Looking at the current online world, performing transactions as online banking, online shopping or communicating in social networks has become an inherent part of life. Hereby, personal, identity-related data plays a major role, since for many activities a service provider requires details about the identity of a user.
However, does a service provider always require our true identity? Often a service provider just needs to recognize a user on repeated visits in order to offer personalized services. Only if critical transactions are involved as for example in online banking transactions a service provider has to be sure that a user’s identity matches with the real-life identity.
In her talk, Ivonne Thomas presents her experiences with an SOA-based identity management solution at the Hasso-Plattner-Institute, which enables identity providers, service providers as well as end users to distinguish between verified digital identities and user-created identities (anonymous identities). At the core of the presented solution is an identity provider based on the Identity Metasystem and the notion of claims that has been extended to include trust-related identity meta information. In her talk, she shows how service providers can use this information to derive access control decisions according to the level of trust they require for a certain transaction.