Hi folks - I'd like to test out a variation on the typical definition of 'identity'.

If it gets traction in this group, it could possibly be a way to express the "requirements" that this digital identity thing has of the blockchain and smart contracts capabilities (which is one way to view the mandate of the DG). You will probably notice a mash-up and blending of several different well-known concepts and definitions to try and adopt those aspects of the other representations (user-centric, VRM, OpenNotice/Consent/Information Sharing, myData, privacy principles, self-sovereign and many more)

tl;dr
By describing digital identity in terms of information records that may contain 'identity' information, we can talk about actors and services that use the information assets rather than a more abstract notion of identity as a right or embodied characteristic of an entity. NB: Other works can deal with credentials and authentication - this is not that - this is about the information itself.

So: I'd appreciate your observations and comments directly or to the list. I'm not really looking for word-smithing advice but rather: is the following a reasonable working definition? A secondary thought is: given the capabilities and features of blockchains and smart contracts, do the descriptions of 'self-sovereign' and 'administrative' identity information (records) lead to obvious and useful explorations of requirements?

I await the deluge of critical thought and advice ;-)

andrew.
===============

Digital Identity:

  • The identifiers, credentials and the credentials’ authenticators that an Entity uses to claim that they are the Subject of a Digital Identity Information Record.

  • The Digital Identity Information Records in any storage location.


There are many schools of thought about what a digital identity represents and the uses for digital identities. Each has a different taxonomy to describe the different types and characteristics of those identities.


The school of thought related to the personal data ecosystem, personal data stores, and self-sovereign identity (see Searls, Windley, Blakley, Cameron, et al) uses at least two major categories, paraphrased and expanded below:


Administrative identity information: labels used to keep track of entities, their information records and the services they use. These labels are controlled by the issuer. A common example today are email addresses used as login identifiers.


Self-sovereign identity information: information about the entity that is controlled by the entity and released on the authority of that entity. Self-sovereign identity information may include identifiers or attributes. Self-sovereign identity information can be used to assert facts about the self without subservience to a central authority.


Digital Identity Information Record:

  • The information records containing information about an Entity that can be used to attempt to identify or distinguish the Entity from other Entities in a population

    • The Digital Identity may or may not enable unique distinguishment of an Entity in a population

    • Can contain personal information, personally identifiable information, identity attribute information.

    • The record may also contain, secondarily, non-personal or non-identity information. It is uncommon to see ‘pure’ Digital Identity Information Records because the records contain information related to the purposes of the record holder. The main point being that the record has a direct association to the Entity.

    • Can also contain information about relationships and bindings


===============

Andrew Hughes CISM CISSP 
Independent Consultant
In Turn Information Management Consulting

o  +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8
AndrewHughes3000@gmail.com 
ca.linkedin.com/pub/andrew-hughes/a/58/682/
Identity Management | IT Governance | Information Security