Tuesday, January 8, 2008

Digital Identity?

FEDi is mainly focused on managing digital identities and brokering them through trust relationships. So before going to more implementation details or architecture of FEDi project we have to know what is digital identity means. But I am not an identity expert to teach you about digital identity or how we going to represent real world identity on digital world. Here are some brief descriptions from several web sites about identity.

  • Wikipedia: Digital identity refers to the aspect of digital technology that is concerned with the mediation of people's experience of their own identity and the identity of other people and things. Digital identity also has another common usage as the digital representation of a set of claims made by one digital subject about itself or another digital subject.
  • Roger Clarke: An identity exists in the real world, not on disk drives. It is a presentation or role of some underlying entity. An entity may be a pallet full of cartons, or an artefact such as a computer, or a mobile phone; or a human being.
  • Identity Gang: A digital representation of a set of Claims made by one Party about itself or another Digital Subject.
  • An identity is the set of the properties of an entity that allows the entity to be distinguished from other entities.
  • Kim Cameron: In these pages, I’ll make it clear that digital identity can’t be confused with ”a unique identifier” like an SSN or a biometric like DNA. In fact, digital identity can often just convey that you are a member of some group, or possess some characteristic (for example, your profession, employer, citizenship, role or age). Similarly, it can indicate that you are the same person who visited a site previously - without conveying any personally identifying information.

Thursday, November 29, 2007

What is FEDi?

According to Wikipedia term "Federated Identity" has two general meanings:

  • The virtual reunion, or assembled identity, of a person's user information (or principal), stored across multiple distinct identity management systems. Data is joined together by use of the common token, usually the user name.
  • The process of a user's authentication across multiple IT systems or even organizations.
Consider following scenario of a traveler. The traveler is a flight passenger when he travel across countries using some airline service. He also could be a hotel guest. Another time he could be a customer who booking a car from car rental service.

In the traditional web application scenario, he will be login to airline reservation system and book a flight giving required information. Again he will login to other two systems separately to book a hotel and for rent a car. So every system must managed identity information of same user and this is a huge waste of resources. If these systems use a federated identity management system, they are agreed to mutually trust each others authentication of a user. Once a customer is authenticated to one system he can use that identity information for authenticating to other system which are in same federation.

In FEDi what we trying to do is implement WS-Trust, SAML and WS-Federation specifications on top of the Axis2/C and Rampart/C projects to solve the above identity management and service providing problem for web services.

FEDi will enable us to develop federation enabled web services for Axis2/C with Rampart/C module enabled. FEDi will used the available features in Axis2/C and Rampart/C.