| Virtual person Abstract object |
Definition
A Virtual person has a Virtual Identity, similarly to a real person having a known identity. A virtual identity is often known as a "pseudo" or a "nickname". By extension, e-mail addresses exist corresponding to a pseudo or a nickname. The "Virtual person" abstract object is a tentative to define a conceptual framework allowing handling identification, authentication, authorization and control for virtual identities. Over internet more and more persons uses virtual identities for security reasons, privacy protection and interest driven management.
The following figure draws some examples, considering interest in:
- Business activity
- Entertainment
- Sport
SADT syntax
- Controls: (C1, C2, C3) constraint supported by a real person
- Mechanisms: (M1,M2, ....Mi) virtual persons behind virtual identities
- Outputs: (S1,S2,...Si or O1,O2,...Oi)here internet activity
- Inputs: here no inputs (created by entity)
Usage
Obviously you can't conduct business activities using an e-mail like "masterOfTheRing@funny.com", and you will have troubles participating in a game with a role base address like "financial.manager@bank.com". In addition, if you are a children or a teenager it is not recommended you display your real name in your e-mail address like "FirstName.LastName@example.com", instead they will probably use "horseRider@teen.org" . When receiving mails, you probably want to separate those from your sport team and those from your clients, some are read during work activity and others at home. That is, with the development of personal activities over Internet, there is a need to manage virtual identities to adapt to different rules and different agenda.
It should be noted that in many cases it is not necessary for the service provider to have knowledge of the real identity behind the virtual identity, knowing few elements like age may be enough. In addition, collecting detailed elements about real identity raise necessary provisions and are at risk in term of law and in term of identity steal.
Identification & Authentication
The need for Identification of a virtual person is to have:
- A known identifier
- Continuity of the identifier over the time needed to complete a transaction
- Possibility to attach Attributes to the identifier
When an identifier exists, it is possible to attach credentials to recognize the continuity of the virtual identity among successive login.
openOSI solution
openOSI builds an identifier with a confirmed e-mail address, publish an activation and a termination in a public directory, with possibility to attach attributes.
openOSI attach cryptographic elements to the virtual identity (X509 private and public key), and
publish the public certificate corresponding to a private key binded to the virtual identity. This allow for further authentication, digital signing and encryption.
See the openOSI policy for persons participating in this solution:
Responsibility
It is the responsibility of the real person to assert actions of all the controlled virtual identities. See also:
- Legal Matters oid:1.3.6.1.4.1.27630.1.0.9
- Financial Responsibility ([1.3.6.1.4.1.27630.1.0.9.2] DESC 'responsibility' )
- Confidentiality of Business Information ([1.3.6.1.4.1.27630.1.0.9.3] DESC 'confidentiality' )
- Privacy of Personal Information ([1.3.6.1.4.1.27630.1.0.9.4] DESC 'privacy' )
- Intellectual Property Rights ([1.3.6.1.4.1.27630.1.0.9.5] DESC 'ipr' )
- Representations and Warranties ([1.3.6.1.4.1.27630.1.0.9.6] DESC 'warranties' )
- Disclaimers of Warranties ([1.3.6.1.4.1.27630.1.0.9.7] DESC 'disclaimer' )
- Limitations of Liability ([1.3.6.1.4.1.27630.1.0.9.8] DESC 'liability' )
- Indemnities ([1.3.6.1.4.1.27630.1.0.9.9] DESC 'indemnities' )
- Term and Termination ([1.3.6.1.4.1.27630.1.0.9.10] DESC 'term' )
- Governing Law ([1.3.6.1.4.1.27630.1.0.9.14] DESC 'law' )
- Compliance with Applicable Law ([1.3.6.1.4.1.27630.1.0.9.15] DESC 'lawcompliance' )
