Professional Documents
Culture Documents
Design Paper Spring2009
Design Paper Spring2009
Design Paper Spring2009
User Identity
Establishment, management, maintenance and representation of identity in
software systems
michael.corsello
4/11/2009
Abstract
The representation of identity in computer systems is the based upon the need to reference items
stored within the computer by some form of handle. The essence of identity is provided a handle, it is
possible to identify and access the specific item that handle identifies. To do this unambiguously with
confidence is complex. This paper discusses the concepts of identity, where it is used in computer
systems, issues in identity and some application schemes for identity usage in computational systems.
Michael Corsello Design Paper CSci 283 Computer Security
Introduction
An identity is simply a representation of some entity. More specifically, an identity is a logical name,
moniker or handle that represents a physical entity such as a person, user or file. In computer
applications, all entities within the computer environment have identities that must be unique to ensure
proper access.
Identity
The identity of an entity (the subject) is the handle used to represent the entity when the entity itself is
not available. This is always the case prior to accessing the entity itself. If a client wants to access a
specific entity, and that entity is “held” by another entity (the server), the client will identify the specific
entity it wants by providing the identity of the entity it is requesting. In order to perform this simple
The requesting client must know the appropriate identity for the entity it is requesting
The responding server must know the entity that identity “maps” to
The correspondence between the identity and the entity must be unique
It is quite important to note at this time that an identity is itself an entity in the context of a computer
system. In general, the identity may be used as an entity (such as a user account is both an entity and
Knowledge
The first aspect of identity is knowledge. A requestor of an entity must know the identity of that entity.
In basic human terms for a person to address another person, they must know that person’s name. The
A more subtle but important distinction in this scenario is that many people may share the same name,
but the requester simply knows the name of the person they want to speak with and do not know if or
who may also share that same name. This is the locality or localization of the identity space.
Universe of Discourse
When a client and server are communicating, they have an implied universe of discourse, or specific set
conversation.
Binding
The second aspect of identity is that of binding a physical entity to an identity. Each entity will have an
identity that is used as the handle for that entity. Additionally, there may be multiple identities used to
identify any specific entity. These identities may be specific to a client in that each client may have its
own identity for a given entity. This is one way to maintain anonymity or transparency of identity.
When an identity is bound to an entity, that binding is in some way shared to all clients that will use that
Of great importance to security is the binding of multiple items to a single identity. One identity may be
associated with a collection of entities in many ways. First, a given identity can resolve to an entity
which is itself an identity of another form, such as a user name serving as an identity for a user account
which is an entity also bound to a password identity. The pairing of both identity tokens of the
username and password can resolve to the specific user account which itself is an identity used
throughout a system.
Uniqueness
For a system to provide a reliable mechanism for resolving an identity to an entity, that identity must be
unique. The uniqueness of an identity is based upon a scope, and does not generally need to be
universally unique. For example, multiple people may share the same name but as long as everyone in
the room has a unique name all people can be referenced by their name unambiguously within the
The concept of scope is based upon the universe of discourse discussed previously. Each scope has a set
of identities logically contained within it. Those identities logically bind to the physical entities desired.
An example of this is the URL concept on the internet. Each web site is universally unique (the
www.mydomain.com portion), which defines the scope of the identity contained within the remainder
of the url (the actual resource identifier after the “/”). So, for the url:
http://www.mydomain.com/work/dogs/buster.html
The scope of the identity is www.mydomain.com, and the unique identity is work/dogs/buster.html. It
is a requirement that the identity of work/dogs/buster.html cannot resolve to more than one entity
within this scope. However, another scope may also use this identical identity for a specific resource.
Entities
The entities that must be identified within a computer system are subjects and include everything that
may be referenced including users, files, folders, permissions, roles, devices, connections and so on. The
concept of an entity in a computer system is naturally divided into scopes by the intent of the requestor.
It is natural in most areas of computer systems to “know” that a request for a file is distinct from a
request for a device. Therefore, the request itself (based upon the API serving the request) has a natural
scope. In this manner, the identity of each class of entity can be distinct based upon the API owning the
dictionary of bindings.
Identity Patterns
Each controlling server (or API) that deals with resolving identity may use its own identity pattern. For a
url, the pattern is a set of nested scopes separated by the “/” character overall represented as a textual
string. For the identity of a hardware device, it may be represented as a 32-bit unsigned integer for the
device appended to an 8-bit unsigned bus identifier. These patterns of identity are distinct based upon
the needs of the identity resolution process. In the case of the device identity within a system, there is
little need to authenticate or provide other security related identity protocols; the identity is purely a
handle for reference. In the case of user accounts, the identity of the account is merely a handle, but
the account as an entity must be secured by some secondary identity (such as a username/password)
that is bound to the account itself. This secondary identity is used for the authentication process to
Law of Identity
Logically speaking, the law of identity is defined by or that the identity A is identical to itself. This
is known as a tautology in discrete mathematics in that the identity is always true. This forms the basis
of the authentication process in which an identity A is compared to an identity claim A’. The identity
claim is compared to the identity, if the claim matches the identity, then the law of identity holds that
the claim is equivalent to the identity and the claimant therefore possesses the identity.
Unfortunately, this does not equate to the meaning of the identity in that the claimant only knows and
can reproduce the identity, and may or may not actual be the entity the identity represents. When the
identity is that of a user (say an username and password), the identity credential will authenticate that
the claimant produced an identity token that matches a known identity token thereby authenticating
the claimant only as having the knowledge of the token. This means that is Eve knows Bob’s identity
credential token (username and password), and then Eve can act as though she is Bob. The identity of
Eve will therefore be Bob and therefore Eve has stolen Bob’s identity (identity theft).
concept of identification in the real world. In terms of what a person thinks of as identification for a
human being, that would usually be a personal profile in a computer system. The personal aspects of a
human being including items such as a name, addresses, phone numbers, education, race, credit card
accounts, etc. are not part of a computer identity or identification. It is important that these concepts
be separated and instead this form of information be treated directly as a data entity isolated from, but
related to an identity entity treated as an independent entity. In this manner, the identification of a
person is restricted to the portion of information required to authenticate a user. All the additional data
points are represented as data entities that are then affiliated back to that user. Each of the attributes
of this personally identifiable information (PII) can then be separately maintained and secured as data
unidentifiable to the actual person they pertain to. This is the basic premise of anonymity and privacy.
Many of the emerging identity implementations are geared at the basic user identity level and are
attempting to address the issues of privacy and anonymity while allowing the binding of identities to PII.
Identity Management
The overall process and practice of generating identities and maintaining the associations of identities to
entities while maintaining the proper scope relations is collectively known as identity management.
Within a computer system, the identity management process may be quite simple. If the computer is
self-contained (not networked) then all identity information is local to that machine and is managed by
the OS and related software installed on that machine. Once networking is enabled and used for
identity distribution, the identity management process becomes much more complex.
There are some basic entities, which are treated as subjects of identity that all users will interact with
within a computer system. These include files and folders, users, groups or roles, permissions and
computers. When networking, all of these items may be managed by a central identity repository such
as an X.500 or lightweight directory access protocol (LDAP) server. In an LDAP system, each type of
entity has an identity type, which has predefined identity attributes contained within the LDAP schema.
The primary set of identity types are maintained by the Internet Corporation for Assigned Names and
Numbers (ICANN). For each entity, regardless of type, a universally unique identifier is attached as an
attribute to uniquely identify that identity record and type. In this manner, the identity itself is an entity
By distributing different portions of this identity repository to multiple servers a distributed identity
system is created. This distribution raises several issues that are currently hot topics in computer
Permission entities are often fixed, predefined entities that exist solely as identifiers. The permission
itself is the identifier and is applied to other entities such as users, files and roles. The comparison of
the permission on a file to the permission on the user or role is the authorization process.
Roles are the next entity type of note. A role is represented as an identity, generally a name and the
role entity itself is generally a collection of permissions and users that are mapped onto that role.
The files and directories that represent the data storage units within a computer have identities that are
scoped based upon their location in the “directory tree” for a given mounted volume (disk or drive).
Each file unit has an identity that is the name of the file itself. In many systems, logical identities (such
as a symbolic link) can provide an identity handle to a file that transcends the scope in which the file is
“located”. With a link identity, the link provides additional handles to the file entity from other scopes.
A user identity is the user entity itself and has secondary identity attributes that constitute an identity
credential that references the user identity. The user entity has one or more user identity identities
(credential sets) that resolve to the physical user entity. The physical user entity is the identity handle
that items such as roles use to associate with permissions and access control mechanisms.
Identity Resolution
The act of retrieving the entity that an identity represents is identity resolution. The resolution of an
identity is composed of resolving the scope of the identity and “looking up” the matching entity. There
are multiple outcome states in the resolution process that can be defined:
No scope, the requestor has not been placed into a known scope within which resolution can
occur (the server has no resolution context, such as request for a file without specifying the
drive)
No known entity, the requestor provided an identity that does not match any identity in the
current scope
o Correct, the entity is the expected entity based upon the identity
o Incorrect, the entity is not the expected entity based upon the identity
an application they do not use. They have been provided access under another
users’ account
Proper resolution of identity is both a security and availability issue as improper resolution may provide
illegal capabilities to unauthorized users or resources and may result in corruption of information. The
identity itself has some responsibility in the resolution process for this very reason. The identity
attributes collectively comprise the identity handle. If the identity handle is of too small variability, then
not all entities can uniquely resolve from an identity. For example, if the identity is simply an 8-bit value
there is a total keyspace of 256 distinct identities possible. If there are more than 256 unique entities,
then it is impossible to uniquely identify them given the identity scheme. Further, from a security
perspective, if the total keyspace is close to the total number of used identities, then random identity
creation will tend to resolve to legitimate entities. This makes attacks successful by virtue of statistics,
fewer tries are required to get an answer. This form of guessing game includes brute-force identity
Conclusions
Computer identity is a fundamental area of operation and security within computers. The use of
references as memory addresses, file names, user credentials or general pointers are all forms of
identification and provide different levels of capability and security. In moving to more network based
forms of computation such as cloud computing and peer to peer the nature of identity and the models
used will need to accommodate broader scopes of use while maintaining security and resistance to ever
evolving attacks.
References
Wikipedia contributors. (2009, March 10). Digital identity. Retrieved April 11, 2009, from Wikipedia, The
Free Encyclopedia: http://en.wikipedia.org/w/index.php?title=Digital_identity&oldid=276262510
Wikipedia contributors. (2009, March 31). Federated identity. Retrieved April 11, 2009, from Wikipedia,
The Free Encyclopedia:
http://en.wikipedia.org/w/index.php?title=Federated_identity&oldid=280955404
Wikipedia contributors. (2009, March 7). Identity (object-oriented programming). Retrieved April 11,
2009, from Wikipedia, The Free Encyclopedia:
http://en.wikipedia.org/w/index.php?title=Identity_(object-oriented_programming)&oldid=275670888
Wikipedia contributors. (2009, April 9). Identity management. Retrieved April 11, 2009, from Wikipedia,
The Free Encyclopedia:
http://en.wikipedia.org/w/index.php?title=Identity_management&oldid=282714701
Wikipedia contributors. (2009, March 11). Law of identity. Retrieved May 11, 2009, from Wikipedia, The
Free Encyclopedia: http://en.wikipedia.org/w/index.php?title=Law_of_identity&oldid=279120024