ClaimID

Last updated

ClaimID was a website that allowed users to create unique profiles that showed personal websites, profiles at other sites, and other biographical information. The goal of ClaimID was to help users collect and screen information created about them and by them on the web, to help them manage their online identity. [1]

Contents

History

ClaimID was founded by Terrell Russell and Fred Stutzman. [2] Both Stutzman and Russell were PhD students at University of North Carolina's Chapel Hill School of Information and Library Science when they began the company. [3] [4]

There was facility to create OpenID along with creating a new account on ClaimID. By October 2013 this was not working.

In August 2007, Peter Saint-Andre submitted an Internet-Draft draft to the IETF defining the MicroID spec. [5] MicroID was a deployed Internet standard designed for use as a lightweight, decentralized identity primitive in web applications and communities. [6]

The official HTML metatag was created:

<metaname="microid"content="mailto+http:sha1:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"/>

The ClaimID was deactivated in December 2013. [7] All member pages and authentication services as well as the main website were dismantled. Users can choose to use another OpenID provider, especially if previously having used authentication delegation. [8] Users can also extract their link collection [9] from an available web cache or web archive.

Importance

Both print and digital news outlets, including Businessweek , the San Francisco Chronicle , Reuters, New Scientist and Asian News International, described ClaimID as part of the online reputation management (ORM) movement.

Related Research Articles

In computer network engineering, an Internet Standard is a normative specification of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force (IETF). They allow interoperation of hardware and software from different sources which allows internets to function. As the Internet became global, Internet Standards became the lingua franca of worldwide communications.

<span class="mw-page-title-main">Kerberos (protocol)</span> Computer authentication protocol

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

<span class="mw-page-title-main">Liberty Alliance</span> Computer trade group

The Liberty Alliance Project was an organization formed in September 2001 to establish standards, guidelines and best practices for identity management in computer systems. It grew to more than 150 organizations, including technology vendors, consumer-facing companies, educational organizations and governments. It released frameworks for federation, identity assurance, an Identity Governance Framework, and Identity Web Services.

Email authentication, or validation, is a collection of techniques aimed at providing verifiable information about the origin of email messages by validating the domain ownership of any message transfer agents (MTA) who participated in transferring and possibly modifying a message.

A digital identity is data stored on computer systems relating to an individual, organization, application, or device. For individuals, it involves the collection of personal data that is essential for facilitating automated access to digital services, confirming one's identity on the internet, and allowing digital systems to manage interactions between different parties. It is a component of a person's social identity in the digital realm, often referred to as their online identity.

Internet identity (IID), also online identity, online personality, online persona or internet persona, is a social identity that an Internet user establishes in online communities and websites. It may also be an actively constructed presentation of oneself. Although some people choose to use their real names online, some Internet users prefer to be anonymous, identifying themselves by means of pseudonyms, which reveal varying amounts of personally identifiable information. An online identity may even be determined by a user's relationship to a certain social group they are a part of online. Some can be deceptive about their identity.

<span class="mw-page-title-main">OpenID</span> Open and decentralized authentication protocol standard

OpenID is an open standard and decentralized authentication protocol promoted by the non-profit OpenID Foundation. It allows users to be authenticated by co-operating sites using a third-party identity provider (IDP) service, eliminating the need for webmasters to provide their own ad hoc login systems, and allowing users to log in to multiple unrelated websites without having to have a separate identity and password for each. Users create accounts by selecting an OpenID identity provider, and then use those accounts to sign on to any website that accepts OpenID authentication. Several large organizations either issue or accept OpenIDs on their websites.

Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.

OAuth is an open standard for access delegation, commonly used as a way for internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Meta Platforms, Microsoft, and Twitter to permit users to share information about their accounts with third-party applications or websites.

<span class="mw-page-title-main">Information card</span> Personal digital identity for online use

An information card is a personal digital identity that people can use online, and the key component of an identity metasystem. Visually, each i-card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select one they want to use for any given interaction. The information card metaphor has been implemented by identity selectors like Windows CardSpace, DigitalMe or Higgins Identity Selector.

SPKAC is a format for sending a certificate signing request (CSR): it encodes a public key, that can be manipulated using OpenSSL. It is created using the little documented HTML keygen element inside a number of Netscape compatible browsers.

Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) using the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238.

<span class="mw-page-title-main">Microsoft account</span> User account required for Microsoft-owned services

A Microsoft account or MSA is a single sign-on personal user account for Microsoft customers to log in to consumer Microsoft services, devices running on one of Microsoft's current operating systems, and Microsoft application software.

User-Managed Access (UMA) is an OAuth-based access management protocol standard for party-to-party authorization. Version 1.0 of the standard was approved by the Kantara Initiative on March 23, 2015.

<span class="mw-page-title-main">FIDO Alliance</span> Industry consortium working on authentication mechanisms

The FIDOAlliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords". FIDO addresses the lack of interoperability among devices that use strong authentication and reduces the problems users face creating and remembering multiple usernames and passwords.

JSON Web Token is a proposed Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed either using a private secret or a public/private key.

Token Binding is a proposed standard for a Transport Layer Security (TLS) extension that aims to increase TLS security by using cryptographic certificates on both ends of the TLS connection. Current practice often depends on bearer tokens, which may be lost or stolen. Bearer tokens are also vulnerable to man-in-the-middle attacks or replay attacks. In contrast, bound tokens are established by a user agent that generates a private-public key pair per target server, providing the public key to the server, and thereafter proving possession of the corresponding private key on every TLS connection to the server.

References

  1. "The Times & The Sunday Times".[ dead link ]
  2. "How to protect yourself from 'cyberspite'". Yahoo! India News. May 22, 2008. Archived from the original on October 13, 2008.
  3. Russell, Terrell; Stutzman, Frederic (2008-10-24). "Self-representation of online identity in collected hyperlinks". Proceedings of the American Society for Information Science and Technology. 44: 1–4. doi: 10.1002/meet.1450440375 .
  4. Morgan, Fiona (2007-02-28). "Fred Stutzman: Techie, researcher and co-founder of ClaimID".
  5. "MicroID submitted as IETF Internet Draft".
  6. "MicroID considered harmful (to privacy)" (PDF). 2008-06-20. Archived from the original (PDF) on 2016-03-04. Retrieved 2015-01-14.{{cite journal}}: Cite journal requires |journal= (help)
  7. "ClaimID.com" . Retrieved 12 December 2013. After 7 years, 6 months, and 20 days of service, ClaimID has ceased operations.
  8. "OpenID Authentication 1.1 specification, 3.1.1. Delegating Authentication" . Retrieved 14 December 2013.
  9. Purra, Joel. "ClaimID.com dump data and link extraction" . Retrieved 14 December 2013.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.