Digitale Identitäten - Wer bin ich im Netz?

1. 00:00We now want to create another model for ourselves. on Digital Identity Management.
2. 00:06It's the decentralized model.
3. 00:08We'll see that, slightly altered, is very similar to the federated model.
4. 00:14So it's about dealing with digital identities, it's about identity management,
5. 00:20and we've already gotten to know isolated identity management, that each service itself establishes digital identities during registration and then manages, that is, manages, stores,
6. 00:37and always when the user comes, then also performs this authentication process.
7. 00:43And we also got to know the central identity management, where there's an identity provider,
8. 00:51who is therefore entirely committed to the establishment and administration of the and is responsible for authenticating identities.
9. 01:00This of course has the advantage that the user only needs one password, but if you look at this central model, then the question is how can that work globally?
10. 01:13So if you wanted to extend that, the question is, can there be a single identity provider?
11. 01:21Each of these services must trust this identity provider, can it be in the USA, in China, in Russia?
12. 01:30Trust services in China an identity provider in the USA and vice versa?
13. 01:36So these are questions that arise when you think about it, how to expand this central model.
14. 01:47So a single global identity provider is hard to imagine, is unimaginable at all,
15. 01:54both with regard to the question of confidence as well as this property, this disadvantage that these central approaches had, which is to form a single point-of-failure.
16. 02:07Globally, therefore, only the so-called decentralized model can be considered.
17. 02:15What does that mean? In contrast to the central model there are several identity providers in the decentralized model.
18. 02:24The idea is again that there are dedicated services, who care about identities,
19. 02:28who then each have their circle of online services that trust them, but there's not just one identity provider, but there are several.
20. 02:38This means that the online services can choose, which identity provider they trust, which identity provider you want to work with.
21. 02:48The services may well trust different identity providers, but they're free to do it.
22. 03:02So in our picture here these are the identity providers, and so it's quite possible that services from different identity providers can take over this administration of the identity data.
23. 03:16Now, if you look at the pros and cons. of this decentralized model, it's certainly an advantage,
24. 03:23that a user can go to his trusted ID provider, that's very personal data after all, which are managed there by this ID provider.
25. 03:34The same advantage exists for online services.
26. 03:37They can choose which ID provider they trust, Which you want to work with,
27. 03:43they can establish and manage this business of identity to an identity provider you trust.
28. 03:53If we look at the downside, then so be it, that users must deposit their identities with several ID providers,
29. 04:05because there are services that only trust this ID provider. and other services that only work with the other ID provider.
30. 04:14So the original idea, that there is a central identity provider in this central model, It's being weakened here, there are several.
31. 04:25It's still better than that. to establish such an identity for every single service, but it's a lot more effort.
32. 04:33So if there's an attribute changing, for example, address, then this has to be done at each of the identity providers involved.
33. 04:41And here, too, you no longer have a global single point of failure, but a partial one, that is, if an ID provider fails,
34. 04:52then all the services can't work, who work with this ID provider
35. 04:59and which are derived from this ID provider let the administration take over their digital identities.
36. 05:05Let's have a look at the application of this decentralized model in the net.
37. 05:12Because there are examples, there are examples that many websites, many services with different identity providers, for example via Facebook or Google.
38. 05:24You know such things when you come to a website, these are offers to work together with different identity providers,
39. 05:34to identify yourself with one service through one of those great other services, who also make their identity management available for other online services.
40. 05:48Users can then choose with which of their digital identities they want to subscribe to this online service.
41. 05:57There's got to be at least one of them, so they can use this service.
42. 06:02Protocols for this are the OpenID (Connect) and the OAuth, who are implementing this approach, that it is possible, Sign in to an online service using different identity providers.
43. 06:24Now, in addition to the decentralized model. nor the so-called federated model.
44. 06:31The federated model is, strictly speaking. again a decentralized model.
45. 06:36It allows the use of digital identities beyond company and organisational boundaries.
46. 06:45And it is precisely here that this different concept comes into being.
47. 06:50We had seen that this central model is a typical model. within companies, within large organizations.
48. 06:58So now, if you cross organizational boundaries. wants to allow users to use certain services, namely with their identity,
49. 07:09what they can use in their business context, then we're talking about federated models.
50. 07:17So for example with the HPI identity you can also use services outside the HPI are used.
51. 07:25This connection that they say with the identity of this company you may also use services in that company or organization, a Federation space is forming.
52. 07:40Because that's a relationship of trust, and this trust relationship looks like this, that I have, let's say, two companies,
53. 07:49I have my authenticity here, the partner has his authenticity here, and with this identity in these individual companies. services may also be used in the other company.
54. 08:02The ID provider who says trust model in this other company, if you properly authenticate yourself in your company,
55. 08:13then we trust this authentication and then you can also work for us.
56. 08:19People also like to talk about the "Circle of Trust", from the trust circle.
57. 08:24Typically, the online services then work as follows with multiple identity providers,
58. 08:30that's a very similar picture now, as we had seen with the decentralized model.
59. 08:36If we look at an application for a federation like this, here is an example, then in the university area is this "Eduroam", a network of universities around the world.
60. 08:52So if you're enrolled in a university, there has an e-mail address, a digital identity,
61. 09:01then you can use that identity and that e-mail address also in another university, not only within Germany, but anywhere in the world.
62. 09:12It's such a federation that the universities say, we trust each other.
63. 09:19So if a student, an employee, a researcher, a professor. comes from one university and his identity is stored there,
64. 09:31then he is allowed to use this identity in the networks as well. of other universities,
65. 09:38may be used with the account, with its digital identity by the one university also accept services from other universities.
66. 09:47So for example with the identity here at the University of Potsdam can also be used automatically in Berlin universities, Parisian universities,
67. 09:58you can log in, you can use the appropriate network resources of the local universities.
68. 10:04In short, the decentralized element, in the decentralized identity management model, there's no longer just one ID provider, there's several.
69. 10:17Users can choose their identity provider, the online services can decide, which of the ID providers you're working with,
70. 10:28and this variety, this federated model, it's a decentralized model,
71. 10:38what typically happens between companies and organizations allows the use of the identities stored there.

To enable the transcript, please select a language in the video player settings menu.