The Research: 20 Sources that are related to the Problem
Search Strategy
Since there are a wealth of databases and plenty open search options available on the Internet and in published physical books at the library and in digital formats, the search strategy must stay focused on the subject and what type of research will most explain and benefit the problem area and system. The search strategy is focused on identifying the governing boards and process by which the Internet is designed and maintained, as well as what official process is documented and provide valuable technology reference for what can be used to solve the problem, as well as any progress towards the solution or previous attempts made by others. The research should not just be several sources that support the fact that digital identification and standard profiles are necessary or to point out the flaws in the Internet’s design, but also to clearly outline the process to solve the problem. Historical reviews on how the Internet came to be and how its managed is not in the scope of the research because it already exists and is in operation across the world and retroactive research is not necessary. The search for official and supportive research is not limited to a single database, institution’s library, or agency and therefore, the research will consist of a blend of official, commercialized products or solutions, proof of the problem, and the process to present changes to official governing boards.
The literature review is not conducted to further understand the problem because the problem has not been officially published by any other author and there is no published research to prove this fact, other than to share that extensive research has been conducted regarding the problem and no official or unofficial journal, articles, or solutions exist, other than what is presented here in the literature review. The term “literature” must be clarified and adapted for this project and considered a general term meaning ‘writings and ‘information’ either in paper or digital form. Each reference, or literature that is used as a source follows APA standards for the type of research: Internet Article, Journal, Book, Movie, and Government Document, of which many non-collegiates are not privy to, just as collegiate readers would be forced to read the APA manual to know the type of reference source, therefore the research will be described for each source used.
References
- The Internet Architecture Board convenes workshops of specialists, initiates, and executes specific work programs, and writes documents that lead to comprehensive technical analyses of matters of interest. While its work may influence the industry broadly, the IAB does not operate from a grand-architecture blueprint of, or vision for, the Internet. Rather, the IAB’s efforts are guided by fundamental design principles—the Internet’s building blocks and their interactions—that make the global open Internet what it is.
The Internet Architecture Board, Overview About, accessed via the Internet at
https://www.iab.org/about/iab-overview/ on May 28, 2022 - The Internet Engineering Steering Group administers the process according to the rules and procedures that have been ratified by the Internet Society trustees [RFC 2026]. It is directly responsible for the actions associated with entry into and movement along the Internet “standards track,” including final approval of specifications as Internet Standards.
The Internet Engineering Steering Group, About, accessed via the Internet at
https://www.ietf.org/about/groups/iesg// on May 28, 2022 - The Internet Society supports and promotes the development of the Internet as a global technical infrastructure, a resource to enrich people’s lives, and a force for good in society. It has identified three areas of focus: Building and supporting the communities that make the Internet work; advancing the development and application of Internet infrastructure, technologies, and open standards; and advocating for policy that is consistent with our view of the Internet
Internet Society accessed via the Internet at https://www.internetsociety.org/mission/ on
May 28, 2022 - The National Aeronautics and Space Administration (NASA) is America’s civil space program and the global leader in space exploration. NASA is included with a podcast reference called “The Mystery of the Moon” because the Moon and Space is a vast part of the Universe with Communication Systems launched from the land all the way to what we consider the top of the Universe. Satellites enable communications across the world, as does the Internet. Although NASA does not own Google Earth’s technology, it uses it and the Internet, when fully integrated and better organized can provide a better structure and purpose for and by which we use the Internet and Integrated Software Systems.
National Aeronautics and Space Administration (NASA) accessed via the Internet at
http://www.nasa.org on May 28, 2022; the podcast “Mysteries of the Moon” is accessible using
Google Podcast player at
https://podcasts.google.com and is used to metaphorically describe the first scientific observation, the invention and advancement of things that allow us to take a closer look, and to see how earth and our understanding is transformed – “most of what we know, we’ve learned from information.” - The book, Passages: Predictable Crisis of Adult Life, by Gail Sheehy is a short story about life’s stages, crisis, growth, regression, milestones, and expectations from a human life perspective. It refers to challenges that aging presents and is compared to the Internet and how identity management also changes, and systems grow or regress, as well as potentially suffer from similar human problems in aging. It’s used as a reference to the digital identity management system and referenceable to the Internet’s design as a whole because perhaps when we set out on a course to share information across the world and create change, we had one idea and way of doing so in mind, and it grew into something where now, we reconsider its design and restructure it – just like a human would after its reached a maturity milestone, learned a life lesson, and felt the pressures of the self, others, societies, and the entire world.
Sheehy, G. (1984), Passages: Predictable Crisis of Adult Life, Random House Publishing Group - The 1995, American action film, “The Net,” starring Sandra Bullock who plays the character Angela Bennet, a systems analyst chased by thieves and put into the hospital for three days. She wakes up to find a diskette missing, as well as any evidence of her existence, including the memory of her by her neighbors. It’s a tale of the purposeful chase and accidental release of programs containing information and viruses, leading to government suicide, death, and injury to professionals on the project.
Winkler, I. (1995). The Net [Film]. Columbia Pictures - Profiling, defined by Oxford Languages: the recording and analysis of a person’s psychological and behavioral characteristics, so as to assess or predict their capabilities in a certain sphere or to assist in identifying a particular subgroup of people.
“we put everyone through psychometric profiling”
Oxford Languages Definition: Profiling, accessible via the Internet at http://www.google.com,
Google Word Search: Profiling, Oxford Definition accessed on May 28, 2022 - The National Institute of Standards and Technology’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST Special Publication 800-63-3 Digital Identity Guidelines provide technical requirements for federal agencies implementing digital identity services and are not intended to constrain the development or use of standards outside of this purpose. The guidelines cover identity proofing and authentication of users (such as employees, contractors, or private individuals) interacting with government IT systems over open networks. They define technical requirements in each of the areas of identity proofing, registration, authenticators, management processes, authentication protocols, federation, and related assertions. The three AALs define the subsets of options agencies can select based on their risk profile and the potential harm caused by an attacker taking control of an authenticator and accessing agencies’ systems. The three-level risk approach is like the protection of classified information, with different procedural protections and consequences.
National Institute of Standards and Technology Special Publication 800-63-3 Natl. Inst. Stand.
Technol. Spec. Publ. 800-63-3, 75 pages (June 2017) CODEN: NSPUE2 accessed via the
Internet at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf on May
28, 2022 - Multi-factor authentication, Who Has It and How to Set It Up, is an article listing many of the common large sites that allow multi-factor or two factor authentication. It explains what it is and how secure it makes online accounts, but it does not cover a single sign on solution or discuss integrated services for all accounts on a main or multiple devices. It reports that there are two or three authentication factors: 1) your password; 2) your device, and 3) fingerprint, categorized by something you know, something you are, and something you have. Users still have somewhat standardized customizable security options within applications.
Griffith, E., Multi-Factor Authentication: Who Has It and How to Set It Up (2022) accessed via the
Internet at https://www.pcmag.com/how-to/multi-factor-authentication-2fa-who-has-it-and-how-
to-set-it-up on May 28, 2022 - It’s important to understand the difference between single sign-on and password vaulting or password managers, which are sometimes referred to as SSO which can mean Same Sign-on not Single Sign-on. With password vaulting, you may have the same username and password, but they need to be entered each time you move to a different application or website. The password vaulting system is simply storing your credentials for all the different applications and inserting them when necessary. There is no trust relationship set up between the applications and the password vaulting system. With SSO, meaning Single Sign-On, after you’re logged in via the SSO solution, you can access all company-approved applications and websites without having to log in again. That includes cloud applications as well as on-prem applications, often available through an SSO portal (also called a login portal).
How Does Single Sign-On Work? Identity and Access Management 101, by One Login, accessed
via the Internet at https://www.onelogin.com/learn/how-single-sign-on-works on May 28, 2022 - Connecting internet applications and sharing information requires some form of secure programming middleware to send, receive, match, and update or change data; the functionality exists, but is individualized on each ‘site’ or ‘account.’ The Application Programming Interfaces for Modern Commerce seems to be the technology used to connect two or more systems, which enables the most efficient use of data, but its current protocols or requirements are that one must be designed and programmed without a standard customizable API – the APIs are developed after accounts are setup, meaning there is still much duplication of data that serves or is designed for multiple uses, such as personal details. Those who offer API’s, such as Amazon, Google, and others suggest that APIs can be built and offer the tools to do so, but there is no technical direction that tells developers of commerce systems the protocols and process by which an API is to be used, meaning there is technology, but no directive, and this means individual software companies can create integrated systems, but not customizable, generalized API systems as a development standard. Without an API, Goetsch suggests you’d be left to directly query databases and per‐ form other tricks that expose the caller to too many of the implementation details of the application you’re calling. In the suggested design to create a ‘dashboard-like’ integrated system with summary levels, detail, and is fully connected to all systems as one management application, an Application Programming Interface idea is used, but does not actually ‘call’ internet sites, nor does it ‘query’ databases. It’s new design, which has yet to be written uses different terminology.
Application Programming Interfaces (API) for Modern Commerce, Goestch, K., (2018), O’Reilly
Media, accessed via the Internet at https://commercetools.com/ on May 28, 2022 - Application Integration is the terminology used to connect two applications together for information sharing. Advanced integration allows for change management policies between the two for data consistency and accuracy. When a third layer is added on top of the integration applications, a new application is created where data is sourced from the integration. It’s a complex layered system of data gathering, programming, and calculations to offer various levels of view best for data viewing and management purposes. This type of approach enables more than one application to provide input to a master application, but each integrated application must be designed, developed, and created in a special format for optimum data use and protection, therefore there are many components to application integration and not just data. Informatica offers a partially acceptable definition: Application integration is the effort to create interoperability and to address data quality problems introduced by new applications. It is not only data quality, but management, process, policy, use, accessibility, and standardization in third party or layered applications where one system is dependent upon another.
Informatica: What is Application Integration? Accessed via the Internet at
https://www.informatica.com/services-and-training/glossary-of-terms/application-integration-
definition.html on May 28, 2022 - The Google Password Manager in the Google Account Help provides an area to manage account passwords. This is only password management, but it provides a list of accounts where login and passwords are used, with the associated email account. This solves part of the account management problem of not knowing what accounts exist in your name and email and where to update, change, or use them. Google also has a profile manager that allows sharing, via contacts and other means, but does not automatically complete new account setups on individual internet sites.
Google, Inc., Help Center, Manage Your Accounts, accessed via the Internet at
https://support.google.com/accounts/answer/6208650?hl=en on May 29, 2022 - A case study conducted by Google with Pinterest, a leading photo sharing social media application, showed Pinterest users are 2X more likely to use Google One Tap vs. multi-step sign in options, New user sign-up, 47% increase in Sign Ups (Web/Mobile Web) and 126% increase in Sign Ups (Android), Returning user sign-in 16% increase in Sign Ins (Web/Mobile Web), 34% increase in Sign Ins (Android). Pinterest uses the Sign in with Google button across its mobile and web platforms and has subsequently also implemented Google One Tap on Android, Web, and Mobile Web. Specifically, Pinterest migrated from the previous solution to the new suite of products called Google Identity Services, which includes the new One Tap module, because it enables Pinterest users to access their accounts and saved content with a single click, instead of being sent through a multi-step sign in process.
Google, Inc., Google Sign In & Pinterest, Case Study (2021) accessed via the Internet at
https://developers.google.com/identity/sign-in/case-studies/pinterest on May 29, 2022 - Integrating and mapping identity providers is time-consuming and can be painful. With an IAM solution, these integrations are already built and provided. An IAM should also offer SDKs for popular development stacks, further reducing additional coding needed to integrate the authentication system. A company’s engineering team can focus on configuration rather than coding and customizing. Increased security: Storing data with a third-party identity management solution strengthens security. IAM solutions adhere to security compliance policies and certifications. A solution takes on the responsibilities of keeping user data stored and transported securely. In addition, an IAM solution provides federated identity so that users don’t engage in bad practices like reusing the same password to avoid having to remember multiple login credentials. While Auth0 works wonderfully with the basics, it does not offer profile sharing, or a master profile management account system, meaning the login and password can be created, but some Internet sites still require profile setup, even though users have already created them in many other places.
Auth0.com, Build vs. Buy: Guide to Evaluating Identity Management, accessed via the Internet at
https://auth0.com/resources/whitepapers/build-vs-buy-evaluating-identity-management/ on May
29, 2022 - The mission of the IETF is to produce high quality, relevant technical and engineering documents that influence the way people design, use, and manage the Internet in such a way as to make the Internet work better. These documents include protocol standards, best current practices, and informational documents of various kinds.
Internet Engineering Task Force (IETF), Mission, accessed via the Internet at https://www.rfc-
editor.org/rfc/rfc3935.html on May 29, 2022 - One to Many (Single and Multi) Database Designs work in single applications on-site or Internet Applications. They are not used by all organizations, many waiting to move to cloud-based systems. First the migration to Internet Applications takes place, tested, and areas identified not just for security issues, but connection failures. Changing the understanding and direction of developers and leaders requires them to understand it is no longer the “Internet Connectivity” focus, but now data management and standardization in process, which leads to Integration and reduction of duplication through sharing. It is a national and global level using a “One to Many” design approach, with all systems integrated that offer several levels of detail when summarized, calculated, and used together in the most efficient way.
Savvy Smart Solutions, LLC, Cloud Based Systems using a Database Design Approach for Internet
Application and Data Integration Management accessed via the Internet at
https://www.savvysmartsolutions.com on May 29, 2022 - Cloud Based Architecture with Auth02 Framework
- Moving to the Cloud opens companies up to data exposure, security and compliance violations and other threats –This is why visibility and control are vital for governing access to cloud resources. Three cloud governance best practices that help strengthen your cloud infrastructure: Gain visibility across your cloud infrastructure, Manage federated access, Tighten Identity Governance. Reasons for moving to the Cloud are to work with more efficient distributed automated systems – for better integration, away from individual non-connected software systems. It’s not because of data insecurity, vulnerability, threats, or breaches that require movement to Cloud Based Systems, but to prompt integration and interoperability for maximization of data use to improve experience and increase efficiency. This reference offers a very negative introduction to the Cloud.
Sailpoint: Best Practices for Cloud Governance, accessed via the Internet at
https://www.sailpoint.com/identity-library/best-practices-for-identity-governance-in-multi-
cloud-environment on May 29, 2022 - Microsoft, Inc.’s LiveMail offers profile, account management, and special features for gaming, online spending, family management including game spending, events, to-do lists, and quick access to email and calendaring. Google, Inc. has a comparable system, with more in-depth ability to manage bookmarks, accounts, contacts, calendars, and access to third party applications using Single Sign On or Google’s One Tap feature. Both companies offer Cloud Software Solutions for spreadsheets, presentations, and word processing, along with developer tools for major systems. Both companies offer solutions and customers select one or the other as their primary system provider, with some using both. While both software providers advance, both are still very much behind in Integration, and there is no technical specification or article that discusses the missing elements that provide an overall online account management solution or ‘software’ and online system portfolio for best management and efficient sharing beyond what people understand as sharing status, photographs, location, and their basic name, email, and phone number. Microsoft 365 vs Google Workspace: Which productivity suite is best for your business?
ZDNet.com, Part of a ZDNET Special Feature: The Future of Work: Tools and Strategies for the
Digital Workplace, accessed via the Internet at https://www.zdnet.com/article/office-365-vs-g-
suite-which-productivity-suite-is-best-for-your-business/ on May 29, 2022