VirtualLife: Secure Identity Management in Peer-to-Peer Systems Dan Bogdanov 1,2 and Ilja Livenson 1,3 1 University of Tartu, Liivi 2, 50409 Tartu, Estonia. 2 AS Cybernetica, Akadeemia tee 21, 12618 Tallinn, Estonia 3 NICPB, Akadeemia tee 23, 12618 Tallinn, Estonia db@ut.ee,ilja@kbfi.ee Summary. The popularity of virtual worlds and their increasing economic im- pact has created a situation where the value of trusted identification has risen substantially. We propose an identity management solution that provides the user with secure credentials and allows to decrease the required trust that the user must have towards the server running the virtual world. Additionally, the identity management system allows the virtual world to incorporate reputation information. This allows the “wisdom of the crowd” to provide more input to users about the reliability of a certain identity. We describe how to use these identities to provide secure services in the virtual world. These include secure communications, digital signatures and secure bindings to external services. Key words: identity management, virtual worlds, security, trust and reputation 1 Introduction Online virtual worlds are popular among users and organizations. Virtual environments like Second Life and Active Worlds are actively used by companies and organizations to promote their products and services[1]. Establishing a visible presence in such a world has become a marketing strategy. The users are interested in virtual worlds for the social interaction and entertainment possibilities. Building a virtual world to attract both users and service providers requires a strong technical framework and a well-defined focus. In our work we address the issue of identity verification and trusted service provi- sion. Most of the online worlds currently in active use put little effort on the identifica- tion of participants. This is a problem for anyone who has to trust the presented identity of their communication partner. One motivating example is a business transaction, where parties need to identify each other to enter an agreement. Another is a system that verifies the users’ age to restrict access to age-specific content or provides age information to communication partners. The last example can be extremely motivating for parents whose children engage in online chats. Also, if a user conducts a criminal act inside the virtual world, then it can be claimed that the responsibility lies on the virtual world provider, because it did not fully identify the user. Our contribution. We present a holistic solution to identity management and its applications in an online virtual world. We propose a way to handle the assignment