De ‘Future of identity’ is de veel omvattende titel van een rapport dat we eind vorig jaar voor SURFnet hebben geschreven. Toch hebben we voor deze titel gekozen omdat het wel de lading dekt. We hebben namelijk, met hulp van velen vanuit de SURFnet achterban, SURFnet zelf en andere experts een studie gedaan welke value-adds SURFnet over 3 tot 5 jaar kan bieden op het gebied van digitale identiteiten. Hierbij hebben we gekeken naar nieuwe functionaliteiten voor hun vlaggeschip dienst voor identity federation (SURFconext), maar nadrukkelijk ook naar andere mogelijk value-adds gerelateerd aan digitale identiteiten.

Meer informatie is deze engelstalige en gezamenlijk blogpost met Remco Poortinga – van Wijnen van SURFnet (ook hieronder gekopieerd voor het gemak). En de extended summary is sinds gisteren te downloaden van de SURFnet website.

What is the future of Identity?

26 May ’14

Geplaatst door Remco Poortinga-van Wijnen onder Cloud, English, SURFconext

SURFnet provides different services related to digital identity, including the flagship SURFconext service which provides identity federation functionality: students and employees can use their account at their home organization to log in elsewhere in an easy and trusted manner. Although it seems clear that digital identity is ‘hot’ and that SURFnet provides value-add in the area of digital identity, the question is where the most potential value-add for SURFnet and its institutions is in this area.

Of course, predicting the future of identity is hard… At least, too hard for us to do it alone, so last year we involved different stakeholders and experts from within and outside higher education and research. We analyzed trends and uncertainties and organized different sessions to diverge and converge on the topics.

Highlights of the study

We highlight the main outcomes of the study below:

• Identity federation: here to stay and new features are needed – identity federation is a current flagship service for SURFnet. It will remain a value-add for SURFnet, and the study resulted in a list of possible new features to increase the value-add.
• eID stelsel NL: use, possibly interfederate but do not replace SURFconext – The eID Stelsel NL is a relatively new initiative from the Dutch government to integrate various eID solutions, including DigiD and eHerkenning. Even though it is not clear if, how, and when eID stelsel NL will become a reality, this is a potential major development in the Netherlands. The outcome of the study is that eID stelsel NL is unlikely to be a suitable replacement for SURFnet’s own identity federation in the coming 3 to 5 years. However, using eID stelsel NL for verification is an obvious opportunity, and inter-federation with SURFconext may be possible and useful.
• Identity-related technologies: which opportunities to select? – There are new technologies in various stages of maturity that SURFnet could use to create a value-add. Criteria, besides the obvious customer demand, are that i) technology is able to combine the – often contradicting – requirements of security, privacy and enablement/convenience and ii) if a technology can be deployed because of the combination of services that SURFnet offers, e.g., DNS and certificates. Technologies that came out of the study are:
  • Certificate pinning: DANE but possibly also others
  • Anonymous credential systems: go beyond smartcards and explore use-cases
  • Facilitate a trusted trail for (raw) research data
• Privacy: go beyond checklists, provide helpers and maybe services/software – SURFnet already works on privacy as a focus point, chiefly by empowering its customers by educating them on what they could, should, shouldn’t and must do. However, SURFnet could choose to do more than provide these checklists and reports, especially SURFnet can provide actual personnel to help its customers. A third possible value-add is to also provide privacy-related services. Whether or not to provide value-add beyond the current checklists, reports and education is mostly a strategic choice, and not only for SURF(net), but also for its customers.
• Rich & trusted attributes in a connected world: a new value-add for SURFnet – In a hyper-connected world there is much more value in personal information than the relatively ‘low level’ information exchange currently facilitated by SURFnet’s identity federation. The role of SURFnet could be to facilitate this by being a broker for this trusted exchange of rich attributes. In addition, there could be a role in defining and/or adopting standards relevant for research & education.

The result will help SURFnet and its institutions to prioritize the possible value-adds to pursue and where to invest innovation budgets, scoped to the area of digital identity and a period of 3-5 years.

More information

If you have interesting ideas or suggestions or would like to know more about the topics mentioned above, feel free to contact us.

We want to acknowledge the contributions of the different experts and stakeholders that participated in the study; the list is in the extended summary where you can also read more about the outcome of the study.

Remco Poortinga – van Wijnen (SURFnet) en Maarten Wegdam (InnoValor)