This video belongs to the openHPI course Digitale Identitäten - Wer bin ich im Netz? . Do you want to see more?
An error occurred while loading the video player, or it takes a long time to initialize. You can try clearing your browser cache. Please try again later and contact the helpdesk if the problem persists.
Scroll to current position
- 00:00We now want to create another model for ourselves. on Digital Identity Management.
- 00:06It's the decentralized model.
- 00:08We'll see that, slightly altered, is very similar to the federated model.
- 00:14So it's about dealing with digital identities, it's about identity management,
- 00:20and we've already gotten to know isolated identity management, that each service itself establishes digital identities during registration and then manages, that is, manages, stores,
- 00:37and always when the user comes, then also performs this authentication process.
- 00:43And we also got to know the central identity management, where there's an identity provider,
- 00:51who is therefore entirely committed to the establishment and administration of the and is responsible for authenticating identities.
- 01:00This of course has the advantage that the user only needs one password, but if you look at this central model, then the question is how can that work globally?
- 01:13So if you wanted to extend that, the question is, can there be a single identity provider?
- 01:21Each of these services must trust this identity provider, can it be in the USA, in China, in Russia?
- 01:30Trust services in China an identity provider in the USA and vice versa?
- 01:36So these are questions that arise when you think about it, how to expand this central model.
- 01:47So a single global identity provider is hard to imagine, is unimaginable at all,
- 01:54both with regard to the question of confidence as well as this property, this disadvantage that these central approaches had, which is to form a single point-of-failure.
- 02:07Globally, therefore, only the so-called decentralized model can be considered.
- 02:15What does that mean? In contrast to the central model there are several identity providers in the decentralized model.
- 02:24The idea is again that there are dedicated services, who care about identities,
- 02:28who then each have their circle of online services that trust them, but there's not just one identity provider, but there are several.
- 02:38This means that the online services can choose, which identity provider they trust, which identity provider you want to work with.
- 02:48The services may well trust different identity providers, but they're free to do it.
- 03:02So in our picture here these are the identity providers, and so it's quite possible that services from different identity providers can take over this administration of the identity data.
- 03:16Now, if you look at the pros and cons. of this decentralized model, it's certainly an advantage,
- 03:23that a user can go to his trusted ID provider, that's very personal data after all, which are managed there by this ID provider.
- 03:34The same advantage exists for online services.
- 03:37They can choose which ID provider they trust, Which you want to work with,
- 03:43they can establish and manage this business of identity to an identity provider you trust.
- 03:53If we look at the downside, then so be it, that users must deposit their identities with several ID providers,
- 04:05because there are services that only trust this ID provider. and other services that only work with the other ID provider.
- 04:14So the original idea, that there is a central identity provider in this central model, It's being weakened here, there are several.
- 04:25It's still better than that. to establish such an identity for every single service, but it's a lot more effort.
- 04:33So if there's an attribute changing, for example, address, then this has to be done at each of the identity providers involved.
- 04:41And here, too, you no longer have a global single point of failure, but a partial one, that is, if an ID provider fails,
- 04:52then all the services can't work, who work with this ID provider
- 04:59and which are derived from this ID provider let the administration take over their digital identities.
- 05:05Let's have a look at the application of this decentralized model in the net.
- 05:12Because there are examples, there are examples that many websites, many services with different identity providers, for example via Facebook or Google.
- 05:24You know such things when you come to a website, these are offers to work together with different identity providers,
- 05:34to identify yourself with one service through one of those great other services, who also make their identity management available for other online services.
- 05:48Users can then choose with which of their digital identities they want to subscribe to this online service.
- 05:57There's got to be at least one of them, so they can use this service.
- 06:02Protocols for this are the OpenID (Connect) and the OAuth, who are implementing this approach, that it is possible, Sign in to an online service using different identity providers.
- 06:24Now, in addition to the decentralized model. nor the so-called federated model.
- 06:31The federated model is, strictly speaking. again a decentralized model.
- 06:36It allows the use of digital identities beyond company and organisational boundaries.
- 06:45And it is precisely here that this different concept comes into being.
- 06:50We had seen that this central model is a typical model. within companies, within large organizations.
- 06:58So now, if you cross organizational boundaries. wants to allow users to use certain services, namely with their identity,
- 07:09what they can use in their business context, then we're talking about federated models.
- 07:17So for example with the HPI identity you can also use services outside the HPI are used.
- 07:25This connection that they say with the identity of this company you may also use services in that company or organization, a Federation space is forming.
- 07:40Because that's a relationship of trust, and this trust relationship looks like this, that I have, let's say, two companies,
- 07:49I have my authenticity here, the partner has his authenticity here, and with this identity in these individual companies. services may also be used in the other company.
- 08:02The ID provider who says trust model in this other company, if you properly authenticate yourself in your company,
- 08:13then we trust this authentication and then you can also work for us.
- 08:19People also like to talk about the "Circle of Trust", from the trust circle.
- 08:24Typically, the online services then work as follows with multiple identity providers,
- 08:30that's a very similar picture now, as we had seen with the decentralized model.
- 08:36If we look at an application for a federation like this, here is an example, then in the university area is this "Eduroam", a network of universities around the world.
- 08:52So if you're enrolled in a university, there has an e-mail address, a digital identity,
- 09:01then you can use that identity and that e-mail address also in another university, not only within Germany, but anywhere in the world.
- 09:12It's such a federation that the universities say, we trust each other.
- 09:19So if a student, an employee, a researcher, a professor. comes from one university and his identity is stored there,
- 09:31then he is allowed to use this identity in the networks as well. of other universities,
- 09:38may be used with the account, with its digital identity by the one university also accept services from other universities.
- 09:47So for example with the identity here at the University of Potsdam can also be used automatically in Berlin universities, Parisian universities,
- 09:58you can log in, you can use the appropriate network resources of the local universities.
- 10:04In short, the decentralized element, in the decentralized identity management model, there's no longer just one ID provider, there's several.
- 10:17Users can choose their identity provider, the online services can decide, which of the ID providers you're working with,
- 10:28and this variety, this federated model, it's a decentralized model,
- 10:38what typically happens between companies and organizations allows the use of the identities stored there.
To enable the transcript, please select a language in the video player settings menu.