Secure Anonymous Digital Identity

From IDESG Wiki
Jump to navigation Jump to search

Template:Comment

Use Case Metadata

Title

Secure Anonymous Digital Identity

Status

Use Case Lifecycle Status

Contributed Working Draft Committee Review Compilation Approval Publication
This use case has been sent to the IDESG Committees for their review. When committee comments are resolved and all individual use case criteria are met, this use case will be a candidate for compilation. The IDESG Standards Coordinating Committee may select this use case for including in the Compilation phase.


Use Case AHG Review Status

This use case was reviewed by the User Case AHG on 2013-09-25.

Use Case Category

Identity

Contributor

Ian Dobson

Use Case Content

Use Case Description

Create an anonymous crypto "Core Identifier" key unique to you through immutable binding to your real-world "Core Identity" and which cannot be reverse-engineered to reveal your real-world identity but which you and only you can then use as your user-centric online identifier to create as many online personas as you wish.

Actors

  • Trusted infrastructure of authorized issuers
  • trusted process, device and crypto for authorized issuers to create Core Identifiers
  • users to use their Core Identifiers to create and maintain their personas

Goals / User Stories

user-centric single online identifier that is anonymous but due to it's trusted creation process and biometric key provides users with a low-cost unique anonymous online identifier which they can present as a globally trusted identifier asserting that "you are you" to relying parties, such that they will accept it together with required attributes to create your personas

Assumptions

  • optimum trust in the infrastructure and process to create every Core Identifier.
  • Core Identifier is only usable by the owning (real-world) Core Identity
  • the process to create a Core identifier must bind immutably to the Core Identity
  • Additional assumptions are described in Jericho Identity Commandments #1, #2 & #3

Process Flow

Because you are you and always will be you, there is every reason why the real-world unique "you" should be translated into a parallel online-world "you". The translation process must

  • be trusted as high integrity (certified process, equipment, and authorized issuers)
  • take a short time to do
  • be low cost
  • assure interoperability
  • be immutable i.e. enduring and unchanging, to guarantee its validity
  • not record any real-world attributes of the real-world Core Identity
  • use certified crypto to assure reverse engineering cannot be successful.

Full process is described in Jericho Forum references listed below:

  • Identity Videos #1 and #2 (each approx 4 minutes)
  • Identity Key Concepts Guide, sections 3.1 & 3.2

Success Scenario

take your Core Identifier to your Government along with acceptable proof of citizenship to create an e-citizen persona.

Then take your e-citizen persona to your electoral authority when you need to register to vote in an election, so creating anonymous voting persona which allows you to vote from anywhere in the world, anonymously, but only once because the voting process necessitates recording of each vote so records "this anonymous person voted" and prevents it voting more than once, though importantly NOT how you voted. In situations where failure to vote may incur penalties, because a persona can go down (but not up) your identity tree, you can prove that your persona voted.

Demonstrated success example is Austrian e-Government Innovationszentrum (EGIZ) scheme outlined in Jericho Forum Identity Key Concepts Chapter 5.

Error Conditions


Relationships

References and Citations

  • Jericho Forum Identity Commandments, available via a link at

https://collaboration.opengroup.org/jericho/, or directly at https://www2.opengroup.org/ogsys/catalog/W125

or directly at

  • Jericho Forum Identity Key Concepts Guide, available via a link at

https://collaboration.opengroup.org/jericho/, or directly at https://www2.opengroup.org/ogsys/catalog/G128

NSTIC Guiding Principles Considerations

Privacy Considerations

Security Considerations

User Experience/Usability Considerations

Interoperability Considerations

Domain Expert Working Group Considerations

Financial

Health Care

Derived Requirements