What it does
IBM Identity Mixer is a cryptographic protocol suite for privacy-preserving authentication and transfer of certified attributes.
To understand what Identity Mixer does, it helps to take a closer look at traditional identity management solutions. Roughly, they can be divided in two categories. The first category requires an online issuer (sometimes also known as identity provider) that is actively involved each time the user authenticates to a verifier (also known as relying party). The issuer can certify only those attributes that the verifier explicitly requires, which is good for privacy, but the issuer becomes a privacy bottleneck in the system that can track all its users' transactions. Examples of solutions following this approach include OpenID, Facebook Connect, and the Security Assertion Markup Language (SAML).
The second category are solutions where, in a preceding step, the user obtains from the issuer a credential from which she can later derive, without further help from the issuer, the tokens required to authenticate to verifiers. While avoiding the above problem of an omniscient issuer, the drawback is that, using classical cryptography, users can be tracked across different verifiers through their public keys and/or certificates, and that usually the user must reveal her full identity with all of her attributes at each authentication. Example technologies in this category include X.509 client certificates as well as some existing government eID solutions.
Identity Mixer is a superior solution that offers the best of both worlds: Issuers do not have to be involved during authentication, but at the same time, users can selectively disclose only those attributes that are required by the verifier and can do so without being linkable across their transactions.
