What’s the Big I.D.?

An identity is not a username and password.

Stop reading for a moment and let that marinate in your mind.

Like you, my identity was created the moment my parents named me, Cameron Evans (well, your parents probably didn’t name you Cameron.) At the same time, a lot of additional data was attached to my identity. For example, the date and time that I was born, the city and county that I was born, and my names of my parents. That initial bundle of information persists to this day as part of my identity. With the exception of my legal name, my identity can never be changed.  Over our lives we continue to accumulate more attributes to our identity.

As I grew up, additional bits of data were added to my identity (e.g. where I went to school; my street address of my childhood home; my birthdays incremented my age; and my diplomas.)  These attributes of identity are often used to create secrets for usernames and passwords.  Additionally, these attributes of identity give me access to new services.  My age gave me access to a driver’s license that gives me the authority to operate a motor vehicle.  Other benefits of identity and the age attribute are the right the vote, the ability to enter the armed services, the right to marry, the right smoke or drink, and even run for President of the United States.

All of these bits identity are part of our lives in the physical world. Since the birth of the Internet, we have been challenged to make the digital world comparable to the real world.  Thanks to some key investments made by Microsoft, we can make considerable progress.

Recently, I shared with the Microsoft Higher Education Advisory Group the progress Microsoft has made with the InCommon Federation on enabling Shibboleth-based Identity Federations.  This was welcomed news for our higher education colleagues. If you are outside of higher education, InCommon, Shibboleth or federated identity management (FIdM) may be an unfamiliar term.  I’ll attempt to use real-world analogs to explain some very technical issues.

As I explained in the opening, identity is established based on the claims on someone else. In our case, our parents establish the claim of our identity at birth.  That claim is then documented by a birth certificate that is archived by a trusted source, the local city or county.  If anyone ever needs to validate the claim of your birth, they don’t need to take your word or your parents for it.  They can go to the trusted source for the official record. Once the claim has been validated, you will be given access to whatever services or information is appropriate based on your validated, identity credentials.

Now, schools can create a digital certificate that establishes your identity and associates relevant bits of information about your identity with that record.   Like the local government agency is the trusted source for birth certificates, the school or university is the trusted source for your online identity certificate. This allows students and faculty to use a single ID to access services within and outside the university network with participating services.

This is a breakthrough moment and opens the door for federal agencies to connect with students and university researchers without the hassles of providing and managing identity credentials.  Schools and universities can collaborate online to create broad peer review communities and intellectual sharing.  Stay tuned to this space as we continue to make progress in this space.  Microsoft has made a very difficult problem easy and now we can open the floodgates to cross-organizational collaboration in new and relevant ways.