• Skip to primary navigation
  • Skip to main content

Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

  • About
  • Services
  • Media Coverage
  • Podcast
  • Blog
  • Contact
  • Show Search
Hide Search

Asymmetric Data

Catalyst: Logic of Identity – Bob Blakley Chief Scientist IBM

Kaliya Young · July 15, 2005 · Leave a Comment

This is a summary of Bob Blakley’s talk at Burton Catalyst:
Opening – Sermon on Laws

Laws of Planetary Motion
Kim’s Laws what happens to Identity if you make stupid or subtle mistakes
Newtons Law – gravity
Why things happen
Introduction – Looking Back Digital Signatures
A while back we decided we needed non-repudiation and did digital signatures by issuing certificates.
We forgot to figure out why do signatures work in the real world.
So, we got how they worked wrong in the technical world.
Having signatures not work is bad looking forward having privacy not work is bad.
Body of Talk
Definition:
Identity is a collection of attributes by which a person or thing is generally recognized or known
Identity Relativity
The Identity of X according to Y: The set of attributes believed by Y to be true of X.
Axiom: Utility
An identity attribute has value if and only if knowing that attribute reduces risk for some party
Reducing one party’s risk often creates risks for other parties.
Consequence: Identification is Power
Identity allocates risk.The ability to create or eliminate a risk for another confers power over the other.
Axiom: Contention
Because identity claims allocate risks, they will be disputed.
Identity Attributes

  • Commercial Interest – Convenience
  • Government Interest – Security
  • Individual interest – Privacy

Definition
Privacy: is the ability to lie about yourself and get away with it.
Axiom: Subjectivity
People disagree about one anothers identity attributes
In general, there’s now easy way to tell who’s right and who’s wrong
Axiom: Temporality
The name that can be named is not enduring and unchanging name. All identity attributes change over time.

  • Prince -> symbol
  • Michael Jackson Black -> Plastified

Axiom: Obscurity
Identity attributes can be

  • what you know – you can lie
  • what you have – loose / leave
  • what you are – alter disguise

Axiom: Publicity
Identity attributes cannot be secret
By definition attributes aren’t observable can’t be used to use attributes
Axiom: Contextually
Identity is inherently subject to effect of scale.
Brandon Mayfield – guy who did not blow up trains
His finger print matched one at Madrid Bombing (it was not an accurate assertion)
Large databases -> not completely reliable
To scale identity information one needs to collect — more information
Consequence: Powerlessness
Identity is in they eye of the beholder – subjectivity.

  • You can’t control what other people think or say about you.
  • You can’t even know who knows what about you.
  • Can control what you tell people but not what people find out

Consequence: Privacy Erosion
Scale requires distinguishing between lots of individuals which requires lots of information.
In a sufficiently large population the commonly agreed to be public attributes will not distinguishing individuals well enough.
So information about sensitive attributes will be collected.
In the UK they are look at putting in scanners (QinetiQ) while entering the subway to detect knives but what about creep in the use of other things identifying tatoos?
People push back against government identification.

Consequence: Due Process
Because identity is subjective, contextually, contention and obscurity and temporality.
IDENTIFICATION REQUIRES DUE PROCESS
But due process undermines the business case for identity. Due process requires transparency. Transparency reveals how identity attributes are collected and synthesized to make judgment. Collection and Synthesis are the only sources of completive value.
They do it because they like costumer intimacy.
Supply and Demand mismatch between favorable and unfavorable information.
Favorable information is easy to get.
The subject is happy to give it to you and the subject is happy to help you authenticate it. Therefore the supply is large and the value is low. But it’s worse: Demand is also low! Because favorable information is less likely to reduce another party’s risk. Especially the case when the other party has lots of potential customers.
The business case fore identity service provider infringes privacy.
The business of identity service providers is risk reduction withholding adverse information decrease the value of business.
Collecting more adverse information makes more.
Identity and Privacy are Incompatible.
Adverse information has positive identity value but negative privacy value.
Favorable information has zero identity value and zero privacy value.
Fable about MARIA
Recent guatemalan immigration
she has AIDS and she doesn’t want anyone to know. The health insurance company wants to know this information because it is a $180,000 not to know this.

Catalyst: SSO Simple Secure and Open – Dick on Identity .20

Kaliya Young · July 15, 2005 · Leave a Comment

Dick – had a 580 slide deck done Lessig Style
This is a summary of his talk:
We found out about Dick’s Identity
We learned a about what Identity is
What I say about me
What other say about me (others trust this)
So,
identity=reputaiton
What others say about you
We learned about Identity Transactions:
Verbal in person (with visual cues)
Talk on phone (loss of visual cues)
Job Application (fill out form)
We learned about data verification using drivers licenses in the real world and how the process reduces Identity Friction.
Identity Transactions are Asymmetrical
There is separation of the acquisition and presentation of credential
The credential is reusable
Trust is social
What is digital identity?

Identity 1.0 Today

Today it is the hassel of filling out the same information again and again.
Basically today authentication is that you get to prove you are an entry in a directory entry. single authority on one credential – not portable – in silo.
Verified digital Identity is not what you give a site today.
e-bay -/-> Craigslist
We have walled gardens
Identity 2.0 is where the user can move it to any site.

Simple and open has a history of winning in new standards look at:

  • networking
  • e-mail
  • web – html

WHAT DOES IT LOOK LIKE?
Identity Credential exchange is transparent transaction that is scalable.
WHO WILL DRIVE THIS?
users? – to many user names and passwords

won’t pay – little influence

enterprise? – partners, contracts, agents

but risky to lead… can’t get there
Identity 1.5

e-government?

maybe

but localized

Banks?

motivated to solve
theoretical trust relationship

Identity Ecosystem will emerge where

users are loosely coupled
share user identity

We are in a new era

Webservices – Flickr, Mappr, SalesForce

Web 2.0 will drive identity 2.0

It will happen on the edge of the Internet (not the edge of the enterprise).

XRI/XDI no web-service apps

SXIP

name/value pairs
DIGS XML

The goal is to mimic photo ID
With Sxip Network

SXIP 1.0 has had a few tire kickers

SXORE Blog comment spam solution

SXIP 2.0 support web services
SXIP ACCESS
SSO – Simple Secure and Open

Jamie Lewis –
Q: So will this go into a STANDARDS PROCESS?
A: We are working on it. We want to get it very close to right then put it into standards body. I like IETF. Our goal is to be open

     Copyright © 2023 Identity Woman  evelurie.com/web design/develop     

  • Terms of Use
  • Privacy Policy
  • Sitemap
  • Contact