Digital Identity

A range of papers, looking at how to make robust strategic decisions about digital identity and authentication technologies, especially in technology neutral policy environments.

Home » Library » Digital Identity

A Capability Maturity Model for Data Carriers and Digital Wallets

An article that maps the progression of data wallets in respect of automation, security and privacy protection, towards cryptographically verifiable credentials. 

Read more

Why Isn’t Identity Easy?

My presentation at Identiverse 2021, contrasting the historical difficulty we have moving forward on digital identity, against the rapid progress made mobilising credentials like boarding passes, transit tickets and even hotel room keys. 

Read more

Turing Institute Presentation 2021

A poster paper presented to the Alan Turning Institute, September 13, 2021. 

Read more

A Digital Identity Stack to Improve Privacy in the IoT

A peer reviewed paper presented to the IEEE World Forum on the Internet of Things, Singapore, February 2018. 

Read more

DHS “Cydentity” 2015, Rutgers University

Guest provocateur at the DHS Identity & Privacy planning workshop

Read more

Rationing Identity on the Internet of Things

I made this presentation to the 2015 Cloud Identity Summit, on the risks to privacy of ‘over identifying’ the data that increasingly gushes from all our smart devices.

Read more

Conveying the pedigree of identifiers using digital certificates

A short one page paper on how to “notarise” personal data in smartcards or similar personal chip devices. There are ways of issuing personal data to a chip that prevent those data from being copied and claimed by anyone else.

Read more

The Authentication Family Tree

My presentation to the 2014 Cloud Identity Summit in Monterey California

Read more

Forget Identity!

I was selected in a call-for-papers to present my ecological theory of digital identity to the Australian Information Security Association 2013 annual conference. My talk was titled as a gentle provocation: “Forget identity!”

Read more

“The IdP is Dead! Hail the Relyingpartyrati”

I was honoured to be a speaker in the Iconoclasts stream on the final day of the Cloud Identity Summit in Napa (#cisNAPA), where I presented my ecological theory of identity.

Read more

Fractionating Identity

A presentation to the first MIT Legal Hackathon, in February 2013.

Read more

The Natural Limits to Federated Identity

An updated slide deck introducing the memetics of digital identity, and showing how business system ecology puts natural limits on Federated Identity.

Read more

An ecological theory of digital identity

Stephen presented a major new paper at the AusCERT 2011 security conference, on how identity evolves and why federated identity is easier said than done. This is a fresh and powerful explanation of the shortcomings of other contemporary identity theories. It provides an alternative way forward based on conserving the perfectly good identities we already have in the real world.

Read more

The False Allure of Federated Identity

A presentation to the Cyber Security Summit, Sydney, 2nd August 2012.

Read more

Identity Plurality

Orthodoxy in e-security holds that we must separate “authentication” of who someone is, from “authorisation” of what they can do. The distinction is actually arbitrary and unhelpful.

See also: Forget Authenticaion Read more

A positive review of Identity Silos

It’s not for nothing we call them “silos”: they’re strong, elegant, safe and under-appreciated!

Read more

Towards a uniform solution to identity theft

A high level comparison of all major two factor authentication solutions, with a close look at their vulnerability to phishing via the Man In The Middle attack.

Read more

A Practical Guide to Authentication for ICT Executives

Lockstep Consulting holds interactive workshops aimed at providing non-technology managers and executives with ‘everything they need to know’ about authentication, and equipping them to engage better with technologists.

Read more

Two factor authentication and second class citizens

An unfortunate side-effect of user-pays security could be the creation of two classes of Internet banking customer.

Read more

Making Sense of your Authentication Options

A sophisticated, business-focused framework for analysing authentication requirements. First published in the Quarterly Journal of the PricewaterhouseCoopers Cryptographic Centre of Excellence, October 2001. Reproduced with permission.

Read more

Current issues in the rollout of a National Authentication Framework

Early in the development of national authentication policy, and the struggle with PKI, this presentation to the 1998 Information Industry Outlook Conference provided an optimistic and innovative vision, involving communities of interest and digital credentials instead of a focus on personal identity.

Read more