DIM 2007

ACM CCS2007 Workshop on

Digital Identity Management

Discucssion Minutes

November 2, 2007, George Mason University, Fairfax, VA, USA

“Usability Issues for Identity Management”

1. Security protocols not intuitively understood by users
   • It is difficult for users to understand technical terms, e.g. SAML.
2. Reuse of network authentication for “seamless” service usage
3. Identities in the real world can be kept / delegated / trusted / linked. Online identities need to mirror this.
   • Dubious behaviors can be detected easily in the real world, but not in cyber space.
   • Delegation example: Ask a secretary to do something.
4. How to leverage existing devices such as mobile phones.
5. Humans lack the ability to discern between that which is to be trusted and that which is worthy of suspicious; from the Trojan war to modern phishing attacks, humans have shown a tendency to misevaluate trustworthy.
6. Users to machines is not 1-to-1
   • One to many, many to one, many to many
   • CardSpace is powerful. But how to use it in mobile phone?
7. As a company that stores identities, how do you protect the identities from being lost/ made public/ tampered with.
   • There are some regulations, e.g. SOX.
   • Trust mark, privacy mark on Web sites.
8. Legal / liability issues around identity/ delegation / reputation provider
9. Too much depend on the computer security but not visible? need to make what is uptake aware/visible
10. Delivery path? how research ideas can be used in practice. Via standardization? Open source? Any other alternatives?
11. 10 years from now
    • Identity information, reputation information -> bocome more important
    • Loosely coupled identities that can be used in different applications/services/systems
    • Many smart cards merged into one
    • Users have stronger control over identities, expressing intention rather than giving attention
      • Attention vs. intention
    • Everyone recognizes the importance of identitiy.