Learning Digital Identity Phillip J. Windley

Spis treści książki

• Foreword
• Preface
  • Who Is This Book For?
  • Conventions Used in This Book
  • OReilly Online Learning
  • How to Contact Us
  • Acknowledgments
  • Credits
  • In Memoriam
• 1. The Nature of Identity
  • A Bundle of Sticks?
  • Identity Is Bigger Than You Think
  • No Universal Identity Systems
  • The Road Ahead
• 2. Defining Digital Identity
  • The Language of Digital Identity
  • Identity Scenarios in the Physical World
  • Identity, Security, and Privacy
  • Digital Identity Perspectives
    • Tiers of Identity
    • Locus of Control
  • Reimagining Decentralized and Distributed
  • A Common Language
• 3. The Problems of Digital Identity
  • Tacit Knowledge and the Physical World
  • The Proximity Problem
  • The Autonomy Problem
  • The Flexibility Problem
  • The Consent Problem
  • The Privacy Problem
  • The (Lack of) Anonymity Problem
  • The Interoperability Problem
  • The Scale Problem
  • Solving the Problems
• 4. The Laws of Digital Identity
  • An Identity Metasystem
  • The Laws of Identity
    • User Control and Consent
    • Minimal Disclosure for a Constrained Use
    • Justifiable Parties
    • Directed Identity
    • Pluralism of Operators and Technologies
    • Human Integration
    • Consistent Experience Across Contexts
  • Fixing the Problems of Identity
• 5. Relationships and Identity
  • Identity Niches
  • Relationship Integrity
  • Relationship Life Span
    • Anonymity and Pseudonymity
    • Fluid Multi-Pseudonymity
  • Relationship Utility
  • Transactional and Interactional Relationships
  • Promoting Rich Relationships
• 6. The Digital Relationship Lifecycle
  • Discovering
  • Co-Creating
  • Propagating
  • Using
  • Updating or Changing
  • Terminating
  • Lifecycle Planning
• 7. Trust, Confidence, and Risk
  • Risk and Vulnerability
  • Fidelity and Provenance
  • Trust Frameworks
  • The Nature of Trust
  • Coherence and Social Systems
  • Trust, Confidence, and Coherence
• 8. Privacy
  • What Is Privacy?
    • Communications Privacy and Confidentiality
    • Information Privacy
    • Transactional Privacy
  • Correlation
  • Privacy, Authenticity, and Confidentiality
  • Functional Privacy
  • Privacy by Design
    • Principle 1: Proactive Not Reactive; Preventive Not Remedial
    • Principle 2: Privacy as the Default Setting
    • Principle 3: Privacy Embedded into Design
    • Principle 4: Full FunctionalityPositive-Sum, Not Zero-Sum
    • Principle 5: End-to-End SecurityFull Lifecycle Protection
    • Principle 6: Visibility and TransparencyKeep It Open
    • Principle 7: Respect for User PrivacyKeep It User-Centric
  • Privacy Regulations
    • General Data Protection Regulation
    • California Consumer Privacy Act
    • Other Regulatory Efforts
  • The Time Value and Time Cost of Privacy
  • Surveillance Capitalism and Web 2.0
  • Privacy and Laws of Identity
• 9. Integrity, Nonrepudiation, and Confidentiality
  • Cryptography
    • Secret Key Cryptography
    • Public-Key Cryptography
    • Hybrid Key Systems
    • Public-Key Cryptosystem Algorithms
    • Key Generation
    • Key Management
  • Message Digests and Hashes
  • Digital Signatures
  • Digital Certificates
    • Certificate Authorities
    • Certificate Revocation Lists
    • Public-Key Infrastructures
  • Zero-Knowledge Proofs
    • ZKP Systems
    • Noninteractive ZKPs
  • Blockchain Basics
    • Decentralized Consensus
    • Byzantine Failure and Sybil Attacks
    • Building a Blockchain
      • Problem 1: Sending money
      • Problem 2: Uniquely identifying coins
      • Problem 3: Distributing the bank
      • Problem 4: Preventing double spending
      • Problem 5: Stopping network hijacking
      • Problem 6: Ordering transactions and handling disagreements
    • Other Ways of Countering Sybil Attacks
    • Classifying Blockchains
    • Should You Use a Blockchain?
  • The Limitations of PKI
• 10. Names, Identifiers, and Discovery
  • Utah.gov: A Use Case in Naming and Directories
  • Naming
    • Namespaces
    • Identifiers
      • Uniform Resource Identifiers: A universal namespace
      • Cool URIs dont change
      • Uniform Resource Names
    • Zookos Triangle
  • Discovery
    • Directories
      • Directories are not databases
      • LDAP
    • Domain Name System
    • WebFinger
  • Heterarchical Directories
    • Personal Directories and Introductions
    • Distributed Hash Tables
    • Using Blockchains for Discovery
  • Discovery Is Key
• 11. Authentication and Relationship Integrity
  • Enrollment
    • Identity Proofing
    • Biometric Collection
    • Attribute Collection
  • Authentication Factors
    • Knowledge Factor: Something You Know
    • Possession Factor: Something You Have
    • Inherence Factor: Something You Are
    • Behavior Factor: Something You Do
    • Location Factor: Somewhere You Are
    • Temporal Factor: Some Time Youre In
  • Authentication Methods
    • Identifier Only
    • Identifier and Authentication Factors
      • Passwords
      • Password management
      • Password reset
      • Biometric factors
    • Challenge-Response Systems
      • Digital certificates and challenge-response
      • FIDO authentication
    • Token-Based Authentication
  • Classifying Authentication Strength
    • The Authentication Pyramid
    • Authentication Assurance Levels
  • Account Recovery
  • Authentication System Properties
    • Practicality
    • Appropriate Level of Security
    • Locational Transparency
    • Integrable and Flexible
    • Appropriate Level of Privacy
    • Reliability
    • Auditability
    • Manageability
    • Federation Support
  • Authentication Preserves Relationship Integrity
• 12. Access Control and Relationship Utility
  • Policy First
    • Responsibility
    • Principle of Least Privilege
    • Accountability Scales Better Than Enforcement
  • Authorization Patterns
    • Mandatory and Discretionary Access Control
    • User-Based Permission Systems
    • Access Control Lists
    • Role-Based Access Control
    • Attribute- and Policy-Based Access Control
  • Abstract Authorization Architectures
  • Representing and Managing Access Control Policies
  • Handling Complex Policy Sets
  • Digital Certificates and Access Control
  • Maintaining Proper Boundaries
• 13. Federated IdentityLeveraging Strong Relationships
  • The Nature of Federated Identity
  • SSO Versus Federation
  • Federation in the Credit Card Industry
  • Three Federation Patterns
    • Pattern 1: Ad Hoc Federation
    • Pattern 2: Hub-and-Spoke Federation
    • Pattern 3: Identity Federation Network
      • A secure, protected environment
      • Identity networks are more complicated than financial networks
  • Addressing the Problem of Trust
  • Network Effects and Digital Identity Management
  • Federation Methods and Standards
    • SAML
    • SAML Authentication Flow
    • SCIM
    • OAuth
      • OAuth basics
      • Getting a token
      • Refresh tokens
      • OAuth scopes
      • Using a token
    • OpenID Connect
  • Governing Federation
  • Networked Federation Wins
• 14. Cryptographic Identifiers
  • The Problem with Email-Based Identifiers
  • Decentralized Identifiers
    • DID Properties
    • DID Syntax
    • DID Resolution
    • DID Documents
    • Indirection and Key Rotation
  • Autonomic Identifiers
    • Self-Certification
    • Peer DIDs
      • Benefits of peer DIDs
      • Making peer DIDs trustworthy
      • Peer DID authentication and authorization
    • Key Event Receipt Infrastructure
      • Self-certifying key event logs
      • Prerotation of keys
      • Delegation
      • The KERI DID Method
    • Other Autonomic Identifier Systems
  • Cryptographic Identifiers and the Laws of Identity
• 15. Verifiable Credentials
  • The Nature of Credentials
    • Roles in Credential Exchange
    • Credential Exchange Transfers Trust
  • Verifiable Credentials
  • Exchanging VCs
    • Issuing Credentials
    • Holding Credentials
    • Presenting Credentials
  • Credential Presentation Types
    • Full Credential Presentation
    • Derived Credential Presentation
      • ZKPs and credentials
      • Correlation and blinded identifiers
  • Answering Trust Questions
  • The Properties of Credential Exchange
  • VC Ecosystems
  • Alternatives to DIDs for VC Exchange
  • A Marketplace for Credentials
  • VCs Expand Identity Beyond Authn and Authz
• 16. Digital Identity Architectures
  • The Trust Basis for Identifiers
  • Identity Architectures
    • Administrative Architecture
    • Algorithmic Architecture
    • Autonomic Architecture
  • Algorithmic and Autonomic Identity in Practice
  • Comparing Identity Architectures
  • Power and Legitimacy
  • Hybrid Architectures
• 17. Authentic Digital Relationships
  • Administrative Identity Systems Create Anemic Relationships
  • Alternatives to Transactional Relationships
  • The Self-Sovereign Alternative
  • Supporting Authentic Relationships
    • Disintermediating Platforms
    • Digitizing Auto Accidents
  • Taking Our Rightful Place in the Digital Sphere
• 18. Identity Wallets and Agents
  • Identity Wallets
  • Platform Wallets
  • The Roles of Agents
  • Properties of Wallets and Agents
  • SSI Interaction Patterns
    • DID Authentication Pattern
    • Single-Party Credential Authorization Pattern
    • Multiparty Credential Authorization Pattern
    • Revisiting the Generalized Authentic Data Transfer Pattern
  • What If I Lose My Phone?
    • Step 1: Alice Revokes the Lost Agents Authorization
    • Step 2: Alice Rotates Her Relationship Keys
    • What Alice Has Protected
    • Protecting the Information in Alices Wallet
    • Censorship Resistance
  • Web3, Agents, and Digital Embodiment
• 19. Smart Identity Agents
  • Self-Sovereign Authority
    • Principles of Self-Sovereign Communication
    • Reciprocal Negotiated Accountability
  • DID-Based Communication
  • Exchanging DIDs
  • DIDComm Messaging
    • Properties of DIDComm Messaging
    • Message Formats
  • Protocological Power
    • Playing Tic-Tac-Toe
    • Protocols Beyond Credential Exchange
  • Smart Agents and the Future of the Internet
  • Operationalizing Digital Relationships
    • Multiple Smart Agents
    • Realizing the Smart Agent Vision
  • Digital Memories
• 20. Identity on the Internet of Things
  • Access Control for Devices
    • Using OAuth with Devices
    • OAuths Shortcomings for the IoT
      • Device limitations
      • Wheres the owner?
      • Magically working together
  • The CompuServe of Things
    • Online Services
    • Online 2.0: The Silos Strike Back
    • A Real, Open Internet of Things
  • Alternatives to the CompuServe of Things
  • The Self-Sovereign Internet of Things
    • DID Relationships for IoT
    • Use Case 1: Updating Firmware
    • Use Case 2: Proving Ownership
    • Use Case 3: Real Customer Service
  • Relationships in the SSIoT
    • Multiple Owners
    • Lending the Truck
    • Selling the Truck
  • Unlocking the SSIoT
• 21. Identity Policies
  • Policies and Standards
  • The Policy Stack
  • Attributes of a Good Identity Policy
  • Recording Decisions
  • Determining Policy Needs
    • Business-Inspired Projects and Processes
    • Security Considerations
    • Privacy Considerations
    • Information Governance
    • Meeting External Requirements
    • Feedback on Existing Policies
  • Writing Identity Policies
  • Policy Outline
  • The Policy Review Framework
  • Assessing Identity Policies
  • Enforcement
  • Procedures
  • Policy Completes the System
• 22. Governing Identity Ecosystems
  • Governing Administrative Identity Systems
  • Governing Autonomic Identity Systems
  • Governing Algorithmic Identity Systems
  • Governance in a Hybrid Identity Ecosystem
  • Governing Individual Identity Ecosystems
    • Credential Fidelity and Confidence
    • Credential Provenance and Trust
    • Domain-Specific Trust Frameworks
  • The Legitimacy of Identity Ecosystems
• 23. Generative Identity
  • A Tale of Two Metasystems
    • The Social Login Metasystem
    • The Self-Sovereign Identity Metasystem
  • Generativity
  • The Self-Sovereign Internet
    • Properties of the Self-Sovereign Internet
    • The Generativity of the Self-Sovereign Internet
      • Capacity for leverage
      • Adaptability
      • Ease of use
      • Accessibility
  • Generative Identity
    • The Generativity of Credential Exchange
      • Capacity for leverage
      • Adaptability
      • Ease of use
      • Accessibility
    • Self-Sovereign Identity and Generativity
  • Our Digital Future
• Index

pokaż cały spis treści

ukryj recenzje