identity metasystem

(redirected from identity system)

identity metasystem

An infrastructure that enables different Internet identity systems to work in a secure manner with a consistent user interface. The identity metasystem was first developed by Microsoft and was embodied in the now-defunct CardSpace system (see Windows CardSpace). Higgins is an open source identity metasystem that supports all platforms and is compatible with CardSpace (see Higgins project).

The identity metasystem is designed to prevent identity theft on the Internet by providing a secure framework for authentication as well as give users control over the data they share on websites. If and when fully implemented, it would provide a system that eliminates the myriad usernames and passwords for each user. It would replace the browser password manager with a more secure system.

Multiple Authenticators
The identity metasystem lets multiple organizations authenticate a user's identity just as a driver's license and credit card serve as two forms of ID in day-to-day life. The user confirms what should be used to satisfy a website's request for authentication.

The Wallet Metaphor - Information Cards
The metasystem uses "information cards," which are the digital counterpart to the plastic cards people keep in their wallets. The user is presented with a window full of card images to choose from, just like you might remove all your business, ID and credit cards from your wallet and lay them out on a table.

Personal cards (p-cards) are self-issued and hold the data users typically type into website registration forms. A person can create multiple p-cards, with one card having more data than another.

Managed information cards (m-cards), such as membership ID cards and credit cards, are issued by organizations. M-card data are stored on the managed card provider's site, while p-card data are stored on the user's computer. However, transaction history for all cards is stored on the client side.

The identity metasystem also supports the OpenID authentication system, and one of the cards in the card selector can be an OpenID card (see OpenID).

Relying Parties Rely on Identity Providers
A website that accepts information cards is known as the "relying party," because it relies on a third-party "identity provider" for authentication, rather than authenticate the user directly as is common today.

The software in the user's computer that orchestrates the interaction between the relying party (RP) and the identity provider (IdP) is the "card selector," also called the "identity selector." The CardSpace and Higgins software in the user's computer is the card selector.

When a user visits an information card-compliant site, the site (the relying party) states its identity requirements, and the user's card selector highlights the cards that meet those requirements. The user confirms the selection, and a request is sent to the identity provider. The identity provider sends back a digitally signed token that the user can inspect to be sure it is genuine before releasing it to the relying party for authentication.

In the case of a personal card, the card selector functions as the identity provider and sends a secure token to the relying party.

The identity metasystem uses the term "claims" to refer to any data that is captured in information cards. Although the term "assertion" has been traditionally used, "claim" implies that it has to be proven.

Web Services Protocols
An identity metasystem relies on the Web services protocols for interaction between the relying party (RP), the identity provider (IdP) and the card selector. See Windows CardSpace, Higgins project, Web services protocols and Identity 2.0.

The Authentication Process
The card selector highlights the card that satisfies the site's identity requirements and sends it to the identity provider (IdP) with the user's approval. The IdP returns a security token that is forwarded to the relying party, once again, via the user's confirmation. The PIN exchange in step 5 is optional.
References in periodicals archive ?
com services with Cambridge Blockchain's distributed digital identity system resolves the competing challenges of transparency and privacy, resulting in faster customer onboarding, lower costs, and enhanced compliance through a single, trusted and consistent view of customer reference data.
Brand components, such as the logo, tagline, imagery, colors, shapes, tone of voice, layout, style and font type are ingredients in creating the unique identity system of an association's brand communication.
The company also introduced a new logo and visual identity system.
This is a first e-Governance initiative towards establishing an electronic National Identity System for the country.
tech giant aims to use blockchain, the technology that underpins the cryptocurrency bitcoin, to create a secure identity system that will allow for the independent verification of people's identities.
A brand identity system includes typefaces, colors, layouts and anything that visually represents the brand and its appropriate use across various applications.
They are objecting to students being asked to have their thumbprints scanned as part of an electronic identity system.
A Commission survey in 2007 showed that the majority of the member states use or are considering using an electronic identity system.
The DTC550 Card Identity System is designed for medium to large enterprises.
says, "Since CMC has grown larger and stronger over many years, offering more services in more places to more customers, the company needs a single, streamlined identity system that helps customers worldwide always know when they're doing business with CMC.
Among the many changes announced are a new logo and corporate identity system including new corporate colors, new print collateral and advertising, a new Web site, and a new tagline, "Come to expect it.
Under the Call Line Identity system, a data base in Edinburgh picks up the caller's location and flashes the postcode on to a screen in the relevant emergency control room.

Full browser ?