Well, there is nt established technical definition for "digital identity", but most definitions seem to focus to what I defined it as.
there is actually a whole series of issues.
the identity x.509 certificates from early 90s were targeted at stuff that
appeared to be totally unrelated to existing business processes and environment.
given the scenario that existing business relationships and permissions have
been established .... there is requirement to asserting access to those permissions
(some means of asserting some identification associated with the permissions
and some means of authentication or substantiating the rights to the permissions).
identity x.509 certificates have been totally unrelated to such a business environment ... although attempts have been made to contort them into that use. the original premise was that the identity x.509 certificates could be used by parties that previously had no direct knowledge of each other and could make use of the x.509 certificates w/o needing any recourse to any additional information. one problem was a random name from some place in the world had no context or meaning to some other random entity some place in the world.
putting a person's instantly changing available balance in the certificate might do. however this had (at least) two problems 1) it could be considered privileged information that deemed not advisable in public certificates with copies all over the planet and 2) with possibly thousands of each such certificate cached all around the world .... there was some issue with instantaneously and dynamically updating all copies.
so in the mid-90s there was some retrenchment to relying-party-only certificates ... which basically only contained an account number and the public key. the transaction always went to where the permissions and other important information was available. However it was trivially possible to show that in such situations, the certificates are redundant and superfluous.
The majority of the business infrastructures in the world don't need free floating and complete personal information contained in a certificate about random and totally unknown entities. The need a non-static-data authentication paradigm to replace the static data authentication paradigm, i.e. simply replace pin/password with public key and digital signatures.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]