615644 Data Warehousing

1
615-644 Data Warehousing
Week 7 Identity
2
Human Identity

• Human identity is the individuality and
  personality of a particular person and may be
  characterised by a number of properties of that
  person
• Intrinsic (DNA, retina scan, finger print )
• Descriptive (name, birthplace )
• Demographic (occupation, gender )
• Psychographic (interests, preferences )

3
Human Identity
Identities for a Person (adapted from Claub and
Kohntopp (2001) p20)
4
Human Identity Principles

• Locality Principle
• Identities are situated within contexts - a
  universal identifier makes little sense
• Reciprocity Principle
• Knowledge of identities is negotiated -
  relationships should be symmetrical and
  reciprocal
• Understanding Principle
• Identity serves as a basis for understanding in
  two-way trusting relationships

(Roussos et al. 2003)
5
Digital Identity

• Digital identity is the electronic representation
  of personal information of an individual or
  organisation (name, address, phone numbers,
  demographics etc.) (Roussos et al. 2003)
• Digital identity breaks from the constraints of
  everyday life allowing users to transcend the
  limits of the real world (Turkle 1995)

6
Digital Identity
Real World
Conceptual (abstract) Model
Digital Data
Entity Relationship Notation Entities
(Things) Attributes (Properties)
Digital Data Records (Entities) Data
Items (Attributes) Keys (Attributes)
Things Properties
DNA
Entifier data items
Person
DNA Name IQ
Customer Number
Identifier data items
Customer Number
Nym
A person - Intelligence
Person Role
Phone Preferences
Pseudonym data items
Anonym data items
IT Faculty Enquiries
7
Identity Management

• Identitymanagement systems aim to provide access
  and privileges to end users via authentication
  schemes
• Secure identity management systems provide
  support for the integration or federation of
  data, information and services from both the
  supply side (service providers) and the demand
  side (end users) (Clarke 2004)

8
Federated Identity Management

• The convergence of technologies and services
  results in users conducting a growing range of
  activities in digital environments.
• In order to provide seamless access across
  technologies and services federated systems have
  been introduced.
• Supported by multiple organizations federated
  systems allow identity and the ensuing
  entitlements to be portable across domains.
• Examples include Liberty Alliance, Ping Identity
  and Web Services Federation.

9
Federated Identity Management

• Benefits
• Streamlined, consolidated representation of
  digital data allowing the user to gather multiple
  identities together under one umbrella.
• Digital environments that are more easily
  traversable spaces

10
Federated Identity Management

• Problems
• Force users to provide personal details that are
  kept in one place and managed by a third party
• Fail users by discouraging the fragmentation of
  information Clarke (2004) and Roussos et
  al. (2003)

11
Key Issues with Identity and Identity Management

• Control and power
• Authentication
• Trust
• Security
• Privacy
• Multiple identities

12
1. Control and Power

• Who controls the creation and management of
  information about individuals?
• Identity management systems can control and
  monitor the exchange of information
• Multiple pseudonyms are often used by users to
  protect themselves
• Federated systems represent a tradeoff - personal
  information for convenience of consolidated
  digital identity - although Clarke (2004) notes
  that the true benefits are with the provider

13
2. Authentication

• A process by which confidence in some assertion
  is gained - eBusiness relies on authenticated
  transactions
• Anonyms and pseudonyms are frequently adequate
• Phases - pre-authentication, authentication,
  authorisation
• Clarke (2004) notes that pre-authentication is
  often weak, leading to accidental privacy

14
3. Trust

• Identity management is important for building
  trust relationships and for successful eBusiness
• However, there is a lack of trust between
  consumers and service providers (Roussos
  et al. 2003)
• Users need control over their personal data for
  trust to develop (Clarke 2004)
• Detailed information about customers is a
  valuable asset for many organisations, so
  developing trust is crucial

15
4. Security

• Security concerns un-authorised access to
  someones personal information
• Identity theft can lead to fraud and deception,
  obtaining benefits and services in another
  persons name
• Identity theft is the fastest growing type of
  electronic crime and the growth is expected to
  accelerate (Roussos et al. 2003)

16
5. Privacy

• Privacy relates to claims of individuals that
  information about themselves should generally not
  be available to other individuals or
  organisations
• Internet users are very concerned about their
  privacy (Koch and Worndl 2001)
• A balance needs to be achieved between effective
  governance, legal needs and national security
  with individual dignity and privacy (Clarke
  2004)

17
6. Multiple Identities

• Identities are situated within particular roles,
  relationships and communities
• People will have multiple, different and
  overlapping identities in different contexts
• A global or universal identifier therefore makes
  little sense (Roussos et al. 2003)
• However a global identifier may have benefits for
  some contexts - eg. Location, device type and
  network

18
Empirical Study

• User Perceptions of Identity Management systems
• Explores the gap between USER and PROVIDER
  perspectives of identity and identity management
  systems
• Empirical study involving interviews, focus
  groups and cultural probes with young
  professional users of ICT systems

19
Emerging Themes

• The need for multiple digital data sets that are
  moored to a central identifier
• The need for user control over these data sets

20
Need 1 - Multiple Data Sets Moored to a Central
Identifier

• Need for multiple identities
• the multiplicity that characterises real life
  identity extends into the digital world
• did NOT translate to the need for separate silos
  of data - needed mooring to a central identifier

You can fool the digital world by putting forth
different information, for example you can have a
hotmail address that actually isnt your name
I combine them (my different digital identities)
so that it is easier for me to understand in
terms of keeping it all together
21
Need 1 - Multiple Data Sets Moored to a Central
Identifier

• Users initially professed an ideological
  opposition to organizations compiling data about
  them
• In practice they are blasé about revealing
  information

Well at the end of the day as long as I dont
get someone knocking on my door I am not too
fussed about what they do with the information
22
Need 1 - Multiple Data Sets Moored to a Central
Identifier
I work a lot from home so Ive got everything in
both my phone and my computer and it is both
personal and professional all together and so it
definitely becomes a part of my identity
I could have a blanket agreement with one
organization to say that you are free to hold my
information almost like saying you are my agent
and therefore if you want to release that to
anybody else thats fine but please come to me
and ask for my authorisation and tell me what it
is about
23
Need 1 - Multiple Data Sets Moored to a Central
Identifier

• Federated systems acknowledge that people need
  multiple identities but still maintain the idea
  of an underlying single federated identity
• This is consistent with the user need for a
  diversity of data sets that part of a complete
  meta-identity

24
Need 2 - User Control Over Multiple Data Sets

• Users require different types of control in the
  three phases of the digital identity lifecycle
• Hatch
• Match
• Dispatch

25
Hatch Phase (Creation)

• Users did not mind organizations keeping records
  of personal details.
• With trusted partners there were few objections
  to this information being shared.
• Users resented not being able to access data to
  update details such as change of address.
• Digital identity needs to be a continually
  accurate representation of current state

26
Hatch Phase

• User Perspectives

I am in control of what others know about me
when I am the one providing them the information.
I lack control of what others know about me when
they obtain information from other areas
I couldnt update my personal information
because I didnt know the sourceI feel
vulnerable when people take the information away
from me and store it somewhere else
Providing and updating digital information can
be problematic
27
Hatch Phase

• Issues for identity management systems
• Federated identity management systems offer a
  synchronisation of change.
• Once information about a user has been updated
  the changes are applied to all the information.
• Federated systems are well positioned to meet
  this need.
• The issue lies with the willingness and/or the
  ability of the provider and organization to allow
  users access to their data

28
Match Phase (Context)

• Computer systems cannot always decide what
  information about the user is appropriate to
  reveal in the context of a specific activity or
  interaction
• Users want to disclose three levels of
  information
• Highly compartmentalized data sets
• Minimum disclosure (anonymity)
• Detailed personalized composites

29
Match Phase

• Highly compartmentalized data sets
• Compartmentalisation of information allows users
  to associate correct information to relevant data
• Prevalent divisions were between social,
  professional and personal identities

I separate or compartmentalise my personal
information when I feel the need to keep my part
of my personal life separate to my work, or my
social life
30
Match Phase

• Minimum disclosure (anonymity)
• Users need to eliminate features of their
  identity they do not want to reveal
• A user likened the need for digital anonymity to
  the need to walk down the street without telling
  each person you encountered your personal details

31
Match Phase

• Detailed personalized composites
• Digital disclosure can become more meaningful
  when elements of non-digital identity are
  incorporated
• The desire for anonymity was contrasted by the
  need to reveal highly personalized information

A user noted that although her homepage
restricted some personal information she took
particular pleasure in projecting her interests,
hobbies and opinions
32
Match Phase

• Issues for identity management systems
• Providers can capitalise on the ability of
  federated systems to facilitate the division of
  information
• The need for anonymity (or perceived anonymity)
  is one that federated systems are well suited to
  meet
• users can be given the power to suppress personal
  details when they choose.
• Using a single identifier allows interactions in
  digital environments that reveal little or none
  of the person's real life identity.
• Nyms can be used to achieve pseudonymity with
  information being recorded about a person that is
  only revealed in certain situations

33
Match Phase

• Issues for identity management systems
• The need to augment digital data with information
  that provides clues to what the person is like in
  real life is significant
• It challenges the traditional function of
  federated digital identity management systems as
  mechanisms whose primary role is to ensure
  security or anonymity
• A shift in focus in necessary to include a focus
  on not only what is restricted but what is
  revealed

34
Dispatch Phase (Termination)

• Lack of control was a concern in terms of what
  happens to information once it had been
  dispatched.
• Once information is revealed there is little or
  no control over the information, who gets access
  to it and for what purposes.
• This does NOT mean users are reluctant to supply
  their information to trusted companies like
  banks.
• A major concern was the ability to know to whom
  the trusted parties were supplying information

35
Dispatch Phase

• User perspective

It got to the point where I was getting over 100
emails a day of just rubbish. I was getting 100
Kmart and 2 Shop catalogues a day, every single
day and you have to empty it out and throw it in
the bin and of course you just dont have time,
no one has time in their day to read all these
things
36
Conclusion

• Failure to provide control results in the erosion
  of trust between users and providers and
  culminates in a culture of use where the user
  aims to suppress rather than reveal information.
• This means more than a failure to meet user
  needs. Not only is detailed information about the
  user a valuable asset - the growth of electronic
  commerce has been hindered by a lack of trust
  between consumers and service providers
• Ultimately, failure to provide control represents
  a loss for providers and organizations themselves

37
Conclusion

• User comment
• Designers and administrators of identity
  management systems have a significant
  opportunities and responsibilities

We have a life based on technology, so giving
access to everything is basically handing over
your life