1 / 20

Early Virtual Worlds & Collaborative Spaces Business Applications

Trust and Identity In Virtual Worlds and Collaborative Spaces Anthony Nadalin, Distinguished Engineer, IBM. Early Virtual Worlds & Collaborative Spaces Business Applications. Collaboration and Events. Commerce. Education and Training. Emerging Business Applications.

logan-franklin
Download Presentation

Early Virtual Worlds & Collaborative Spaces Business Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trust and Identity In Virtual Worlds and Collaborative SpacesAnthony Nadalin, Distinguished Engineer, IBM

  2. Early Virtual Worlds & Collaborative Spaces Business Applications Collaboration and Events Commerce Education and Training Emerging Business Applications

  3. Trust and identity in Virtual worlds and collaborative spaces • Think: Wikipedia, Second Life • International: open to everybody with access to the Internet • Collaborative: free information sharing, user-created content • Social: users can establish relationships with other users • Everybody can participate – and bad guys can act anonymously • Unclear basis for trust in the information you find in Wikipedia • Insufficient accountability for inappropriate content in virtual worlds • We are in the early days of commercial exploitation of these technologies • Resembling situation with electronic mail and spam 10 years ago • Trust and identity are key to the success of collaborative space – either way • Issues around trust threaten the continued success of collaborative spaces • Sound trust and easy to use federated identities enable new services

  4. Some examples of issues around trust and identity • False Claims: http://en.wikipedia.org/wiki/Essjay_controversy • "... claimed to hold doctoral degrees in theology and canon law as a tenured professor at a private university, he was in fact a community college dropout from Kentucky." • Illegal Content/Behavior: http://www.theregister.co.uk/2007/02/21/dutch_demand_ban_on_virtual_child_porn/ • "... reports about adult players with child avatars soliciting (paid) sex." • Online Predators: http://www.cbsnews.com/stories/2007/03/13/tech/main2563414.shtml • “… one of a half-dozen documented cases this past year alone in which older men used such Internet sites to set up sexual encounters with minor girls in Connecticut." • Online Harressment and Bullying: http://doc.weblogs.com/2007/03/28#whatItIsnt • "... abruptly cancelled her appearance at the O'Reilly ETech conference in San Diego, after receiving threatening and sexually graphic messages that made her afraid to leave her house." • Reputation Fraud: http://www.msnbc.msn.com/id/17171372/ • "... eBay suspended accounts identified in the article, ... the forger merely moved the operation to another Internet auction site for a few months before returning to eBay, setting up new accounts and picking up where he left off."

  5. Collaborative spaces and virtual communities Multi-service Platforms 3D/Realtime Internet/MMOGs Common problem: Trust and Identity Social Computing Enterprise Customers & Governments *MMOG = Massive Multiplayer Online Game  

  6. What is new, compared to 10 years ago? • History • Public key infrastructure (X509v3, SPKI, PGP, …), digital signature initiatives – late 90’s • Microsoft Passport (= Windows Live ID) – 2000 • Liberty Alliance – 2001 • What changed? • Awareness for the role of digital identity • Post-9/11 security concerns • High-profile privacy incidents – e.g., TJX: lost 45.7 million payment card numbers • Identity theft – 3.7% of all US citizens were victims of fraud due to identity theft • More valuable data online, e.g., healthcare portals • Value • Increasing value of identity per se: more and better services • Increasing value of portable identity: Web 2.0 connects people and data across enterprise boundaries • Increasing demand for user-centric, portable, life-long identity, and reputation • Increasing demand for strongidentity

  7. Scenarios 1. Trusted Content 2. Trusted Collaboration 3. Trusted Roaming 4. Trusted Delegation 5. Trusted Aggregation

  8. Scenario 1: Trusted Content • Can I trust this content? • Is this content correct? • Is this content authorized? • Is this content appropriate for me? • What is the creator’s reputation? • Can I trust this collaborative space? • Is all content correct? • Is all content authorized? • Is all content appropriate for me? • What is the creator’s reputation?

  9. Scenario 2: Trusted Collaboration Patrick Paul psmith@acme.com pauls@yahoo.com Request freetime • How can Patrick locate Paul’s calendar? • Can Paul trust this request? • Is this request legitimate? • Who is this requestor?

  10. Scenario 3: Trusted Roaming I do have an avatar in Second Life I want to see what World of Warcraft is about • I want to stand in SL look over the bridge into WoW • I want to go from “left” to “right” • And both with a minimum of overhead – no new registration, no new avatar design, no new reputation

  11. Scenario 4: Trusted Delegation Give Alice the right to see Bob’s images • How can Bob trust that only Alice sees the pictures, and how can he maintain control over the pictures? • How can Bob avoid telling the service who Alice is?

  12. Bank Health Insur. Aggregator Employer Scenario 5: Trusted Aggregation

  13. Scenarios • Interoperability of trust and identity systems • User-centricity, transparency, choice • Privacy and pseudonymity • Reputation of users and spaces • Cross-platform capability

  14. State of the Art

  15. Some Remarks on Policy • Identity • Online identities are essentially unregulated • Risk associated with using online identities is growing, number of high profile incidents will increase • Identity theft, e-banking, healthcare portals, reputation on eBay, … • Needed: best practices for trust and identity • Privacy • Privacy is a top concern for individuals • Similar privacy concerns and privacy regulations exist world-wide • Current privacy principles (OECD) seemingly collide with Web 2.0 paradigm: minimize vs. maximize info sharing • Needed: new societal norms and best practices

  16. Identity Technology • Status quo • Site-specific username / password • Low security, vulnerable to phishing, password management up to user • Application-specific identity • Sharing of identity information only within defined federations • Trends • User-centric identity • User controls release of identities and attributes • Decoupling of user’s from service provider’s view • Framework provides unified, abstract view on a multitude of specific identity systems • Security beyond username / password • Username / password  tokens containing identity claims • Framework approach enables strong mutual client-server authentication • Federated identity, portable identity in Web 2.0 • Lightweight, decentralized identity provider for single sign-on • Fine-grained, user-controlled attribute sharing with privacy

  17. Digital Identity Reputation Technology Summary of actual past behavior, by service provider Peer reviews portable specific Trust in specific attribute or future behavior?  Background check against external data Real identity Identity Verification, Identity Proofing = Strong Identity

  18. Outlook

  19.  IBM GIO 2006 On average: 20 20% growth/year BBC 2007 Technology Outlook 2. Future of Identity 1. Future of Identification • Life-long personal identities • People act as “free agents” who manage their digital identities and capabilities independently of their current “employers” or “schools” • Identities and attributes become independent from identity providers, and can be freely moved between providers • Some will stay for a user’s whole life, and need special protection • Strong identity proofing • Biometrics increasingly used to prove and authenticate identities • Online identity increasingly established through physical world identities 4. Future of Identity Systems 3. Future of Virtual Reality • User-centric, transparent identity management • Service-specific identities are managed transparently • User can create as many identities as he or she wishes • User maintains full control over his or her privacy (e.g., pseudonyms) • Access to identities is secured through strong authentication • Privacy friendly service discovery and search will emerge • Portable identities • Immersive user interfaces yield rich identities and complex attributes and capabilities • Users expect to carry their rich identities from one space (application) to the next

  20. AneComm 2008presentation –http://eCommMedia.comfor more

More Related