Building privacy and accessibility
Figuring out attributes in the identity ecosystem isn’t as easy as one would think. “What’s out there in terms of attributes is wily and woolly and we’re not sure what market forces will move us to standardization,” says Kenneth Klingenstein, director of Middleware for Internet2.
Internet2 is zeroing in on a handful of areas in the ID ecosystem, with attributes at the core of the effort. But there are other major areas of work that the organization is tackling:
- The Global Public Inclusive Infrastructure (GPII) will help ensure that individuals with accessibility barriers – due to disability, literacy, digital literacy or aging – can access and use the Internet regardless of economic resources.
- A privacy manager will enable consumers to have control over their attributes
- Multi-factor authentication policies will help govern the use these technologies
- Anonymous credentials will enable a user to be anonymous and unobservable
On the attribute front, Internet2 is working to define common attributes and create an attribute registry. The problem now is that attributes are used in different ways, Klingenstein says. Even the mobile phone number and name – the most commonly used attributes – aren’t used in a consistent manner, he explains.
Internet2 set up a SAML gateway that looked at what attributes social networks were sending to relying parties and found that the information being sent wasn’t consistent. “What the ID providers from the social side are sending is all over the board,” Klingenstein says.
The GPII work is an area that has been neglected, Klingenstein says. In the pilot applications, user preferences – including information on the individual’s accessibility barriers – will be stored and accessed securely in an online repository. These barriers will govern the selection of which authentication method to present to the individual.
Internet2 is working on a privacy manager with Carnegie Mellon University, Klingenstein says. Research has shown that more than 90% of social network users don’t know what information is being given or released, and furthermore, they don’t how to change it.
The privacy manger is a virtual console to help individuals manage the release of attributes enabling them to leverage trust, informed consent and preferences across a variety of contexts and credential types.
“You can start to see these tools in the consumer marketplace but they’re hostile in terms of usability because consumer identity providers want to make money off of identities,” Klingenstein explains.
Multi-factor authentication is another research area for Internet2. There are clear advantages to using multi-factor with federated identity, and combining the two with single-sign on can enable multi-factor authentication across service providers.
There are wide-scale rollouts of multi-factor authentication technologies planned at the Massachusetts Institute of Technology, the University of Texas School System and University of Utah. In addition, 25 institutions across the country will collaborate to share experience related to multi-factor technologies.
The pilots are exploring problems with multi-factor technologies. “Multi-factor authentication fails more than usernames and passwords,” he says. Thus, policies to deal with these failures are important. “You need policy alternatives that would enable a step down,” Klingenstein says. “There’s not elegant answer but there needs to be procedural options.”
The last focus area is also the toughest: anonymous credentials, Klingenstein says. “A host of stabs have been made at this in the past 10 to 12 years,” he explains.
These credentials would be issued by attribute authorities and allow for minimal attribute disclosure, for example over or under the legal age; graduate of university in a certain year; resident; first-responder certifications; etc.
These credentials would also be tamper-proof and unobservable. Brown University is leading the work on this project and is looking at several pilots that will integrate the anonymous credentials in different ways.
Their work on anonymous credentials has, thus far, produced some revelations. First, they’re a poorly named technology because they can provide identity information with user consent, allowing for minimal disclosure of attributes. There are also alternative approaches that use similar phrases such as “zero-knowledge.”
In the next year, Internet2 is scheduled to deliver materials guiding two-factor authentication; citizen-centric attribute activities; a next-generation privacy manager; and anonymous credentials.