Intentional Modeling to Support Identity Management

Identity management has arisen as a major and urgent challenge for internet-based communications and information services. Internet services involve complex networks of relationships among users and providers – human and automated – acting in many different capacities under interconnected and dynamic contexts. There is a pressing need for frameworks and models to support the analysis and design of complex social relationships and identities in order to ensure the effective use of existing protection technologies and control mechanisms. Systematic methods are needed to guide the design, operation, administration, and maintenance of internet services, in order to address complex issues of security, privacy, trust and risk, as well as interactions in functionality. All of these rely on sophisticated concepts for identity and techniques for identity management.We propose using a requirements modeling framework GRL to facilitate identity management for Internet Services. Using this modeling approach, we are able to represent different types of identities, social dependencies between identity users and owners, service users and providers, and third party mediators. We may also analyze the strategic rationales of business players/stakeholders in the context of identity management. This modeling approach will help identity management technology vendors to provide customizable solutions, user organizations to form integrated identity management solution, system operators and administrators to accommodate changes, and policy auditors to enforce information protection principles, e.g., Fair Information Practice Principles.