Field Guide to Internet Trust Models: Three Party Model

Three Party Model

A trusted third party provides identities to both the requester and service provider. In order to interact with one another, both must agree to trust the same identity provider.

Examples: Google, Facebook, American Express, Paypal, Amazon, iTunes App Store


There are two broad types of Three Party Model. If one (or both) of the parties insists on a particular identity provider, we refer to it as a Winner Take All network because other identity providers are locked out. If only technical methods are specified and the requester is free to specify any identity provider they like, we refer to it as a Bring Your Own Identity network.

When to Use: An identity provider may choose to offer a three party model when it can provide identities more efficiently than the requester or service provider can on their own. Requesters and service providers may choose to implement a three party network for access to an existing market.

Advantages: Separates identity management from the service being provided. In cases where a shared third party is available, this model simplifies the process of exchanging trusted identities. Malicious actors can be identified and isolated from the entire network. Requesters can use a single identity with many service providers, and service providers can trust requesters without having to verify each one.

Disadvantages: Because participants can only interact if they have been authenticated by a single identity provider, that provider wields substantial power. The identity provider effectively controls the requester’s ability to use services and the services’ ability to work with requesters.

For instance, a requester who loses their account with the identity provider also loses all of the services where they used that identity. If you use your Facebook to sign in to other products then you also lose those other products if your Facebook account is closed.

Ability to Scale: Very difficult to get started because a three party network is not interesting to service providers until it has users, but only attracts users if it has interesting services. Once they are established and functioning, however, a successful three party network can grow extremely large.

The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

Field Guide to Internet Trust Models: Pairwise Agreement

Two institutions want to trust identities issued by one another, but there is no outside governance or policy framework for them to do so. They negotiate a specific agreement that covers only the two of them. Each institution trusts the other to properly manage the identities that it issues.

Examples: A pairwise agreement can specify governance, security and verification policies, or specific technical methods.

Businesses might negotiate pairwise agreements with large supplier. Educational institutions may craft specific research agreements.

When to Use: Business or institutional partners want to grant one another access to confidential systems or information, but no standard contracts or umbrella organizations exist.

Advantages: Organizations can grant one another access to scarce resources and confidential information. Highly customized for the specific situation and participants.

Disadvantages: Time consuming and complex to negotiate, expensive. Difficult to scale.

Ability to Scale: Pairwise federations do not scale well, because each additional party will need to make a custom agreement with every other party.

The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

Field Guide to Internet Trust Models: Centralized Token Issuance, Distributed Enrollment

A special case peer-to-peer network. Participants want to establish trusted identities that can be used securely for ongoing, high-value communication among organizations. A trusted, central provider issues identity tokens which are then enrolled independently by each service provider. Service providers are not required to cooperate or accept one another’s enrollments.

Examples: The most common examples are RSA SecurID and SWIFT 3SKey. Hardware tokens are issued by a trusted provider, which are then used to authenticate individual identities.

Each service will require the user to enroll separately, but once the user has registered they can use the token for future interactions.

When the requester wants to use a service, they’re authenticated using the token.

When to use: Strong Authentication across a range of business entities who may have different enrollment requirements.

Advantages: Can provide a high level of identity assurance to institutions spread across legal and national boundaries.

Disadvantages: Can be expensive and complex to implement. Depends upon the existence of a trusted third party who can issue and ensure the security of hardware tokens. Hardware tokens can be lost.

Ability to scale: Can scale to large networks.



The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

Field Guide to Internet Trust Models: Peer-to-Peer Trust and Identity

Peer-to-Peer Identity

When no central identity provider or governance agreement is present, participants assert their own identities and each individual decides who they trust and who they do not. Each participant is a peer with equal standing and each can communicate with anyone else in the network.

Examples: The most familiar peer-to-peer network is probably e-mail. An internet host can join the e-mail network with little more effort than updating its DNS entry and installing some software. Once a host has joined the network, individual e-mail addresses are easily created with no requirement for approval by any central authority. This flexibility and ease of account creation helped spur the growth of the internet, but also allows spam marketers to create false emails.

The best known secure peer-to-peer identity networks on the Internet have been implemented using public key cryptography, which allows participants to trust messages sent over insecure channels like email. Products like PGP and it’s open source counterpart gpg are the most common implementations of public key messaging tools.

When To Use: No central identity provider is available but network participants can exchange credentials.

Advantages: No dependence on a central identity provider. No formal agreement needed to join the network. Participants can assert any identity that they want. Secure peer-to-peer technologies can provide a high degree of confidence once identities have been exchanged. Peer-to-peer models are very flexible, and can support a wide range of trust policies.

Disadvantages: No governing agreement or requirement to implement any policies. Secure deployment requires a high degree of technical sophistication and active management. Individually verifying each participant can be labor intensive. Tracking identities that have been revoked can be complex and error prone.

Ability to Scale: If security requirements are low, peer-to-peer networks can grow very large because new members can join easily. Higher levels of security can be complex to deploy and operate, and can impose a practical limit on the size of the network.

The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

Quotes from Amelia on Systems relevant to Identity.

This is coverage of at WSJ interview with Amelia Andersdotter the former European Parliament member from the Pirate Party from Sweden. Some quote stuck out for me as being relevant

If we also believe that freedom and individualism, empowerment and democratic rights, are valuable, then we should not be constructing and exploiting systems of control where individual disempowerment are prerequisites for the system to be legal.

We can say that most of the legislation around Internet users protect systems from individuals. I believe that individuals should be protected from the system. Individual empowerment means the individual is able to deal with a system, use a system, work with a system, innovate on a system—for whatever purpose, social or economic. Right now we have a lot of legislation that hinders such [empowerment]. And that doesn’t necessarily mean that you have anarchy in the sense that you have no laws or that anyone can do whatever they want at anytime. It’s more a question of ensuring that the capabilities you are deterring are actually the capabilities that are most useful to deter. [emphasis mine].

This statement is key  “individuals should be protected from the system” How do we create accountability from systems to people and not just the other way around. I continue to raise this issue about so called trust frameworks that are proposed as the solution to interoperable digital identity – there are many concerning aspects to the solutions including what seems to be very low levels of accountability of systems to people.

The quotes from Ameila continued…

I think the Internet and Internet policy are very good tools for bringing power closer to people, decentralizing and ensuring that we have distributive power and distributive solutions. This needs to be built into the technical, as well as the political framework. It is a real challenge for the European Union to win back the confidence of European voters because I think a lot of people are increasingly concerned that they don’t have power or influence over tools and situations that arise in their day-to-day lives.

The European Union needs to be more user-centric. It must provide more control [directly] to users. If the European Union decides that intermediaries could not develop technologies specifically to disempower end users, we could have a major shift in global political and technical culture, not only in Europe but worldwide, that would benefit everyone.

Faith and the IDESG

Since becoming involved in the IDESG, I have become concerned that we do not have people of religious faith – with that as their primary “identity” within the context of participating in the organization. Let me be clear about what I mean, we have many people of many faiths involved and I am not disrespecting their involvement. We also don’t have people who’s day job is working for faith institutions (that they would take time out from to “volunteer” on this effort to explicitly bring in a faith perspective). Someone from say the National Council of Churches would not be a bad thing to have given that one of groups of people who today have consistently sue against “identity systems” are Christians objecting to ID systems put into public schools to track children students. With this proactive faith stance involved the systems we are seeking to innovate reduces the risk of rejection via law suite. I also think the views of those from Jewish, Muslim Sikh, Budhist, Hindu and other faiths should be proactively sought out.

Another Tweet from the Tampa meeting….




We must understand the past to not repeat it.

Please see the prior post and the post before about how we got to discussing this.

We can not forget that the Holocaust was enabled by the IBM corporation and its Hollerith machine.  How did this happen? What were these systems? How did they work? and particularly how did the private sector corporation IBM end up working a democratically elected government to do very horrible things to vast portions of its citizenry? These are questions we can not ignore.

In 2006 Stefan Brands gave a talk that made a huge impression on me he warned us and audience of very well meaning technologists that we had to be very careful because we could incrementally create a system that could lead to enabling a police state. It was shocking at the time but after a while the point he was making sunk in and stuck with me. He shared this quote (this slide is from a presentation he gave around the same time)


It is the likability that is the challenge.

We have to have the right and freedom NOT to be required to use our “real name” and birthdate for everything.

This is the defacto linkable identifier that the government is trying to push out over everything so they can link everything they do together.

Stephan proposes another Fair Information Principle.


I will share more of Stephan’s slides because I think they are prescient for today.

Stephan’s slides talk about User-Centrism technology and ideas in digital identity – ideas that have virtually no space or “air time” in the NSTIC discussions because everything has been broken down (and I believe intentionally so) into “security” “standards” “privacy” “trust frameworks” silos that divide up the topic/subject in ways that inhibit really tackling user-centrism or how to build a working system that lives up to the IDEALS that were outlined in the NSTIC document.

I have tried and tried and tried again to speak up in the year and a half before the IDESG and the 2 years since its existence to make space for considering how we actually live up to ideals in the document.  Instead we are stuck in a looping process of non-consensus process (if we had consensus I wouldn’t be UN-consensusing on the issues I continue to raise).  The IDESG are not taking user-centrism seriously, we are not looking at how people are really going to have their rights protected – how people will use and experience these large enterprise federations.

Yes everyone that is what we are really talking about…Trust Framework is just a code word for Enterprise Federation.

I went to the TSCP conference a big defence/aerospace federation (who was given NSTIC grants to work on Trust Framework Development Guidance) where this lovely lady Iana from Deloitte who worked on the early versions of NSTIC and potential governance outlines for IDESG – she said very very clearly “Trust Frameworks ARE Enterprise Federations” and it was like – ahhh a breath of fresh clear honest air – talking about what we are really talking about.

So back to the Stephan Brands re-fresher slides on user-centric ID so we don’t forget what it is.
















Look at these, take them seriously.


Dear IDESG, I’m sorry. I didn’t call you Nazi’s.

The complaint  by Mr. Ian Glazer was that I called my fellow IDESG colleagues Nazi’s. He was unsatisfied with my original statement about the tweet on our public management council mailing list.  Some how this led to the Ombudsman taking on the issue and after I spoke with him in Tampa it was followed by a drawn out 5 week “investigation” by the Ombudsman before he issued a recommendation.  During this time I experienced intensive trolling about the matter on twitter itself.

Here is the tweet that I authored while pondering theories of organizational dynamics in Tampa and without any intent to cause an association in the mind of a reader with IDESG, NSTIC, nor any person or persons in particular note that I did not reference anyone with a @____ or add any signifying hashtags e.g., #idesg or #nstic in this tweeted comment.


I own that the tweet was provocative but it was It was not my intent to cause harm to anybody or to the IDESG organization and wider identity community.

I in no way intended to imply that any member of the IDESG has any intention remotely similar to those of the NAZI party of Germany.

I in no way intended to imply that the content of the meeting of the IDESG related to the content of the meeting I referenced in the tweet.

I am very sorry if the tweet had an emotionally negative impact on people on the management council and particularly those of with Jewish Heritage.

I fully acknowledge that referencing anything relative to the Nazi era is triggering. It touches on our collective shame and surfaces vulnerability it is very hard to look at.

I also believe that we have to actually be prepared to do so. If we don’t examine the past we can’t be sure we will not repeat it. [Please click to see my my next post for this to be further expounded upon]

I’m sorry I didn’t say something along these lines sooner.

One should not feed the internet trolls and I didn’t.

I was in a process were I felt it was inappropriate to speak about this more until the Ombudsman’s process had run its course.

I think that we all need to keep in mind our roles as Directors of the IDESG when we interact with the public and with each other.

The whole process left my and my attorney puzzled. My attorney wrote a letter to the Management Council/Board of Directors with a whole bunch of questions and now that this is posted we look forward to their answers to those questions.




Facebook so called “real names” and Drag Queens

So, Just when we thought the Nym Wars were over at least with Google / Google+.

Here is my post about those ending including a link to an annotated version of all the posts I wrote about my personal experience of it all unfolding.

Facebook decided to pick on the Drag Queens – and a famous group of them the Sisters of Perpetual Indulgence.  Back then I called for the people with persona’s to unite and work together to resist what Google was doing. It seems like now that Facebook has taken on the Drag Queens a real version of what I called at the time the Million Persona March will happen.

One of those affected created this graphic and posted it on Facebook by Sister Sparkle Plenty:


Facebook meets with LGBT Community Over Real Name Policy  on Sophos’ Naked Security blog.

EFF covers it with Facebook’s Real Name Policy Can Cause Real World Harm in LGBT Community. has a petition going. Facebook Allow Performers to Use Their Stage Names on their Facebook Accounts.





We “won” the NymWars? did we?

Short answer No – I’m headed to the protest today at Facebook.

A post about the experience will be up here by tomorrow. I’ll be tweeting from my account there which is of course @identitywoman



Post from Sept 2014

Mid-July,  friend called me up out of the blue and said “we won!”

“We won what” I asked.

“Google just officially changed its policy on Real Names”

He said I had  to write a post about it. I agreed but also felt disheartened.
We won but we didn’t it took 3 years before they changed.

They also created a climate online where it was OK and legitimate for service providers to insist on real names.

For those of you not tracking the story – I along with many thousands of people had our Google+ accounts suspended – this posts is an annotated version of all of those.

This was the Google Announcement:

[Read more…]

I’ve co-founded a company! The Leola Group

Thursday evening following Internet Identity Workshop #18 in May I co-Founded and became Co-CEO of the Leola Group with my partner William Dyson.

So how did this all happen? Through a series of interesting coincidences in the 10 days (yes just 10 days) William got XDI to work for building working consumer facing applications. He showed the music meta-data application on Thursday evening and wowed many with the working name Nymble registry.  The XDI [eXtneible Resource Identifier Data Interchange] standard has been under development at OASIS for over 10 years. Getting it to actually work and having the opportunity to begin to build applications that really put people at the center of their own data lives is a big step forward both for the Leola Group and the  Personal Data community at large.

[Read more…]

Resources for HopeX Talk.

I accepted an invitation from Aestetix to present with him at HopeX (10).

It was a follow-on talk to his Hope 9 presentation that was on #nymwars.

He is on the volunteer staff of the HopeX conference and was on the press team that helped handle all the press that came for the Ellsberg – Snowden conversation that happened mid-day Saturday.  It was amazing and it went over an hour – so our talk that was already at 11pm (yes) was scheduled to start at midnight.

Here are the slides for it – I modified them enough that they make sense if you just read them.  My hope is that we explain NSTIC, how it works and the opportunity to get involved to actively shape the protocols and policies maintained.

[Read more…]

Rosie the [New Language] Developer – Where are you?

This past week we [me, Phil, Heidi + Doc] put on the Internet Identity Workshop. It was amazing.

There is a new project / company forming and they are very keen to have women programmers/developers in the first wave of hires.  They are also committed to cultural diversity.

Since they are developing in a new language – you don’t need to have experience in “it” – you just need to have talent and the ability to learn new things.

I asked them for a list of potentially helpful per-requisites:

  • Some experience with ruby on rails
  • Some experience with JSON
  • Some experience with XML
  • Some experience with HTML5
  • Some experience with semantic data modeling
  • Some understanding of the ideas related to the semantic web and giant global graphs

If you are reading the list and thinking – I don’t have “all” of those qualifications…then read this before you decide not to reach out to learn more – The Confidence Gap from this month’s Atlantic.  TL:DR “Remember that women only apply if they have 100% of the jobs qualifications, but men apply with 60%!”

Please be in touch with me if you are interested. I will connect you with them this week.

Kaliya [at] identitywoman [dot] net





BC Government Innovation in eID + Citizen Engagement.

I wrote an article for Re:ID about the BC Government’s Citizen Engagement process that they did for their eID system.

CoverHere is the PDF: reid_spring_14-BC


Because of my decade long advocacy for the rights and dignity of our digital selves, I have become widely known as “Identity Woman.” The Government of British Columbia invited me to participate as an industry specialist/expert in its citizen consultation regarding the province’s Services Card. I want to share the story of BC’s unique approach, as I hope that more jurisdictions and the effort I am most involved with of late, the U.S. government’s National Strategy for Trusted Identities in Cyberspace, will choose to follow it.

The Canadian Province of British Columbia engaged the public about key issues and questions the BC Services Card raised. The well-designed process included a panel of randomly selected citizens. They met face- to-face, first to learn about the program, then to deliberate key issues and finally make implementation recommendations to government.

[Read more…]

NSTIC WhipLash – Making Meaning – is a community thing.

Over a week-ago I tweeted that I had experienced NSTIC whiplash yet again and wasn’t sure how to deal with it. I have been known to speak my mind and get some folks really upset for doing so – Given that I know the social media savy NSTIC NPO reads all tweets related to their program they know I said this. They also didn’t reach out to ask what I might be experiencing whiplash about.

First of all since I am big on getting some shared understanding up front – what do I mean by “whiplash” it is that feeling like your going along … you think you know the lay of the land the car is moving along and all of a sudden out of nowhere – a new thing “appears” on the path and you have to slam on the breaks and go huh! what was that? and in the process your head whips forward and back giving you “whip-lash” from the sudden stop/double-take.

I was toddling through and found this post.  What does it Mean to Embrace the NSTIC Guiding Principles?

I’m like ok – what does it mean? and who decided? how?

I read through it and it turns out that in September the NPO just decided it would decide/define the meaning and then write it all out and then suggest in this odd way it so often does that “the committees” just go with their ideas.

“We believe that the respective committees should review these derived requirements for appropriate coverage of the identity ecosystem.   We look forward to continued progress toward the Identity Ecosystem Framework and its associated trustmark scheme.”

Why does the NPO continue to “do the work” that the multi-stakeholder institution they set up was created to do that is to actually figure out the “meaning” of the document.

[Read more…]

I’m not your NSTIC “delegate” any more … pls get involved.

I have heard over the past few years from  friends and associates in the user-centric ID / Personal Cloud/ VRM Communities or those people who care about the future of people’s identities online say to me literally – “Well its good  you are paying attention to NSTIC so I don’t have to.”

I’m writing to say the time for that choice is over. There is about 1 more year left in the process until the “outputs” become government policy under the recently released White House Cyber Security Framework (See below for the specifics).

[Read more…]

What is a Functional Model?

I have been working in the identity industry for over 10 years. It was not until the IDESG – NSTIC plenary that some folks said they were working on a functional model that I heard the term.  I as per is normal for me pipped up and asked “what is a functional model”, people looked at me, looked back at the room and just kept going, ignoring my question.  I have continued to ask it and on one has answered it.

I will state it out loud here again –

What is a Functional Model?

How to Participate in NSTIC, IDESG – A step by step guide.

The Identity Ecosystem Steering Group is a multi-stakeholder organization (See this post about how join.) Technically You can participate on lists even if you are not members but it is better that you go through the process of joining to be “officially” part of  the organization.

If you join the IDESG it is good to actively participate in at least one active committee because that is where organization work is done by committees – any person or organization from any stakeholder category can participate.

The committees have mailing lists – that you subscribe to (below click through where it says Join Mailing list and put in the e-mail address you want to use, share your name and also a password).

On the list the group chats together on the list and talk about the different work items they are focused on.  They have conference calls as well to talk together (these range from once a week to once a month).  You can also contact the chair of the committee and “officially” join but that is not required.

If you are reading this and getting involved for the first time – read through this list and pick one of the committees that sound interesting to you.  They are friendly folks and should be able to help you get up to speed – ask questions and ask for help. This whole process is meant to be open and inclusive.

[Read more…]

How to Join NSTIC, IDESG – A step by step guide.

The National Strategy for Trusted Identities in Cyberspace calls for the development of a private sector lead effort to articulate an identity ecosystem.

To be successful it needs participation from a range of groups.

An organization was formed to support this – the Identity Ecosystem Steering Group in alignment with the Obama administration’s open government efforts.

The “joining” process is not EASY but I guess that is part of its charm. It is totally “open and free” but challenging to actually do.


PART 1 – Getting an Account on the Website!

Step 1: Go to the website:

[Read more…]

Personal Clouds, Digital Enlightenment, Identity North

Next week Thursday August 22nd is the Personal Cloud Meetup in San Francisco. It will be hosted at MSFT.  If you want to get connected to the community it is a great way to do so. Here is where you register. 

In September I’m heading to Europe for the Digital Enlightenment Forum September 18-20th. I’m excited about the program and encourage those of you in Europe who might be reading this to consider attending. We are doing a 1/2 day of Open Space (what we do at IIW) where the agenda is created live at the event.

[Read more…]

Core Concepts in Identity

One of the reasons that digital identity can be such a challenging topic to address is that we all swim in the sea of identity every day.  We don’t think about what is really going in the transactions….and many different aspects of a transaction can all seem do be one thing.  The early Identity Gang conversations focused a lot on figuring out what some core words meant and developed first shared understanding and then shared language to talk about these concepts in the community.

I’m writing this post now for a few reasons.

There is finally a conversation about taxonomy with the IDESG – (Yes! after over a year of being in existence it is finally happening (I recommended in my NSTIC NOI Response  that it be one of the first things focused on)

Secondly I have been giving a 1/2 day and 1 day seminar about identity and personal data for several years now (You can hire me!).  Recently I gave this seminar in New Zealand to top enterprise and government leaders working on identity projects 3 times in one week.  We covered:

  • The Persona and Context in Life
  • The Spectrum of Identity
  • What is Trust?
  • A Field Guide to Internet Trust
  • What is Personal Data
  • Market Models for Personal Data
  • Government Initiatives Globally in eID & Personal Data

[Read more…]