Network Working Group J. Merrells Internet-Draft Sxip Identity Expires: September 2, 2006 March 2006 Digital Identity Exchange - Use Cases draft-merrells-use-cases-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 2, 2006. Copyright Notice Copyright (C) The Internet Society (2006). Abstract This document describes the motivating use cases for DIX, the Digital Identity Exchange protocol. Merrells Expires September 2, 2006 [Page 1] Internet-Draft Digital Identity Exchange - Use Cases March 2006 Table of Contents 1. Requirements notation . . . . . . . . . . . . . . . . . . . . 4 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. Browser Based Use Cases . . . . . . . . . . . . . . . . . . . 8 5.1. B1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5.2. B2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5.3. B3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5.4. B4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5.5. B5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 5.6. B6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.7. B7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.8. B8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.9. B9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.10. B10 . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.11. B11 . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.12. B12 . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.13. B13 . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.14. B14 . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.15. B15 . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 5.16. B16 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.17. B17 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.18. B18 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.19. B19 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.20. B20 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.21. B21 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.22. B22 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 5.23. B23 . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.24. B24 . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.25. B25 . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.26. B26 . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.27. B27 . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.28. B28 . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.29. B29 . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 5.30. B30 . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.31. B31 . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.32. B32 . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 5.33. B33 . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 6. Non Browser Based Use Cases . . . . . . . . . . . . . . . . . 14 6.1. NB1 - REST . . . . . . . . . . . . . . . . . . . . . . . . 14 6.2. NB2 . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 6.3. NB3 - WebDAV . . . . . . . . . . . . . . . . . . . . . . . 14 6.4. NB4 - AtomPub . . . . . . . . . . . . . . . . . . . . . . 14 6.5. NB5 - XCAP and SIMPLE . . . . . . . . . . . . . . . . . . 14 6.6. NB6 - CalDAV . . . . . . . . . . . . . . . . . . . . . . . 15 6.7. NB7 - IMAP/POP3 and CalDAV . . . . . . . . . . . . . . . . 15 Merrells Expires September 2, 2006 [Page 2] Internet-Draft Digital Identity Exchange - Use Cases March 2006 6.8. NB8 - RSS, Web, and CalDAV . . . . . . . . . . . . . . . . 15 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16 8. Security Considerations . . . . . . . . . . . . . . . . . . . 17 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 18 Intellectual Property and Copyright Statements . . . . . . . . . . 19 Merrells Expires September 2, 2006 [Page 3] Internet-Draft Digital Identity Exchange - Use Cases March 2006 1. Requirements notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. Merrells Expires September 2, 2006 [Page 4] Internet-Draft Digital Identity Exchange - Use Cases March 2006 2. Introduction The use cases below describe various scenarios for the Digital Identity Exchnage (DIX) protocol [dmd0]. Merrells Expires September 2, 2006 [Page 5] Internet-Draft Digital Identity Exchange - Use Cases March 2006 3. Goals The goals of the protocol are: Identity Information Exchange: The primary goal of any DIX protocol is to automate the exchange of Identity Information over the Internet. Ease of Adoption: Any DIX protocol must provide the lowest possible barriers to adoption to ensure wide-spread usage of the protocol. Internet Scale: Any DIX protocol must provide an Internet scale solution to identity information exchange. Privacy: Any DIX protocol must ensure that all aspects of user privacy can be maintained. Merrells Expires September 2, 2006 [Page 6] Internet-Draft Digital Identity Exchange - Use Cases March 2006 4. Definitions The following terms and their definitions are drawn from the lexicon of 'The Identity gang', a community of thought leaders in the user- centric digital identity space. [identitygang]. Digital Identity - The transmission of digital representation of a set of Claims made by one Party about itself or another Digital Subject, to one or more other Parties. Identity Agent - An agent acting on behalf of the user. Identifier - An identifying attribute for a set of attributes. Identity Data / Identity Information - A set of attributes. Claim - An assertion made by a Claimant of the value or values of one or more attributes of a Digital Subject, typically an assertion which is disputed or in doubt. Merrells Expires September 2, 2006 [Page 7] Internet-Draft Digital Identity Exchange - Use Cases March 2006 5. Browser Based Use Cases Some use cases are dependent upon others, so should be perused in order. Beth is our protagonist throughout; a typical Internet user, but she's a bit of a geek. 5.1. B1 Beth receives an email from a friend introducing her to a new website, geeknews.com, a techie news site. She wishes to sign up so that she can read some articles. She sees an IN button, which she clicks. Her identity agent displays a screen informing her that geeknews.com is requesting some data, her first name. She enters 'Beth' at the prompt, provides consent and the data is sent to the site. 5.2. B2 Beth browses to geekdate.com, she clicks an IN button. Her identity agent informs her that geekdate.com is requesting some data, her first name. Her agent already has this data. She provides consent and the data is sent to the site. 5.3. B3 Beth decides to create a profile at geekdate.com. She sees an IN button, which she clicks. Her identity agent displays a screen informing her that geekdate.com is requesting some data, an Identifier. She provides consent and the data is sent to the site. 5.4. B4 Beth decides to flesh out her profile at geekdate.com. Geekdate.com displays a registration form. One field requests a URL of a photo of her. Beside it is a SAVE button. She enters the URL and clicks the button. Her identity agent displays a screen informing her that this data item can be stored. She decides that she wants to be able to provide that data to other sites. She provides consent and the data is stored by her agent. 5.5. B5 Geeknews.com offers Beth the option to build up a readership preferences profile over time, the benefit being that the site will tailor its content to her interests. She decides to take up the offer, she sees an IN button, which she clicks. Her identity agent informs her that geeknews.com is requesting some data, an Identifier. She selects an existing identifier that represents a subset of her Merrells Expires September 2, 2006 [Page 8] Internet-Draft Digital Identity Exchange - Use Cases March 2006 identity, which is used for a subset of the sites she has a relationship with. She provides consent and the data is sent to the site. 5.6. B6 Geeknews.com offers Beth the option to build up a readership preferences profile over time, the benefit being that the site will tailor its content to her interests. She decides to take up the offer, she sees an IN button, which she clicks. Her identity agent informs her that geeknews.com is requesting some data, an Identifier. She selects an existing identifier that represents a subset of her identity, which is used for a subset of the sites she has a relationship with. She provides consent and the data is sent to the site. 5.7. B7 Beth wants to have multiple identifiers, for different aspects of herself, her personas. She wants to have a 'home' persona for identity data that she releases to her personal sites, such as geeknews.com. She wants to have a separate 'work' persona for identity data that she releases to work-related sites, such as helpdesk.com. She wants some of her identity data to be the same for her different personas, and other data to be different. 5.8. B8 [Assumptions: Beth has visited geeknews and geekdate before and has informed her identity agent that she consents to a relationship with them.] Beth starts her day with a strong coffee and a perusal of geeknews.com. She starts her computer and authenticates herself to the operating system. By that authentication mechanism she has also authenticated herself to her identity agent, as her vendor of that system has hooked it into the operating system's authentication system. She browses to geeknews.com and clicks the IN button and is directly shown the content, no further clicks. She then browses to geekdate.com, she clicks the IN button and is directly presented with her profile no further clicks. 5.9. B9 Beth's identity agent prompts her to provide a 'spoken name'. Using the multimedia capabilities of her computer she records her spoken name; an mp3 of her saying 'Beth'. She later browses to voicebox.com, which runs a voicemail service, she opts to create an account and the site requests some properties, amongst which is a request for her spoken name. She provides consent and the data is Merrells Expires September 2, 2006 [Page 9] Internet-Draft Digital Identity Exchange - Use Cases March 2006 sent to the site. 5.10. B10 Beth purchases a book from an online store, as she's checking out the store makes her an offer: 10% off for completion of a demographic survey. She's tempted, but how many data fields are there? One hundred! Too many to be worth the effort. But it happens to be commonly requested data, which she has already entered during previous exchanges with other sites. So, she completes the remaining fields, saving them to her identity agent for future reuse. She provides consent and the data is sent to the site. 5.11. B11 Beth has invested significant effort in building up a persona and reputation around a specific identifier, her 'home' identifier. But, she has become dissatisfied with her identity agent and so decides to switch vendors. She establishes the new agent and migrates her identity data from the old one to the new one. She then administers her identifier so that her new identity agent is authoritative for authentication and provision of identity data. 5.12. B12 Whilst in town Beth stops off at an Internet Cafe to check her email. She goes to her webmail account, which requires that she identity herself. Her Identity Agent prompts her for consent and provides her identifier so that she can gain access to her email. 5.13. B13 Beth visits a website that requests some identity information. Her Identity Agent warns her that satisfying the request would contravene her established privacy policy. 5.14. B14 Beth moves house, so she changes the home address information stored by her Identity Agent. Her Identity Agent offers to notify all relying parties to whom she has previously provided her home address. 5.15. B15 Beth is a frequent traveler on Galactic Air, whose site offers a claim of membership for use at affiliate sites. She acquires a membership claim, which her Identity Agent stores for her. Merrells Expires September 2, 2006 [Page 10] Internet-Draft Digital Identity Exchange - Use Cases March 2006 5.16. B16 Beth visits a Galactic Air affiliate site that provides discounted travel insurance for frequent travelers. She presents her Galactic Air membership claim and receives a discount. 5.17. B17 Beth visits a rental cars site. She opts out of the offered drivers insurance as she is covered by her travel insurance. To complete the booking the site requests a claim that she has valid insurance. Her identity agent is unable to satisfy the request so provides a list of suggested sources. Beth picks her insurance provider and her identity agent acquires the required claim and presents it to the rental car site. 5.18. B18 A couple of months later Beth books another trip. The travel site requests her claim of Galactic Air membership. Her identity agent finds that the claim has expired, so refreshes it by requesting an updated claim from galacticair.com. 5.19. B19 Beth leaves work and goes to the bus stop. Whilst waiting for the next bus home she uses her smart phone to browse geeknews.com. Her Identity Agent provides her with the same ease of browsing that she experiences on her work and home computers. 5.20. B20 Beth is ending her day at work. She leaves work and waits for the next bus home. Her friend calls and invites her to the movies. She uses her phone to browse to the movies.com to find out what's playing. The site requests her current location, which she consents to release via her Identity Agent. 5.21. B21 Beth signs up with a financial services site, BigPicture.com, which provides an aggregate view of her finances. She provides the site with agency rights over each of her existing bank accounts. 5.22. B22 Beth goes to an auction side, ibay.com. Her Identity Agent shows a signed graphic of ibay.com for releasing data. Beth knows that she's Merrells Expires September 2, 2006 [Page 11] Internet-Draft Digital Identity Exchange - Use Cases March 2006 dealing with ibay.com, and not an impostor. 5.23. B23 Beth visits her online bank, which requires the use of a strong authentication mechanism. She authenticates to her Identity Agent using a two-factor device indicated by the bank to be an acceptable mechanism. 5.24. B24 Adam uses a service to acquire a verified email claim. With it he can prove that he owns his email address, Adam@example.com, without having to go through a verification process. 5.25. B25 Beth gives her friend, Adam@example.com, access to her photos. Adam receives an email from Beth inviting him to view her photos. He goes to the site, which requests a verified email claim. He presents his claim and gains access to the photos Beth has published for him. 5.26. B26 Adam decides to create a profile at geekdate.com. geekdate.com requests an Identifier. He instructs his identity agent to create an identifier specific to his relationship with geekdate.com. 5.27. B27 Adam visits a site that requires that he prove he is over 21. He provides the site with a claim that he is over 21 from the government of his country of residence, gov.ca. The site is unable to find out who Adam is from gov.ca. 5.28. B28 Adam returns to the same site. He must again prove that he is over 21. He provides a claim, but the site cannot tell that it is Adam that has returned again to the site. 5.29. B29 Adam heavily frequents two gambling sites, goldenslots.com and luckydice.com. He uses the same identifier across both sites as he wants them to know he is the same person. Merrells Expires September 2, 2006 [Page 12] Internet-Draft Digital Identity Exchange - Use Cases March 2006 5.30. B30 Beth provides a claim from galacticair.com to many different websites. She wants all of the sites to know that she is the same person providing the claim, so she can receive a free flight at the end of the year. 5.31. B31 Beth's employer has partnered with a local university to provide it's staff with access to online courses. She signs up for some modules at the university admissions website acquiring an enrollment claim. She then browses to the computer science school website to sign up for an advanced programming course. The site requests claims that she is an employee, that she has previously completed some basic introdBtory modules, and that she has been enrolled. 5.32. B32 Beth is shopping online for a new laptop computer. She visits an online site that caters to recently graduated professionals. She selects a machine and investigates the lease options available. To work out the monthly payment the site requests some claims: A claim that she's an alumni of a university, so that the site can include an appropriately branded tote bag. A claim that she's a member of Galactic Air, so that she can be credited with airmiles for her purchase. And, a claim from a credit scoring agency that she has a 'good' credit rating. 5.33. B33 Beth is at home checking her work email, she has an email from a colleague assigning a customer support issue to her. The company help desk system is provided by helpdesk.com, an on-demand application provider. She clicks through a link in the email to the page that describes the issue. Helpdesk.com requests a claim that Beth is an employee of 'Nano Software Inc', which she provides from her Identity Agent, and she gains access to the page. Merrells Expires September 2, 2006 [Page 13] Internet-Draft Digital Identity Exchange - Use Cases March 2006 6. Non Browser Based Use Cases 6.1. NB1 - REST Beth wants to use QOPO.com for printing her pictures that are stored in flackr. She visits QOPO.com and her identity agent is instructed to acquire a token from flackr. Her Identity Agent retrieves the token from flackr and presents it to QOPO.com. QOPO.com passes the token over the REST based web service that flackr provides to retrieve her photos for printing. 6.2. NB2 Beth is a big fan of Rocky Gervas and listens to his podcast fanatically. The Rocky Gervas show recently started charging a small fee for the podcast. Her media player polls the podcast periodically. When polled the site requests a claim from Beth's Identity Agent asserting that Beth has paid for the podcast. Beth's Identity Agent retrieves the claim presents it to the site and the latest episode of The Rocky Gervas show is downloaded. 6.3. NB3 - WebDAV At work Beth uses her website editing software (a WebDAV client) to publish some company confidential content to their extranet. Beth is collaborating with Charles at another company, who requires access to the content. Beth configures the extranet to allow Charles access. Charles uses his website editing software (also a WebDAV client) to fetch the content. The extranet site requests identity information, which his client presents from his Identity agent, and he is able to edit the content. 6.4. NB4 - AtomPub Beth uses a blogging client (AtomPub) to both post content to her blog and to add comments on other people's blog postings. Her client uses her identity agent to associate identifying information (her blog url and favicon) with her comments. 6.5. NB5 - XCAP and SIMPLE Beth uses her instant messaging client (a SIMPLE client) to communicate with her friends. She uses her client to update her profile information (via XCAP), adding a new friend. Her client didn't need to authenticate to her XCAP server, as she had already authenticated herself to her identity agent. Merrells Expires September 2, 2006 [Page 14] Internet-Draft Digital Identity Exchange - Use Cases March 2006 6.6. NB6 - CalDAV Beth needs to arrange a conference call with Charles. She uses her calendaring software (a CalDAV client) to publish her free-busy time to Charles. Charles uses his calendaring software (also a CalDAV client) to fetch Beth's free-busy time. Beth's calendar publisher requests some identity information of Charle's client. It's provided from his identity agent and he is able to book a time for the call. 6.7. NB7 - IMAP/POP3 and CalDAV At work Beth uses both calendaring (CalDAV) and email (IMAP,POP3,SMTP) clients to manage her time and messages. Her identity agent authenticates her as owning the identifier that both clients use to identify her. In this way she need only authenticate once to her identity agent instead of twice, once to each client. 6.8. NB8 - RSS, Web, and CalDAV Beth works in a distributed workgroup collaborating with colleagues, individual contractors, and employees of partner companies. The calendaring information she has access to is available via CalDAV, RSS, and HTTP/HTML. Each of her software clients uses her identity agent to ensure she need only authenticate once, instead of once per client. Merrells Expires September 2, 2006 [Page 15] Internet-Draft Digital Identity Exchange - Use Cases March 2006 7. Acknowledgements The editor acknowledges the use case contributions made by Dick Hardt, Robert Yates, Lisa Dusseault and Laurie Rae. Merrells Expires September 2, 2006 [Page 16] Internet-Draft Digital Identity Exchange - Use Cases March 2006 8. Security Considerations None. 9. References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [dmd0] Merrells, J., "draft-merrells-dix-00.txt", March 2006. [identitygang] The Identity Gang, "http://identitygang.org/Lexicon", March 2006. Merrells Expires September 2, 2006 [Page 17] Internet-Draft Digital Identity Exchange - Use Cases March 2006 Author's Address John Merrells Sxip Identity 798 Beatty Street Vancouver, BC V6B 2M1 Canada Email: merrells@sxip.com URI: http://sxip.com/ Merrells Expires September 2, 2006 [Page 18] Internet-Draft Digital Identity Exchange - Use Cases March 2006 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Merrells Expires September 2, 2006 [Page 19]