Decentralized identity management

By | July 14, 2012

I recall having discussed with +Daniel Alagiyawanna about something along these lines a while ago – I wonder how close this is to that dream identity management system we were chatting about?

Reshared post from +EuroTech

How To Securely Manage Your Digital Identity
A report about di.me, a decentralized identity management system 
by David Alonso and +Sophie Wrobel, +EuroTech; Germany

More than 400 participants are gathered this week at the 8th Summer School in La Granja de San Ildefonso (Segovia), to discuss some of the current trending topics. One of the courses was organized by AMETIC in collaboration with the Technical University of Madrid (UPM). It deals with the role of information and communications technology in the socio-economic environment. The seminars feature lectures from renowned industry professionals and academics as well as roundtable discussions, and are focusing on the convergence process of technological, market, business, and social factors to meet the challenges posed to reach economic sustainability and job creation. The event has been highly followed on Twitter with the hashtag #AMETICGranja12.

ICT in cooperation: The di.me project on personal information management

At the event, the di.me project gave the attendees a chance to be part of the validation process of a EU-project. Short for “digital me,” the di.me project aims to solve one of the biggest consumer pain points in the Internet world: How can you manage your digitalized information in a comprehensive and secure manner?

After one and a half years of intense work, researchers have come up with a first system prototype. The audience of the AMETIC-UPM summer school was able to understand the main concepts of the project and the planned di.me features, through the handling of the first dime prototype. More than 100 personal private servers running di.me userware were setup for attendees of the summer course, clients for their Android devices could be downloaded for access with personal credentials. A presentation held by the coordinator of the project as well as a booth at the main entrance of the venue helped the attendees with their first contact to di.me.

From the very beginning, attendees showed interest in the main concepts of the project. “The tool implements some basic functionalities at the moment, but it aims to include important improvements on secure management of digital identities” stated Mr. Luis Fernando Álvarez-Gascón, CEO of GMV Security E-solutions, who took part at the round table of R&D and internationalization.

The consortium also ran a focus group of selected technical students yesterday. With guidance from the consortium partners, the students, also expert social networks and mobile applications users, went through the prototype, testing it and making their own suggestions on capabilities and future features. The improvements that the project achieved in terms of digital identity: usage of a personal server to keep personal information; possibility to manage many digital identities through a unique dime identity, as well as switching between identities, and trust and security warnings; etc.

“The change of paradigm regarding the digital identity which di.me proposes, reflects the change that the society is highly asking for” said Sofía Mª Hamezopoulus, one of the students of the UPM, who took part on the focus group. “I am reluctant to have a Facebook or Twitter account, but if a tool based on the di.me security concept would exist, I would feel secure enough to have profiles in these networks,” she stated.

The current dime version features:
1. Decentralized communications. Running on a dedicated personal server, decentralized communications means that unauthorized data access (“hacked server”) lies in your hands. The research team plans on extending the prototype to be able to run off your own private laptop, providing additional control over where your data resides.
2. Simplified control over personal data and digital footprints. Controlled information sharing to:
• Web services: share information over various social networks, including Facebook, Twitter, and LinkedIn.
• External businesses: share information with marketers about preferences to help you avoid unwanted targeted advertising.
• Individuals: decide, based on an adaptive learning trust metric what types and confidentiality level information can be shared with which person or entity, and provides warnings when these rules are overstepped.
3. Context-sensitive analysis. Leveraging semantic technology to be able to categorically analyse meanings in soft data, the system is able to make suggestions based on where you are and what you are doing.
4. Location-specific suggestions. The prototype provides two kinds of location-specific services:
• Remembering whom you met: When attending a trade fair or conference, you typically meet a lot of different people throughout the course of the event. By tracking and analysing surrounding bluetooth and wireless signals, the prototype provides you with a list of groups of people whom you have talked to for a minimum period of time, who have also consented to make themselves ‘found’ through this service.
• Points of interest when on the road: When reasonably far away from your usual home and work networks, chances are that you’re on a business trip somewhere. So di.me suggests attractions, restaurants, and other things that you might be interested in, based on your location.

Technical aspects
The prototype deployed in Segovia consists of three components:
1. The personal server. This is the computational heart of the system, comprising a data storage module, a semantic store, a security module, a context analysis layer, and a communications layer. This unit is also responsible for providing connections to authorized web services and the other di.me prototype components.
2. A mobile client. The mobile client scans and analyses wireless signals to determine your location, and to determine devices in the surrounding proximity. This, in turn, is used to drive suggestions powered by the personal server and any third-party services you may have authorized.
3. A desktop client. This could, under certain circumstances, be used as your personal server.

The prototype also includes a few web services, including:
1. A di.me DNS server. A variant of a standard DNS server and is used for resolving the P2P addressing between di.me personal servers.
2. A proximity service. It helps to resolve the wireless information and turn it into useful information.
3. A point of interest directory. Information about local attractions for event participants, coupled with the usual maps and descriptions about the focus locations.

What are the most compelling arguments for you to use a personal information manager? What would you expect from such a solution – assuming, of course, that you can trust any digital system at all to centrally manage your personal information?

More information:
Di.me project: www.dime-project.eu
Program announcement: cursodeverano.ametic.es/home-curso.aspx
Picture: Top: At the focus group workshop; bottom-left: students filling up the questionnaires; bottom-right: students using the dime prototype
Disclaimer:  David Alonso and Sophie Wrobel are research members on this project.
Tags: #ScienceEveryday

_____________________________________________________
Show your support by plussing the page and sharing it with friends.
→ More +EuroTech news | http://zipl.us/eurotech/feed (RSS)

One thought on “Decentralized identity management

  1. fan tai

    A global identity…  I like it, but I feel that this is one of those interesting research problems that become unsolvable in real life.

    My identity must be under my control.  No one else can access or control it.

    Yet – my identity must also be secured from me.  By that I mean:

    1)  remove the ability to invalidate usage (oh, that wasn't me, really it wasn't) by the user
    2)  remove the ability for abuse in shared environments (today, your android is single use, but it doesn't have to be…) or by 3rd party agents (viruses, malware, etc)

    Reply

Leave a Reply

Your email address will not be published.