system based on trust in a third party, which does not necessarily have to be the same for everyone, except in the case of the digital ecosystem, 提出了. Each entity that needs a digital identity chooses its own trusted identity provider (IdP) and then the identity providers, 相互交流, will perform the entity recognition. An identity provider is an entity that creates, stores and manages digital identities to offer user authentication as a service, with the legal guarantee that the individual exists and the real identity can only be revealed through an authority.
There are many advantages using this authentication scheme, such as 护照识别的解决方案 or 更安全的投票系统. The user does not need to register multiple times, which better protects their personal data. 此外, the username can also be combined with an email of the same name, 帮助进行联系人管理. The role of the IdP can evolve toward new services. In addition to managing the email associated with the digital identity, it can also manage the related messaging or voice over internet protocol services. 此外, considering the level of legal guarantee of the main identity, the identity provider can issue additional identities without personal data for anonymous but legal activity, such as the whistleblowing process or simply to receive a service without having to present an identity card, 比如当一个人买咖啡的时候.
The use of blockchain would make it possible to make the set of IdPs as well as the users more robust. 例如, this can be helpful when guaranteeing the integrity of the information qualifying the identity, such as the type of identity (natural or legal person) or if the authenticity of the physical identity has been verified by an authority, 或者它是否对应于一个成年人. This general information can be provided without showing any personal data while still being true.
Identity providers must be managed by an international body that verifies their adherence to technical standards and manages the definition of new ones or exclusion of others. 只有一个准确的存在, rigorous and transparent control enables the necessary trust to be granted to the identity provider, in particular to that of the other entity that authenticates itself.
编者按: For further insights on this topic, read 路易吉Sbriz’s recent Journal article, “身份信任系统建模,” ISACA杂志,第6卷,2023年.
