Roles in an Identity Ecosystem


Summary

I created a diagram for another document trying to map out some roles in an identity ecosystem as a way of understanding them better. I'd thought share it here.

I created a diagram for another document trying to map out some roles in an identity ecosystem as a way of understanding them better. I'd thought share it here.

Roles in an Identity Ecosystem

I don't think this is complete by way of explaining the totality of interactions--these are just the ones that were obvious to me. If you have ideas or suggestions about things that ought to be here, leave a comment.

We often see roles for the identity provider and the relying party. This diagram also includes three other players:

  • Identity Discovery and Registration - provides an abstraction layer on identifiers to make them locationally independent and semantically consistent. This abstraction allows a user to switch identity providers without rebuilding all of their relying party, personal data, and identity verification relationships.
  • Verified Identity Distributors - provide services that proof identity attributes. For example, an identity verifier might send postcards to addresses given by a person with a code on them. When the user enters the code, they prove that they have access to mail addressed to that location.
  • Personal Data Providers - provide services that store, manage, access, aggregate, and distribute personal data on behalf of the user. This needn't be a single store of data. Multiple providers may be used for various purposes.

Of course, a single vendor may provide many of these services, or just a few. Paypal, for example, doesn't provide identities (you use an email address from someone else for that purpose) but they do verify identity attributes like street addresses.