Perspectiva Religiosa.

The typical use of online services requires any user to register in multiple identity (or service) providers by providing different attribute values during the registration process as mentioned in previous sections. It means that the user ends up with multiple partial identities scattered across multiple providers. If ne,d denotes the number of attribute values provided by the

entity (i.e. user) e in a domain (i.e. provider) d, then:

3.4. Applications 60

Supposing d1, . . . , dm are all domains (providers) in which e has partial identities, the total

number of attributes (denoted by Ne) can be derived for the user e as:

Ne = m

X

i=1

ne,di.

The value Nesignifies the number of attributes that need to be managed by the user e. Ideally,

Neshould have a small value which will allow users to manage their attributes in a convenient

way. Unfortunately, with the proliferation of novel online services requiring users to register to access those services, the value of Ne keeps increasing. One of the central focuses in

Identity Management research is to reduce Ne. There are two ways Ne can be reduced: i)

by lowering ne,d in each domain d, i.e., only storing smaller number of attributes at each

provider and ii) by lowering m (the number of providers) so that attributes are stored at a small number of providers. The second option is more suitable for two reasons.

• Firstly, it may not be always possible to know beforehand which attributes might be required/requested by an SP later on; hence an IdP might prefer to store as many attributes as possible.

• Secondly, when attributes are scattered across many IdPs, it becomes increasingly difficult for a user to effectively manage attributes stored in those IdPs.

Also, the same attributes may be stored in multiple places resulting in unnecessary redun- dancy. Minimising m would enable a user to manage attributes efficiently and hence is the focus of all existing IMSs. In addition, in many IMSs, a legal contract between an IdP and an SP dictates the handling of user attributes between themselves. However, there may not be any legal contract between the user and the IdP and therefore, the handling of attributes may be governed by the respective Terms and Conditions. The absence of any legal contract between a user and an IdP means that the handling of user attributes is only bound by a trust assumption where the user can only hope that the respective party will honour the imposed trust [9].

Ideally, m=1 would be the most suitable choice as far as a user is concerned. It means that there is only one IdP storing all attributes of the user and providing them to an SP. With this goal, Microsoft introduced the Passport System to become the IdP of the Internet [81]. However, the attempt failed and the reason behind this failure is that the inclusion of the Passport in each interaction between users and SPs were not properly justified and users were not very confident and comfortable about a third party holding all their attributes [1]. Since then, it has been predicted and envisioned that there will exist more than one IdP with their specific purposes. For example, a bank IdP can be used for financial activities, the Governmental IdP for accessing Governmental services, and other IdPs for other services.

3.4. Applications 61

All this means is that the value of m will always be more than 1. The optimal value of m that will enable users to manage their attributes in the most efficient manner is yet to be found and might vary from one person to another.

In order to reduce the value of m, it is important to analyse the issue of trustworthiness of an IdP. By trustworthiness of an IdP it is meant the level of trust another entity has over that IdP. Even though trust is a subjective opinion, one IdP may be considered as a highly trusted entity whereas another IdP may be considered as an untrusted (or a low trusted) entity. There are several factors that are used to determine the trustworthiness of an IdP. One of the most crucial factors is the registration procedure that any user needs to go through to register into an IdP. The highly trusted IdP, such as the IdP established by the Government, financial institutes (e.g. banks) or educational institutes such as universities, will go through a rigorous registration procedure before any user is registered. For example, one has to be a citizen/resident of a country to register for a Governmental IdP and one has to prove her identity by showing a passport or a driving licence to register for a bank IdP. On the other hand, any user can register herself easily online without proving her identity by simply filling in a web form for several larger social-network based IdPs such as Facebook, Google, Twitter, etc. Users do not need to prove their identities and can simply fill in the web form with superficial or even random meaningless values. Hence, such an IdP can be regarded as a low trusted or even an untrusted IdP. Since it is difficult to establish and maintain a highly trusted IdP, the number of highly trusted IdPs will be always low. Thus, the higher value of m is largely contributed by the large number of low trusted and untrusted online IdPs (Figure 3.3). This is also evident in the current setting of online services where a user needs to register for any novel online services which increases the space of such low trusted and untrusted IdPs. If a mechanism can be found to reduce the number of such IdPs, it can significantly reduce the value of m.

3.4. Applications 62