Advertisement

Open Algorithms for Identity Federation

  • Thomas HardjonoEmail author
  • Alex Pentland
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 887)

Abstract

The identity problem today is a data-sharing problem. Today the fixed attributes approach adopted by the consumer identity management industry provides only limited information about an individual, and therefore, is of limited value to the service providers and other participants in the identity ecosystem. This paper proposes the use of the Open Algorithms (OPAL) paradigm to address the increasing need for individuals and organizations to share data in a privacy-preserving manner. Instead of exchanging static or fixed attributes, participants in the ecosystem will be able to obtain better insight through a collective sharing of algorithms, governed through a trust network. Algorithms for specific datasets must be vetted to be privacy-preserving, fair and free from bias.

Keywords

Digital identity Open algorithms Data privacy Trust networks 

Notes

Acknowledgment

The authors thank the following for inputs and insights (alphabetically): Abdulrahman Alotaibi, Stephen Buckley, Raju Chithambaram, Keeley Erhardt, Indu Kodukula, Emmanuel Letouz, Eve Maler, Carlos Mazariegos, Yves-Alexandre de Montjoye, Ken Ong, Kumar Ramanathan, Justin Richer, David Shrier, and Charles Walton. We also thank the reviewers for valuable suggestions on improvements for the paper.

References

  1. 1.
    Pentland, A., Shrier, D., Hardjono, T., Wladawsky-Berger, I.: Towards an internet of trusted data: input to the whitehouse commission on enhancing national cybersecurity. In: Hardjono, T., Pentland, A., Shrier, D. (eds.) Trust::Data - A New Framework for Identity and Data Sharing, Visionary Future, pp. 21–49 (2016)Google Scholar
  2. 2.
    Pentland, A.: Social Physics: How Social Networks Can Make Us Smarter. Penguin Books (2015)Google Scholar
  3. 3.
    Pentland, A., Reid, T., Heibeck, T.: Big data and health - revolutionizing medicine and public health: report of the big data and health working group 2013. World Innovation Summit for Health, Qatar Foundation, Technical report, December 2013. http://www.wish-qatar.org/app/media/382
  4. 4.
    World Economic Forum. Personal Data: The Emergence of a New Asset Class (2011). http://www.weforum.org/reports/personal-data-emergence-new-asset-class
  5. 5.
    European Commission: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Off. J. Eur. Union L119, 1–88 (2016)Google Scholar
  6. 6.
    Abelson, R., Goldstein, M.: Millions of Anthem customers targeted in cyberattack. New York Times, February 2015. https://www.nytimes.com/2015/02/05/business/hackers-breached-data-of-millions-insurer-says.html
  7. 7.
    Bernard, T.S., Hsu, T., Perlroth, N., Lieber, R.: Equifax says cyberattack may have affected 143 million in the U.S. New York Times, September 2017. https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html
  8. 8.
    Gartner: 2017 Planning Guide for Identity and Access Management, Gartner Inc., Report, October 2016Google Scholar
  9. 9.
    OASIS: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0, March 2005. https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
  10. 10.
    Liberty Alliance: https://en.wikipedia.org/wiki/Liberty_Alliance. Accessed 29 May 2017
  11. 11.
    OASIS: Assertions and protocols for the OASIS security assertion markup language (SAML) V2.0, March 2005. http://docs.oasisopen.org/security/saml/v2.0/ saml-core-2.0-os.pdf
  12. 12.
    Morgan, R.L., Cantor, S., Carmody, S., Hoehn, W., Klingenstein, K.: Federated security: the shibboleth approach. EDUCAUSE Q. 27(4), 1217 (2004)Google Scholar
  13. 13.
    Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The kerberos network authentication service (V5). RFC 4120 (Proposed Standard), Internet Engineering Task Force, July 2005, updated by RFCs 4537, 5021, 5896, 6111, 6112, 6113, 6649, 6806. http://www.ietf.org/rfc/rfc4120.txt
  14. 14.
    Zhu, L., Leach, P., Jaganathan, K., Ingersoll, W.: The simple and protected generic security service application program interface (GSS-API) negotiation mechanism. RFC 4178 (Proposed Standard), Internet Engineering Task Force, October 2005. http://www.ietf.org/rfc/rfc4178.txt
  15. 15.
    Jaganathan, K., Zhu, L., Brezak, J.: SPNEGO-based Kerberos and NTLM HTTP authentication in microsoft windows. RFC 4559 (Informational), Internet Engineering Task Force, June 2006. http://www.ietf.org/rfc/rfc4559.txt
  16. 16.
    Hardt, D.: The OAuth 2.0 authorization framework. RFC 6749 (Proposed Standard), Internet Engineering Task Force, October 2012. http://www.ietf.org/rfc/rfc6749.txt
  17. 17.
    Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., Mortimore, C.: OpenID connect core 1.0. OpenID Foundation, Technical Specification v1.0 – Errata Set 1, November 2014. http://openid.net/specs/openid-connect-core-1_0.html
  18. 18.
    American Bar Association: An overview of identity management: submission for UNCITRAL commission 45th session. ABA Identity Management Legal Task Force, May 2012. http://meetings.abanet.org/ webupload/commupload/CL320041/relatedresources/ABA-Submission-to-UNCITRAL.pdf
  19. 19.
    OASIS: Glossary for the OASIS Security Assertion Markup Language (SAML) V2.0, March 2005. http://docs.oasis-open.org/security/saml/v2.0/samlglossary- 2.0-os.pdf
  20. 20.
    Hardjono, T., Maler, E., Machulak, M., Catalano, D.: User-Managed Access (UMA) Profile of OAuth2.0 – Specification Version 1.0, April 2015. https://docs.kantarainitiative.org/uma/rec-uma-core.html
  21. 21.
    Maler, E., Machulak, M., Richer, J.: User-Managed Access (UMA) 2.0, January 2017. https://docs.kantarainitiative.org/uma/ed/uma-core-2.0-10.html
  22. 22.
    Lizar, M., Turner, D.: Consent Receipt Specification Version 1.0, March 2017. https://kantarainitiative.org/confluence/display/infosharing/Home
  23. 23.
    Cameron, K.: The Laws of Identity (2004). http://www.identityblog.com/stories/2004/12/09/thelaws.html
  24. 24.
    Cavoukian, A.: 7 laws of identity - the case for privacy-embedded laws of identity in the digital age. Office of the Information and Privacy Commissioner of Ontario, Canada, Technical report, October 2006. http://www.ipc.on.ca/index.asp?navid=46&fid1=470
  25. 25.
    de Montjoye, Y.A., Quoidbach, J., Robic, F., Pentland, A.: Predicting personality using novel mobile phone-based metrics. In: Social Computing, Behavioral-Cultural Modeling and Prediction, LCNS, vol. 7812, pp. 48–55. Springer (2013)Google Scholar
  26. 26.
    Pentland, A.: Saving big data from itself. Sci. Am., 65–68 (2014)Google Scholar
  27. 27.
    Hardjono, T., Seberry, J.: Strongboxes for electronic commerce. In: Proceedings of the Second USENIX Workshop on Electronic Commerce. USENIX Association, Berkeley (1996)Google Scholar
  28. 28.
    de Montjoye, Y.A., Shmueli, E., Wang, S., Pentland, A.: openPDS: protecting the privacy of metadata through SafeAnswers. PLoS ONE 9(7), 13–18 (2014).  https://doi.org/10.1371/journal.pone.0098790CrossRefGoogle Scholar
  29. 29.
    De Filippi, P., McCarthy, S.: Cloud computing: centralization and data sovereignty. Eur. J. Law Technol. 3(2) (2012). SSRN: https://ssrn.com/abstract=2167372
  30. 30.
    Zyskind, G., Nathan, O., Pentland, A.: Decentralizing privacy: using blockchain to protect personal data. In: Proceedings of the 2015 IEEE Security and Privacy Workshops. IEEE (2015)Google Scholar
  31. 31.
    Hardjono, T.: Decentralized service architecture for OAuth2.0. Internet Engineering Task Force, draft-hardjono-oauth-decentralized-00, February 2017. https://tools.ietf.org/html/draft-hardjono-oauth-decentralized-00
  32. 32.
    Frey, R., Hardjono, T., Smith, C., Erhardt, K., Pentland, A.: Secure sharing of geospatial wildlife data. In: Proceedings of the Fourth International ACM Workshop on Managing and Mining Enriched Geo-Spatial Data, GeoRich 2017, May 2017Google Scholar
  33. 33.
    DataPop: Data-Pop Alliance (2017). http://datapopalliance.org
  34. 34.
    Singh, V.K., Bozkaya, B., Pentland, A.: Money walks: implicit mobility behavior and financial well-being. PLOS ONE 10(8), 1–17 (2015).  https://doi.org/10.1371/journal.pone.0136628CrossRefGoogle Scholar
  35. 35.
    Makaay, E., Smedinghoff, T., Thibeau, D.: OpenID exchange: trust frameworks for identity systems, June 2017. http://www.openidentityexchange.org/wp-content/uploads/2017/06/OIX-White-Paper_Trust-Frameworks-for-Identity-Systems_Final.pdf
  36. 36.
    State of Virginia: Virginia Electronic Identity Management Act, VA Code 2.2-436 2.2-437; VA Code 59.1-550 59.1-555 March 2015. https://lis.virginia.gov/cgi-bin/legp604.exe?151+ful+CHAP0483
  37. 37.
    US General Services Administration: U.S. Federal Identity, Credential and Access Management (FICAM) Program (2013). http://info.idmanagement.gov
  38. 38.
    SAFE-BioPharma Association: SAFE-BioPharma FICAM Trust Framework Provider Approval Process (FICAM-TFPAP) (2016). https://www.safe-biopharma.org/SAFE_Trust_Framework.html
  39. 39.
    Adebayo, J., Kagal, L.: Iterative orthogonal feature projection for diagnosing bias in black-box models. In: Proceedings of 3rd Workshop on Fairness, Accountability, and Transparency in Machine Learning, New York, NY, USA, November 2016Google Scholar
  40. 40.
    Norton Rose Fulbright: Can smart contracts be legally binding contracts. Norton Rose Fulbright, Report, November 2016. http://www.nortonrosefulbright.com/knowledge/publications/144559/can-smart-contracts-be-legally-binding-contracts

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Connection Science and Media LabMassachusetts Institute of TechnologyCambridgeUSA

Personalised recommendations