Early Virtual Worlds & Collaborative Spaces Business Applications
-
Upload
logan-franklin -
Category
Documents
-
view
28 -
download
2
description
Transcript of Early Virtual Worlds & Collaborative Spaces Business Applications
Trust and Identity In Virtual Worlds and
Collaborative SpacesAnthony Nadalin, Distinguished Engineer, IBM
Early Virtual Worlds & Collaborative Spaces Business Applications
Commerce
Collaboration and Events
Education and Training
Emerging Business Applications
Trust and identity in Virtual worlds and collaborative spaces
• Think: Wikipedia, Second Life• International: open to everybody with access to the Internet• Collaborative: free information sharing, user-created content• Social: users can establish relationships with other users
• Everybody can participate – and bad guys can act anonymously
• Unclear basis for trust in the information you find in Wikipedia• Insufficient accountability for inappropriate content in virtual worlds
• We are in the early days of commercial exploitation of these technologies
• Resembling situation with electronic mail and spam 10 years ago
• Trust and identity are key to the success of collaborative space – either way
• Issues around trust threaten the continued success of collaborative spaces
• Sound trust and easy to use federated identities enable new services
Some examples of issues around trust and identity
Online Predators: http://www.cbsnews.com/stories/2007/03/13/tech/main2563414.shtml
“… one of a half-dozen documented cases this past year alone in which older men used such Internet sites to set up sexual encounters with minor girls in Connecticut."
Illegal Content/Behavior: http://www.theregister.co.uk/2007/02/21/dutch_demand_ban_on_virtual_child_porn/
"... reports about adult players with child avatars soliciting (paid) sex."
Online Harressment and Bullying: http://doc.weblogs.com/2007/03/28#whatItIsnt
"... abruptly cancelled her appearance at the O'Reilly ETech conference in San Diego, after receiving threatening and sexually graphic messages that made her afraid to leave her house."
Reputation Fraud: http://www.msnbc.msn.com/id/17171372/
"... eBay suspended accounts identified in the article, ... the forger merely moved the operation to another Internet auction site for a few months before returning to eBay, setting up new accounts and picking up where he left off."
False Claims: http://en.wikipedia.org/wiki/Essjay_controversy
"... claimed to hold doctoral degrees in theology and canon law as a tenured professor at a private university, he was in fact a community college dropout from Kentucky."
Collaborative spaces and virtual communities
*MMOG = Massive Multiplayer Online Game
Multi-service
Platforms
Social Computing
3D/Realtime Internet/MMOGs
Common problem:Trust and Identity
Enterprise Customers & Governments
What is new, compared to 10 years ago?
• History
• Public key infrastructure (X509v3, SPKI, PGP, …), digital signature initiatives – late 90’s
• Microsoft Passport (= Windows Live ID) – 2000
• Liberty Alliance – 2001
• What changed?
• Awareness for the role of digital identity
• Post-9/11 security concerns
• High-profile privacy incidents – e.g., TJX: lost 45.7 million payment card numbers
• Identity theft – 3.7% of all US citizens were victims of fraud due to identity theft
• More valuable data online, e.g., healthcare portals
• Value
• Increasing value of identity per se: more and better services
• Increasing value of portable identity: Web 2.0 connects people and data across enterprise boundaries
• Increasing demand for user-centric, portable, life-long identity, and reputation
• Increasing demand for strong identity
Scenarios
1. Trusted Content2. Trusted Collaboration3. Trusted Roaming4. Trusted Delegation5. Trusted Aggregation
Scenario 1: Trusted Content
Can I trust this collaborative space? Is all content correct? Is all content authorized? Is all content appropriate for me? What is the creator’s reputation?
Can I trust this content? Is this content correct? Is this content authorized? Is this content appropriate for me? What is the creator’s reputation?
Scenario 2: Trusted Collaboration
[email protected] [email protected]
Request freetime
• How can Patrick locate Paul’s calendar?• Can Paul trust this request? Is this request legitimate? Who is this requestor?
Patrick Paul
Scenario 3: Trusted Roaming
I want to see what World of Warcraft is about
I want to stand in SL look over the bridge into WoW I want to go from “left” to “right” And both with a minimum of overhead – no new registration, no
new avatar design, no new reputation
I do have an avatar in Second Life
Scenario 4: Trusted Delegation
Give Alice the right to see Bob’s images
How can Bob trust that only Alice sees the pictures, and how can he maintain control over the pictures?
How can Bob avoid telling the service who Alice is?
ScenariosSpecific Scenario
1. Trusted Content
Trust in correctness and appropriateness of specific / of all objects in a collaborative space (e.g., Wikipedia, Second Life).
2. Trusted Collaboration
Enable freetime-based scheduling of meetings across calendars in different enterprises, using different identity schemes.
3. Trusted Roaming
Cross bridges from one virtual world to the other, carrying your identity (avatar, attributes, reputation) with you
4. Trusted Delegation
Give your friend access to your digital photos without the fear that the photo server knows who your friends are, or that your friends share your photos with others.
5. Trusted Aggregation
Aggregate personal information through a portal, without fear of misuse or fear of identity theft, but with the added value of non-trivial aggregation.
Interoperability of trust and identity systems
User-centricity, transparency, choice
Privacy and pseudonymity Reputation of users and
spaces Cross-platform capability
Some Remarks on Policy
• Identity• Online identities are essentially unregulated• Risk associated with using online identities is growing, number of
high profile incidents will increase
• Identity theft, e-banking, healthcare portals, reputation on eBay, …
• Needed: best practices for trust and identity
• Privacy• Privacy is a top concern for individuals• Similar privacy concerns and privacy regulations exist world-wide• Current privacy principles (OECD) seemingly collide with Web 2.0
paradigm: minimize vs. maximize info sharing• Needed: new societal norms and best practices
Identity Technology
• Status quo• Site-specific username / password
• Low security, vulnerable to phishing, password management up to user• Application-specific identity
• Sharing of identity information only within defined federations
• Trends• User-centric identity
• User controls release of identities and attributes• Decoupling of user’s from service provider’s view• Framework provides unified, abstract view on a multitude of specific identity
systems• Security beyond username / password
• Username / password tokens containing identity claims• Framework approach enables strong mutual client-server authentication
• Federated identity, portable identity in Web 2.0• Lightweight, decentralized identity provider for single sign-on• Fine-grained, user-controlled attribute sharing with privacy
Reputation Technology
Digital Identity
Summary of actual past behavior, by service
provider
Real identityBackground check
against external data
Peer reviews
portable
specific
Identity Verification, Identity Proofing= Strong Identity
Trust in specific attribute or future behavior?
3. Future of Virtual Reality
4. Future of Identity Systems
User-centric, transparent identity management
Service-specific identities are managed transparently
User can create as many identities as he or she wishes
User maintains full control over his or her privacy (e.g., pseudonyms)
Access to identities is secured through strong authentication
Privacy friendly service discovery and search will emerge
Portable identities Immersive user
interfaces yield rich identities and complex attributes and capabilities
Users expect to carry their rich identities from one space (application) to the next
2. Future of Identity
Life-long personal identities People act as “free agents” who
manage their digital identities and capabilities independently of their current “employers” or “schools”
Identities and attributes become independent from identity providers, and can be freely moved between providers
Some will stay for a user’s whole life, and need special protection
1. Future of IdentificationStrong identity proofing
Biometrics increasingly used to prove and authenticate identities
Online identity increasingly established through physical world identities
0
20
40
60
80
100
120
140
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
BBC 2007
On average: 2020% growth/year
IBM GIO 2006
Technology Outlook