Roles in an Identity Ecosystem


Summary

I created a diagram for another document trying to map out some roles in an identity ecosystem as a way of understanding them better. I'd thought share it here.

I created a diagram for another document trying to map out some roles in an identity ecosystem as a way of understanding them better. I'd thought share it here.

Roles in an Identity Ecosystem

I don't think this is complete by way of explaining the totality of interactions--these are just the ones that were obvious to me. If you have ideas or suggestions about things that ought to be here, leave a comment.

We often see roles for the identity provider and the relying party. This diagram also includes three other players:

  • Identity Discovery and Registration - provides an abstraction layer on identifiers to make them locationally independent and semantically consistent. This abstraction allows a user to switch identity providers without rebuilding all of their relying party, personal data, and identity verification relationships.
  • Verified Identity Distributors - provide services that proof identity attributes. For example, an identity verifier might send postcards to addresses given by a person with a code on them. When the user enters the code, they prove that they have access to mail addressed to that location.
  • Personal Data Providers - provide services that store, manage, access, aggregate, and distribute personal data on behalf of the user. This needn't be a single store of data. Multiple providers may be used for various purposes.

Of course, a single vendor may provide many of these services, or just a few. Paypal, for example, doesn't provide identities (you use an email address from someone else for that purpose) but they do verify identity attributes like street addresses.


Please leave comments using the Hypothes.is sidebar.