Researchers needs access to many, often distributed, resources. For this propose, many services support federated identity, which leverages the identity management solutions from a home institution to handle authentication and provide a basic set of profile information in the form of claims. In most cases, the home institution profile needs to be complemented with information from the research community, like for example group memberships. Also additional registries may need to to be consulted, e.g. to get specific identifiers like ORCID.
The combined set of information is then delivered at a service so it may allow the user in. Today this flow is typically facilitated by a community AAI, where a membership management component acts as the community registry and a proxy is used to collect and then redistribute the required profile information.
A new paradigm, Distributed Identity, tries to let user be in direct control of the profile information they share with services. Rather then letting others provide claims towards a service, the users collects claim themselves from various sources and independently provides these when so requested by services. The services can check the validity of these claims against a central verifiable claims registry.
This activity investigates the functional requirements for such a system by interviewing key stakeholders. Next it tries to create a proof of concept platform to test and validate the requirements. The intent is not to build up a Distributed Identity platform from the ground up, but to use an existing platform. However creation of certain bridging elements to handle protocol translation is assumed to be required as part of the activity.