Looking at the current online world, performing transactions as online banking, online shopping or communicating in social networks has become an inherent part of life. Hereby, personal, identity-related data plays a major role, since for many activities a service provider requires details about the identity of a user.
However, does a service provider always require our true identity? Often a service provider just needs to recognize a user on repeated visits in order to offer personalized services. Only if critical transactions are involved as for example in online banking transactions a service provider has to be sure that a user’s identity matches with the real-life identity.
In her talk, Ivonne Thomas presents the HPI Identity Provider, which distinguishes between verified digital identities and user-created identities (anonymous identities). The identity provider is based on the Identity Metasystem and the notion of claims and has been extended to include trust-related identity meta information. In her talk, she shows how service providers can use this information to derive access control decisions according to the level of trust they require for a certain transaction.