• Skip to primary navigation
  • Skip to main content

Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

  • About
  • Services
  • Media Coverage
  • Podcast
  • Blog
  • Contact
  • Show Search
Hide Search

Identity

Being “Real” about Hyperledger Indy & Aries / Anoncreds

Kaliya Young · September 7, 2022 ·

Executive Summary

This article surfaces a synthesis of challenges / concerns about Hyperledger Indy & Aries / Anoncreds, the most marketed Self-Sovereign Identity technical stack. It is aimed to provide both business and technical decision makers a better understanding of the real technical issues and related business risks of Hyperledger Indy & Aries / Anoncreds, which have not been shared and discussed openly or publicly as the author believes need to be.

Who I am

My name is Kaliya Young. You may know me as the Identity Woman. I have been working on user-centric identity and most recently Self-Sovereign Identity standards for the past 20 years. Something fun has started to happen in recent years at identity events, more people who don’t know me are asking me if I have heard of or been to the Internet Identity Workshop (IIW), the landmark community forum for identity standard development I co-founded 17 years ago and still co-lead today. 

As someone who didn’t come from a technical background and doesn’t write code, I have made tremendous efforts to reach where I am today, able to explain technology accurately and facilitate deep technical discussions and collaborations. For years, I have participated in technical sessions and engaged myself in all types of forums in technical communities building user-centric identity to learn about technical details and ask questions.

I have exerted determination and persistence throughout my career, because I deeply care about what I do, and I feel that I owe it to those who have helped me become a community leader to do what I believe is right. They don’t always share the same views with me but they believe in my genuine intention and my capability to provide unique value to this emerging area of technology. I have deep respect for all of them and others who have been working diligently to make user-centric identity a reality, many of whom helped shape the narratives of this article when they knew they might be affected by its release.  

Here, I thank all of you who helped me capture the technical details in a truthful manner in this article, and my business partner, Lucy Yang, who supported me in making the difficult decision to write it and helped review and edit it. 

How Open Standards Get to Market 

Open standards are developed by a large technical community of people who see the need to lay some foundational ground of how to do a particular thing (If you are not familiar with open standards, here is a podcast that may be helpful). Due to the scale of efforts and influence, it always takes time for open standards to emerge, evolve and mature. A mature standard needs to go through multiple versions of iteration spanning across at least a decade or even more. During this time, you see a community of business and technical developers, normally a growing one, implementing and marketing a standard in many different ways and then feeding their experience back to the standard group in order to shape the next generation of the standard for the better. 

Self-Sovereign Identity (SSI) has just been through its first six years of early exploration, during which we see several paths of technology implementation emerge, co-opetition (cooperation between commercial competitors for their mutual advantage) happens, and convergence takes place in time. The W3C Verifiable Credentials (VCs) standard is a good example with the existence of different flavors of VCs (You can find more about the VC flavors in this article I wrote and the associated infographic I developed with Lucy). 

If you are a business decision maker looking into SSI, you may wonder if these technical choices matter, especially when the standards are at their early stages. The answer is yes, because all these implementation experiences are going to influence where the standard goes in the future. When a poor technology choice today later becomes a part of a standard, it will have a pervasively negative impact on all of us. It is essential for the pioneers of an industry to make choices to implement and explore possibilities as well as conduct honest critical evaluation of those choices as they meet the real world, so that the next generation of standards can take this into account as they evolve.

I have encountered business leaders who believe in the absolute power of market forces, thus making business decisions without knowing enough or at all about technical details, as well as technical leaders who see market dominance as the solution to a troubled path. While it is true that the market in general rewards whatever is marketed the best, not necessarily built the best, it is also true that critiques for and against different options is an important part of how a market should function, because many want to avoid another market success like the browser cookies, which has turned out to be a “disaster” for netizens.

I believe that those who picked early and explored a pathway on the landscape of potential should all be applauded – it takes a lot of courage to heavily invest in an implementation path at the very early stage of standard development. If the path doesn’t turn out well, it will have a significant impact on the business(es) of those who make significant early investments, especially if they need to abandon most of what they have built. The decision to pivot the technology becomes even more difficult if one has a relatively sizable business, a client and partner base relying on their technology, a group of early investors, and a market leader reputation to maintain. Because of that, it is almost understandable why some want to hold on tight to a problematic path even when they are aware of the issues with their technology stack. And it is with this understanding and respect for all early adopters / implementers that I am writing this article about Hyperledger Indy & Aries / Anoncreds, which so far has been the most-marketed SSI technical stack but not built as well as marketed nor the best one in the market.

Being “Real” about Hyperledger Indy & Aries / AnonCreds 

Hyperledger Indy and Aries are two open source projects at the Hyperledger Foundation, a sub-organization of the Linux Foundation. Together with Hyperledger Ursa, the three projects form the core blockchain-based SSI stack at Hyperledger. Aries and Ursa initially originated from Indy, but later became separate projects focusing on different technical aspects:

  • Indy is a combination of Indy SDK (crypto and ledger communication library) and Indy Node (the ledger implementation code). The Indy blockchain holds the credential schemas and Decentralized Identifiers (DIDs) of issuers and potentially governance registry listings. 
  • Aries is the code for agent applications that all actors in the identity ecosystem can use – issuers, holders and verifiers. This code writes to Indy ledgers and facilitates data exchange, making Indy and Aries a couple tightly implemented together. 
  • Ursa is the cryptographic library used by Indy and Aries. 
  • Anoncreds (ZKP-CL) is a low-level protocol for data exchange that defines data model (VC flavor) and interaction workflows that Indy and Aries use.

I am going to surface a synthesis of challenges / concerns about Hyperledger Indy & Aries / Anoncreds that many have found and brought to my attention. These concerns have existed for some time and have caused friction internal to the community without much public knowledge of them. As SSI is becoming more widely considered by governments, businesses and others around the world, I feel the professional responsibility to raise these lesser-known issues of the most marketed technical SSI option and say them out loud. It is important for anyone considering Hyperledger Indy & Aries / Anoncreds to know and understand these issues and their related business risks before making their decisions. 

1. LACK OF STANDARDIZATION AND WEAK STANDARD ALIGNMENT

•  No well-documented and agreed-upon specification

Open source code and open standard are two different things. Open standards define a recipe that allow people to implement the same thing in different ways, whether open source or not. By following the same recipe, we ensure some very basic interoperability across software / internet applications, for example, we can send emails from Gmail to Outlook. This interoperability is very important for identity credentials, as we need to use them pretty much everywhere. 

Indy / Aries have only been open source code bases that didn’t go through a standardization process to have a well-documented and agreed-upon specification. Those who don’t want to use the code bases can implement what they think the recipe is at their own risk, creating potential interoperability and other challenges down the road. And there is no specification for the Anoncreds format (implemented in the Indy code base now) that could be used to test different implementations, and there is no alternative implementation of Anoncreds to Indy. One can use wrappers to implement the Indy code into another programming language, but this is most likely going to cause memory management and error handling issues, making it hard to build stable software.

Due to market pressure, the Indy / Aries community recently started the standardization process for Anoncreds, years behind other credential formats that have already been engaged in standardization for years.

• Anoncreds (ZKP-CL) not aligning with the core W3C VC Data Model 

The core VC data model uses JWT or JSON-LD data formats, both leveraging the material in the credentials themselves and not needing to pull down a schema from a ledger for verifications. 

Anoncreds, which doesn’t use any standard data representation technology or VC data model(s), has its own format called ZKP-CL. The schema of this format is built using a JSON structure, but unlike the VC formats mentioned above, when a credential is created using ZKP-CL, the issuer must create a credential schema and write it to an (Indy) ledger for the credentials conforming to that schema to be verifiable. As a result, the verifiers have to get the schemas for the particular credential from the ledger and use that in the calculation to understand the veracity of the credential, making computation more intensive.

The discussion of Anoncreds 2.0 has been underway for several years, including a version of Anoncreds that uses BBS signatures, providing it some potential for adopting different VC data models. However, the progress on this effort has been extremely slow, and this effort will essentially mean reinventing the entirety of Anoncreds stack (Indy SDK and Node). 

2. LACK OF TECHNICAL RIGOR

• An old, less performant signature algorithm that is not suitable for a new product

Indy & Aries / Anoncreds is using a signature algorithm called the Camenisch-Lysyanskaya (CL) signature, based on the work by Jan Camenisch and Anna Lysyanskaya published in 2001-2004. CL-signatures uses 2048-bit keys based on RSA cryptography, which is actively being phased out, deprecated, and marked as “legacy” algorithms in some contexts. It is questionable to put it into new technical deployments that are at the beginning of their lifecycle. 

CL-signatures, slower and less performant than its modern alternatives, can lead to a set of trade offs that create security issues. For example, key sizes have to be larger to ensure security, requiring more bandwidth to transmit keys around. The larger key sizes also cause slow validation / transaction time (up to 7 seconds for a validation and approximately 30 seconds for credential definition generation when a new issuer is provisioned). The computing requirements also result in the need for powerful user devices for wallets, which means only users with powerful enough mobile devices can use the technology.

Furthermore, CL-signatures are too special to be supported by mainstream secure enclaves and secure elements. As a result, there is no way to protect the cryptographic key material used for holder binding in hardware. That means protection against credential theft and impersonation is software-based only, which is not sufficient for substantial and high assurance use cases. For example, any legitimate user can extract their COVID credential along with its cryptographic commitment to the wallet (link secret) from their phone and sell it on the Internet, meaning potentially millions of users could present a false credential. Given the unlinkability of Anoncreds, it would be impossible to determine which credential was sold – so it cannot be revoked to stop the fraud. 

Reputable government agencies such as NIST (US National Institute for Standards in Technology) and BSI (German Federal Office for Information Security) have never approved CL-signatures for government use, an indication that many government projects won’t be able to adopt Anoncreds in its current form, which has a dependency on CL-signatures. 

• No proper review and audit of the CL-signatures algorithm implementation

It can take years for new cryptographic curves and primitives coming out of academic work / paper to be ready for scaled deployment in real-world environments. Products that leverage cryptography, in order to ensure safe deployment, normally have a particular life cycle development pathway involving massive testing and vetting by experts.

When Hyperledger accepted the proposed Indy implementation as a donation, the CL-signatures was not battle tested to the same degree as more commonly used cryptographic schemes such as Ed25519 in TLS to secure the Internet or secp256k1 to secure billions of dollars of assets on Bitcoin and Ethereum. There were a significant number of steps missing, including an audit and peer review by cryptographic expert communities. For example, the Internet Engineering Task Force (IETF), a major standard organization for technical standards that make up the Internet protocol suite, delegates its cryptographic audit and review to IRTF Crypto Forum Research Group (CFRG). 

Rigorous testing is particularly important for implementation of cryptographic products since most often cryptographic issues emerge from the actual libraries / code bases of cryptographic operations which expose unsafety and vulnerability, rather than the cryptography itself.

• Miscommunication and overhype about link secrets and their role in subject-holder binding

Indy & Aries / Anoncreds implemented an “innovative” idea that embeds a “link secret”, a long number (same for every credential issued into a wallet), within another long number (different for every credential issued into the wallet). This has been communicated as the secret sauce that one implements Anoncreds can use to prove credentials in the same wallet are issued to the same person. This is not only an inaccurate depiction of the capability of the technology stack (as explained in an earlier point regarding CL-signatures) but also a miscommunication of the value of link secrets. 

As a matter of fact, link secrets can only ensure that two credentials share a common secret value. One could have two people use the same wallet to collect different credentials, or create a link secret that is in two different wallets and present attributes of credentials from both wallets. In these scenarios, verifiers won’t be able to know if the credentials in the same wallet are issued to the same person. Therefore, even though link secrets can provide value, it is important we have an accurate understanding of its value and don’t rely on/communicate the mechanism for assurances it can’t provide. 

This communication gap creates expectations and misplaced assumptions that could lead to significant security issues. An IEEE paper in 2019 explained it in more depth.

3. SERIOUS TECHNICAL, SCALABILITY AND GOVERNANCE ISSUES

• Indy & Aries / Anoncreds was constructed in a way that limited cryptographic agility or “upgradeability” or maintainability or extensibility or portability

Cryptography in large-scale applications has grown progressively more modular over the last decade or so, making it possible for a specification and technology stack to swap out the old algorithm for a new one. 

However, Indy was designed to conflate data representation with the cryptographic algorithmic implementation, making it cryptographically fragile – when the algorithms are cracked, the whole stack breaks. There is no “next algorithm” to migrate to relative to the same data structure. This means that when it does break, the whole stack needs to be re-built from scratch. 

Therefore, it is a normative best practice to use cryptographic signatures around data in a way that does not conflate a data representation with the cryptographic algorithms. Some well-specified options include Data Integrity (DI), CBOR Object Signing and Encryption (COSE), and Javascript Object Signing and Encryption (JOSE).

• Indy is not able to support large-scale issuance, verification and revocation

Indy was originally built to be single-threaded so that it could support a native token for in-network economics that required double-spend proofing. However, this significantly impacted Indy wallets’ ability to support large-scale implementations. Some implementers validated this scalability issue through their own experience, for example, using the Indy SDK to issue a bit over 18,000 credentials, which ended up taking four hours. One can potentially improve the situation by implementing Aries Askar, which is a standalone solution not pluggable into the Indy SDK.

On the verification side, if 1000 people log into a website at the same time, the verification speed will be very slow and cost prohibitively high. When looking at high scale applications such as the New York COVID certificate application which needed to support millions of verifications per day, an Indy ledger would just fall over. 

The credential revocation scheme of Indy is not scalable at high volumes either. One always has to balance performance / functionality with user privacy. A large batch size of revocation list, e.g. 10 million revoked credentials, will better guarantee user privacy through obfuscation and effectively prevent tracking of users on-chain. However, an implementer of Indy said that they could only set the batch size at 10K credentials to keep a reasonable performance. An additional issue on the mobile side – larger batch size will result in larger tails / cryptographic file that a user needs to download from the Indy ledger. 

You can find a research paper that came out in April 2022 here, which documented very clearly the scalability issues with Indy ledgers and the approach of how verifications are processed using on-chain located schemas for credentials:

“We conclude that issues of Trust Registry scalability have multiple facets. While Hyperledger Indy captures data useful to underpin a decentralized identity scheme, the knock-on effect of its scalability limitations may indeed place constraints on properties of security and decentralization. The current credential verification process relies on transaction processing by a ledger with transaction processing bottlenecks, which may constrain the ideal of non-repudiation.”

• Indy networks have a governance and economic issue 

One of the features people like about blockchains is that they provide for a network of nodes that all agree on a certain state – this means that people are not depending on one database or trusting one party to maintain it. Different parties can work together to maintain a network that all trust. Different ledgers can scale to different sizes of node networks. The Bitcoin network has tens of thousands of nodes for example, across “light” and “full” nodes.

Recent years have seen major advances as node-networking and consensus mechanisms evolve in tandem to power global blockchains. However, if you run an Indy network with more than 25 active write and consensus nodes operating at a time, performance plummets. The limitation poses serious governance issues as it is nearly impossible for Indy networks to have more than a small number of nodes in active operations.

Another major governance issue comes from the configuration of Indy’s auth_rules. By default, it takes one “Trustee” to do almost anything other than freezing the network (which takes three trustees), such as removing DIDs, changing any rule, setting fees, minting tokens, and / or even adding new trustees. Most Indy networks have adjusted the number from one to three “trustees” as the number required to do anything. This means you only need three individuals to collude to take down the entire network, or three individuals’ emails to phish to take down the entire network, or three trustees to erase information from the ledger. There have been Indy networks where more than half of their trustees all come from the same company – meaning that company effectively controls the network. 

The governance issues plus technical challenges make it hard for Indy networks to make any economic sense to exist as stand-alone ledgers just for storing credential schemas and DID Documents. That is why some early Indy networks have faced concerns of going down because there are not enough people/organizations wanting to operate nodes.

• Aries has limited adaptability for mobile

Beyond the above-mentioned computing requirements caused by the CL-signatures that lead to limitations on the mobile device side, there are also limitations at the application development level.

Aries is an umbrella of several agent frameworks written in different languages, which differ in feature set and community support. It is not possible to incorporate Aries into a native iOS app because there is no “Aries Framework Swift” (Swift is the native programming language for iOS), so nobody with a native iOS app can add an Aries wallet to it. This severely limits its adoptability. Some have tried to develop an Aries Framework Swift but gave up due to a multitude of challenges. 

The only two Aries frameworks that work on mobile today are React-Native and Xamarin (not actively supported anymore), which power a decreasing number of mobile apps in the market, as native Swift and cross-OS Flutter take up more and more market share in recent years. 

Additionally, due to the large number of external dependencies Indy has, such as OpenSSL, Libzmp, a React-Native wallet installing the Aries libraries can take up 70+ MB space, a huge amount for those who don’t have the latest iPhones. The external dependencies also make it a pain for developers to support mobile platforms with Aries. 

Finding a Way Forward Together as a Community

I am releasing this article right before the Hyperledger Global Forum in Dublin, Ireland from September 12-13, 2022, where I am speaking on multiple occasions about Self-Sovereign Identity / Decentralized Identity. I look forward to engaging there with anyone about this article, whether you are happy to see these issues finally being publicly shared or concerned about how it will influence your business. 

I have rooted my entire career in this community and care about all of you who are working hard to make our common mission a reality. As the world is paying more attention to our work and eager to work with us, I am committed to helping us find a way forward as a community.

Media Mention: MIT Technology Review

Kaliya Young · April 7, 2022 ·

I was quoted in the article in MIT Technology Review on April 6, 2022, “Deception, exploited workers, and cash handouts: How Worldcoin recruited its first half a million test users.”

Worldcoin, a startup built on a promise of a fairly-distributed, cryptocurrency-based universal basic income, is building a biometric database by collecting data from the financially disadvantaged in the developing nations, in exchange for cash incentives.

Below is the paragraph which I am quoted in, with regards to Worldcoin’s business.

Others remain unconvinced that Worldcoin can actually reach everyone in the world—and instead, serves as a distraction from ongoing work to create new identity paradigms. Identity expert Kaliya Young, while declining to comment on Worldcoin specifically, says that “it’s common for companies to claim that ‘if everyone in the world was in our system, everything would be fine.’ Newsflash: everybody is not going to be in your system, so let’s move on and talk about how we solve problems” in online identity.

You can read the entire article by following this link, https://www.technologyreview.com/2022/04/06/1048981/worldcoin-cryptocurrency-biometrics-web3/

Privacy Identity and Innovation – pii & Women

Kaliya Young · August 1, 2010 · Leave a Comment

The Privacy Identity and Innovation is coming up August 17-19th in Seattle, Washington.
This conference is the brain child of Natalie Fonseca who has run the Tech Policy Summit for several years.
I am speaking at the event on a panel about personal data stores (a new project I will write more about here soon).  I am really proud to be amongst many other women industry leaders speaking. I know Natalie took proactive approach to recruiting women to speak and voila – their are women speakers at this technology conference.
Denise Tayloe, CEO of Privo
Marie Alexander, CEO of Quova
Linda Criddle, CEO of Reputation Share
Fran Maier, President of TRUSTe
Anne Toth, Chief Privacy Officer for Yahoo
Michelle Dennedy, VP at Oracle
Judith Spencer of GSA
Christine Lemke, CTO of Sense Networks
Betsy Masiello of Google
Heather West of Center for Democracy and Technology
Eve Maler of PayPal
Susan Lyon of Perkins Coie
Deborah Estrin of UCLA
It should be a great event – the guys on the program are equally cool.

Navigating the New Normal: John Seely Brown at Catalyst

Kaliya Young · July 28, 2010 · Leave a Comment

I am here this week at Burton Group Catalyst. The conference kicked off with a what was by all accounts good talk from John Seely Brown talking about “the New Normal”.
NishantK: John Seely Brown: many of the things that made us successful in the 20th century will make us unsuccessful in the 21st century
jmatthewg1234: John Seely Brown – Thriving in a world of constant flux
bobblakley: John Seely Brown explains the shift from stores of info to flows of info at http://yfrog.com/5u8r3oj
bobblakley: “The cloud is much more disruptive than any of us have ever thought.” John Seely Brown
bobblakley: “SalesForce disrupted Siebel; now being disrupted itself by SmallBusinessWeb. Things are moving that fast.” John Seely Brown
NishantK: John Seely Brown: Good network is loosely coupled, trusted, not captive & filled w highly specialized nodes < basis of #cloud promise
bobblakley: “Moving to cloud requires factoring policy out of apps & making it a 1st class object.” John Seely Brown
bobblakley “Policies must have version numbers.” JohnSeely Brown
bobblakley: “Control-oriented flows won’t work in federated clouds.” John Seely Brown
jonathansander: Outside-in architectures start with the notion of an ecosystem. John Seely Brown
NishantK: John Seely Brown: Need to move from Inside-out to Outside-in architectures – less control, more trust, less predictable, more agile
bobblakley: Schemas are a hindrance in a world of unpredictability – John Seely Brown
bobblakley: “Data has tremendous inertia; don’t bring data to the computer – bring the computer to the data!” JohnSeely Brown
bobblakley: “Web 3.0 will use social media for context sensitive exception handling.” John Seely Brown
jonathansander: Policies are 1st class objects in enterprise 3.0, but so are exceptions. John Seely Brown
bobblakley: “Two things you don’t want to lose control of are policy and data” John Seely Brown
bobblakley: “The edge pulls the core to it by exploiting cloud services and social media.” John Seely Brown
drummondreed: John Seely Brown at Catalyst: the biggest innovation of the past 100 yrs is not the microprocessor but the Limited Liability Corp
This morning the conference kicked off for real with 5 tracks of amazing content. Those of you who know me, know I really am not a big fan of “regular talking heads conferences.” I often tell folks this is the only talking heads conference I recommend attending. The quality of content and thought put into the analyst presentations and the industry people on stage is of a very quality.

ID-Legal – Mapping the Gap – Bridging Commumities

Kaliya Young · February 18, 2010 · Leave a Comment

Next month we are hosting a gathering called Map the Gaps. It came out of a session I ran several IIW’s ago asking the question what if there was a “Legal-IIW” the intent was always to cross communities and connect activities already in this area.  The intent from the beginning was to connect with and work with PPEG at Liberty Alliance. I am happy to be working with Robin from Kantara who ran the PPEG group at Liberty Alliance. Lucy from the Internet Society has been a real champion of the event.
We are threading the needle of size and accessability. Our intent is to make as much as possible about the conversation public and report out.  We also know that the energy is really different with 20-30 people vs. 100.   We are seeking interest particularly from technologist who are interested in understanding how Lawyers think and how different aspects of law are going to end up impacting the technologies they build and how those technologies will change the law.
You can see the matrices we are looking to fill in here on the ID-Commons wiki.
Here is the invitation and this is a link to express interest in attending.

Identity Commons and The Kantara Initiative
present an identity workshop and symposium to
“Map the Gaps”
Sponsored by the Internet Society.
March 18th-19th, 2010, Washington DC

The event will be attended by representatives of the diverse identity communities to help “Map the Gaps” that currently exist between the policy/legal and technology views of digital identity and online privacy.
The intention of the “mapping” exercise is to benefit the overall identity community by cataloguing and examining the characteristics and approaches of various online identity-related technical and legal initiatives, so that they can be applied to find common ground to integrate the research and development initiatives in the identity space.
The infrastructure for online identity continues to evolve, and increasingly raises social and privacy questions which are large, complex, and cannot be solved either by technology alone, or by a “single-stakeholder” approach.
While technologists and lawyers have worked separately in the past, identity technologies are now bringing people together in ways that are so intimate and far-reaching that they change both the way humans relate to technology, and the technologically-mediated ways humans relate to each other. Many of those technologically-mediated interactions are the subject of various established laws, which must now be reviewed in the light of this evolution: the technology cannot properly develop without legal guidance and vice versa.
This effort will depend upon the identification and creation of common concepts, language and paradigms to guide future development in the area.  Our aim is to bring technologists and legal and policy professionals together, establish a common understanding of each other’s domains, and map out the gaps which subsequent work would aim to bridge.
The “Map the Gaps” event will provide participants with a forum to contribute various perspectives on identity-related themes, the output of which may be coordinated with American Bar Association events as well as within working groups at ID Commons and the Kantara Initiative.
Due to limited space, the event is being held by invitation only.  There are, however, other ways to participate in this important work, including submitting written materials for inclusion in symposium online materials.
In order to assure that the broadest possible representation of interests is achieved to inform the work that will take place at the symposium, all submitted papers will be made available to attendees and others on the Identity Commons and Kantara symposium-related websites.
Limited spaces have been reserved at the symposium for a few additional invitations to be extended to individuals and institutional representatives based on a review of submitted papers.  Additional invitations may be extended based on those papers that offer significant perspectives and insights that are perceived to be different than or complementary to those already represented by the existing symposium attendees.
Next steps:
The symposium will be interactive and participant-driven: we ask all persons who would like to attend the meeting as participants to contribute, in advance (and no later than February 28, 2010), a brief (250-500 words) position paper, analysis or other  description of an interesting or pressing problem they have encountered in this field.  Papers will be posted as noted above, and we will extend invitations for participation to the authors of those papers that satisfy the criteria indicated above.
To express interest in the “Map the Gaps” workshop and symposium:
https://www.isoc.org/isoc/conferences/registration/?id=19
Event Committee:

  • Scott David, K&L Gates LLC.
  • Lucy Lynch, Internet Society
  • Kaliya Hamlin, ID Commons
  • J. Trent Adams, Internet Society
  • Robin Wilton, Future Identity, Ltd.

IIW is NOT an advocacy group – sigh “the media”

Kaliya Young · December 18, 2009 · 1 Comment

Facebook’s Online Identity War quotes me and labels IIW an advocacy group. IT IS AN INDUSTRY FORUM. Douglas MacMillan.
Sorry but I am still learning “how” to talk to reporters. They don’t like to quote me as “the identity woman” and link to my blog.
I “do” run the Identity Workshop with Phil and Doc but that doesn’t make it an “advocacy group”
Identity Commons & IIW have a purpose and principles believing in user/centric identity. The power of individuals to manage and control their own identities online. We don’t “advocate” for them – we create a convening space for people who want to work on this ideal.
Facebook does on some level “agree” with the idea of user-centric identity – Luke Shepard has participated in the community for quite a while & they hired David Recordon. They sponsor IIW.
I am clear that the opening up of previously controlled information with no warning “jives” with my understanding of user-centric control. It was more from my own point of view I was commenting. That is with my “identity woman” hat on… and the values I carry from Planetwork and the ASN… but the press hates that. Uggg. Chris Messina gets to be an “open web advocate”… that is what I do to but just about identity “open Identity advocate” (mmm…) but then that sounds like “just” OpenID and it isn’t just about that one particular protocol. sigh.
I am still wondering – How does one “belong” and have “titles” in a way the media can GROK when one does not have a formal position in a formal organization.
sigh – identity issues.

Fire Fox and Identity in the Browser

Kaliya Young · November 28, 2009 · Leave a Comment

ReadWriteWeb reports this week:

Decrying redirects and iframes, Raskin tells of a brave new world where an in-browser button that defies navigational difficulties allows for something closer to true identity portability than we’ve seen yet:Identity will be one of the defining themes in the next five years of the Web. Nearly every site has a concept of a user account, registration, and identity. Searching for “sign in” on Google yields over 1.8 billion hits. And yet, the browser does nothing to make this experience better save for some basic auto form filling. The browser leaves websites to re-implement identity management, and forces users to learn a new scheme for every site… Your identity is too important to be owned by any one company. Your friends are too important to be owned by any one company.

Finally! They said it!

Comments in reaction to the ReadWriteWeb post highlight Information Cards & CardSpace are not mentioned – I point out in my comment that the work is all connected ant pointed to the IIW conversations about Active Clients attended by all.
Aza open their post with this paragraph:

Identity will be one of the defining themes in the next five years of the Web. Nearly every site has a concept of a user account, registration, and identity. Searching for “sign in” on Google yields over 1.8 billion hits. And yet, the browser does nothing to make this experience better save for some basic auto form filling. The browser leaves websites to re-implement identity management, and forces users to learn a new scheme for every site.

They make these key points following the images they have (you should check the images out)

• Identity is part of where you are, and what you are looking at (Amazon looks different depending on if you are signed in or not). That’s why we put it in the URL Bar.
• For most sites, you’ll probably only have one identity, so login will be a single click or automatic.
• Putting verbs into the navigation bar isn’t new. See Taskfox.
• To increase visibility, webpages should be able to make a Javascript call that opens the login/signup bubble.
• For webpages that want to own the login-process, the account creation simply acts as the ultimate form-fill. For those interested in the evolution of the idea, you can see an early mockup with comments as well as Alex Faaborg’s similiar mockups.

They also make this point…

Chris Messina and others has been advocating for a model which follows the Facebook Connect lead: a single verb, to connect. Once connected, you decide exactly what information to share in an asynchronous manner. Unfortunately this bleeds information — your name is known to all websites which which you connect. We’d like to explore what a connect metaphor in combination with the ability to remain anonymous but connected means.

I agree with the firefox folks. Having a way to do verified anonymity is essential.
“Selective Disclosure” is the name for technologies that do this.
The firefox team should check out Stefan’s U-Prove Technology that may be released shortly by MSFT that acquired it over a year ago –
(seems like Stefan killed his blog when he moved to MSFT..mmm..anyways.)
Firefox folks invite people to get involved here.

Identity Dispute on Twitter

Kaliya Young · October 2, 2009 · Leave a Comment

From Slashdot

SpuriousLogic spotted this story on the BBC, from which he excerpts:

“The High Court has given permission for an injunction to be served via social-networking site Twitter. The order is to be served against an unknown Twitter user who anonymously posts to the site using the same name as a right-wing political blogger. The order demands the anonymous Twitter user reveal their identity and stop posing as Donal Blaney, who blogs at a site called Blaney’s Blarney. The order says the Twitter user is breaching the copyright of Mr. Blaney. He told BBC News that the content being posted to Twitter in his name was ‘mildly objectionable.’ Mr. Blaney turned to Twitter to serve the injunction rather than go through the potentially lengthy process of contacting Twitter headquarters in California and asking it to deal with the matter. UK law states that an injunction does not have to be served in person and can be delivered by several different means including fax or e-mail.”

FastCo Post on Governemnt Experiments with Identity Technologies

Kaliya Young · September 12, 2009 · Leave a Comment

This is cross posted on Fast Company.

The Obama administration open government memorandum called for transparency participation, collaboration and federal agencies have begun to embrace Web 2.0 technologies like blogs, surveys, social networks, and video casts. Today there are over 500 government Web sites and about 1/3 of them require a user name and password. Users need to be able to register and save information and preferences on government Web sites the same way they do today with their favorite consumer sites, but without revealing any personally identifiable information to the government.

Yesterday the United States Government in collaboration with industry announced a few pilot projects using emerging open identity technologies for citizens to use when interacting with government sites. I use the word interacting very deliberately because the government doesn’t want to know “who you are” and has gone great lengths to develop their implementations to prevent citizens from revealing personally identifiable information (name, date of birth etc).

How would you use this?–well imagine you are doing an in depth search on an NIH (National Institute of Health) Web site–and you went back to the site many times over several months. Wouldn’t it be great if the site could “know” it was you and help you resume your search where you left off the last time. Not your name and where you live but just that you were there before.

The Identity Spectrum helps us to understand how it all fits together.

Spectrum of IDAnonymous Identity is on one end of the identity spectrum–basically you use an account or identifier every time go to a Web site–no persistence, no way to connect the search you did last week with the one you did this week.

Pseudonymous Identity is where over time you use the same account or identifier over and over again at a site. It usually means you don’t reveal your common/real name or other information that would make you personally identifiable. You could use the same identifier at multiple sites thus creating a correlation between actions on one site and another.

Self-Asserted Identity is what is typical on the Web today. You are asked to share your name, date of birth, city of residence, mailing address etc. You fill in forms again and again. You can give “fake” information or true information about yourself–it is up to you.

Verified Identity is when there are claims about you that you have had verified by a third party. So for example if you are an employee of a company your employer could issue a claim that you were indeed an employee. You might have your bank verify for your address. etc.

The government pilot is focused on supporting citizens being able to have pseudonymous identities that function only at one Web site–the same citizen interacting with several different government Web sites needs to use a different identifier at each one so their activities across different government agencies do not have a correlation.

It is likely that some readers of this blog know about and understand typical OpenID. Almost all readers of this blog do have an openID whether they know it or not because almost all the major Web platforms/portals provide them to account holders–MySpace, Google, Yahoo!, AOL etc.

So how does this work with OpenID?

Typical OpenIDTypically when logging in with OpenID on the consumer Web you share your URL with the site you are logging into–they redirect you to where that is hosted on the Web–you authenticate (tell them your password for that account) and they re-direct you back to the site you were logging in. (see this slide show for a detailed flow of how this works). Using OpenID this way explicitly links your activities across multiple sites. For example when you use it to comment on a blog– it is known your words come from you and are connected to your own blog.

Using the OpenID with Directed identity–de-links your the identifiers used across different sites but still lets you use the same account to login to multiple sites.

Directed IdentityWhen you go to login to a site you are asked to share not “your URL” but just the name of the site where your account is–Yahoo! or Google or MySpace etc. you are re-directed to that site and from within your account a “directed identity” is created–that is a unique ID just for that Web site. Thus you get the convenience of not having to manage multiple accounts with multiple passwords and you get to store preferences that might be shared across multiple ID’s but you don’t have identifiers that correlate–that are linked across the Web.

How does this work with Information Cards?

This is a complementary open standard to OpenID that has some sophisticated features that allow it to support verified identities along with pseudonymous & self asserted identities. It involves a client-side piece of software called a selector–which selector helps you manage your different identifiers using a card based metaphor, with each digital “card” representing a different one. Citizens can create their own cards OR get them from third parties that validate things about them.

The government is creating a privacy protecting “card profile” to be used in the pilot program. It is NOT issuing identities.

Trust Framework are needed to get it all to work together.

From the press release yesterday:

“It’s good to see government taking a leadership role in moving identity technology forward. It’s also good to see government working with experts from private sector and especially with the Information Card Foundation and the OpenID Foundation because identity is not a technical phenomenon–it’s a social phenomenon. And technological support for identity requires the participation of a broad community and of representatives of government who define the legal framework within which identity will operate,” said Bob Blakley, Vice President and Research Director, Identity and Privacy Strategies, Burton Group. “Today’s announcement supplies the most important missing ingredient of the open identity infrastructure, mainly the trust framework. Without a trust framework it’s impossible to know whether a received identity is reliable.”

The OpenID Foundation and Information Card Foundation wrote a joint white paper to describe how they are working on developing this. From the abstract:

[They] are working with the U.S. General Services Administration to create open trust frameworks for their respective communities.

These frameworks, based on the model developed by the InCommon federation for higher education institutions, will enable government Web sites to accept identity credentials from academic, non-profit, and commercial identity providers that meet government standards. These standards are critical as they represent the government’s resolution of the challenging and often competing issues of identity, security, and privacy assurance. Open trust frameworks not only pave the way for greater citizen involvement in government, but can enable even stronger security and privacy protections than those typically available offline.

These are all exciting developments but there is much more to do.

Looking (far) ahead there may be the opportunity to do selective disclosure–combining anonymity with verified identity.

How do these go together–you can take a verified identity claim say your birth date then using cryptography strip the specifics away and just have a claim that says you are “over 21”. Then using an anonymous identifier you have selectively disclosed your age without giving away your date of birth.

You could imagine this would be handy for citizens wanting to communicate their opinions to their member of congress without revealing their actual name and address – they could “prove” using a verified claim they live in the district but not reveal who they are. This aspect of what is possible with the technology is VERY forward looking and will take many years to get there. There is enormous potential to evolve the Web with this emerging identity layer.

I would like to invite all of you interested in being involved/learning more to attend the Internet Identity Workshop in Mountain View California November 3-5. I have been facilitating this event since its inception in 2005. It is truly amazing to see how far things have progressed from when we were 75 idealistic technologist talking about big ideas. at the Hillside Club in Berkeley. It is also some what daunting to think about how much farther we have to go.

Thomas Friedman on the lesson from Van Jones – "Watch out for the participatory panopticon"

Kaliya Young · September 6, 2009 · 3 Comments

Thomas Friedman of the NYTimes on Meet the Press today talking about several recent incidents including what happened to Van Jones.

When everyone has a cell phone, everyone is a photographer, when everyone has access to YouTube, everyone is a filmmaker, and when everyone is a blogger everyone is a newspaper.
When everyone is a photographer, a newspaper and a filmaker everyone else is a public figure. Tell your kids ok,  be careful every move they make is now a digital footprint. You are on candid camera and unfortunately the real message to young people from all these incidents… (he says holding his hands closely together) is really keep yourself tight – don’t say anything controversial, don’t think anything controversial, don’t put anything in print – you know what ever you do just kind of smooth out all the edges (he says moving his hands in a streamlining motion down) and maybe you too – you know when you get nominated to be ambassador to Burkina Faso will be able to get through the hearing.

What does this capacity to document “everything” digitally mean to free thinking, and free speech? It seems that is having a quelling effect.
I have written about the participatory panopticon several times, a term coined by Jamais Cascio.
* Participatory Panopticon strikes Michael Phelps
* We Live in Public – a movie
* “sousveillance” coming to NYC and Big Brother coming to NYC
* Participatory Panopticon tracking the CIA’s Torture Taxi
* Condi Caught by Emerging Participatory Panopticon
* Accelerating Change Highlights: 1 (Jon Udell)
The first time I spent a whole day with technologists working on the identity layer of the web in 2003 I asked publicly at the end of the day – how do we forgive in these new kinds of tools in place? How do we allow for people to change over time if “everything” is documented?
I hope we can have a dialogue about these kinds of issues via the blogosphere and also face to face at the 9th Internet Identity Workshop coming up in November.

Identity for Online Community Managers

Kaliya Young · August 19, 2009 · Leave a Comment

I was asked by Bill Johnson of Forum One Networks to kick off the discussion on the next Online Community Research Network call this week with the topic Identity for Online Community Managers – drawing on the presentation that I put together for the Community 2.0 Summit. I cover the basics of how OpenID, OAuth and Information Cards work, who is “in” terms of supporting the projects and what community managers/platforms can do. We will discuss the implications of these new identity and data sharing protocols on the call.

Online Identity for Community Managers: OpenID, OAuth, Information Cards

View more documents from Kaliya Hamlin.
I will also be attending the Online Community Summit in October Sonoma and will be sharing about these and other technologies there.

Freedom to Aggregate & Disaggregate oneself online.

Kaliya Young · August 19, 2009 · Leave a Comment

I presented this slide show at the Oxford Internet Institute meeting in April that considered A Global Framework for Identity Management.

You could sum it up this way – “stuff happens in peoples lives and the need the freedom to go online and get support for those things and not have it all linked back to their “real identity.”

The slides are moving (drawing from post secret post cards) and it is worth watching if you don’t think people need this freedom.

Freedom to Aggregate, Freedom to Disaggregate

View more documents from Kaliya Hamlin.

its that SXSW picking time of year

Kaliya Young · August 18, 2009 · Leave a Comment

200908181123.jpg

This year there are 2200 panels submitted for 300 slots. It is great they are going with community generated ideas for the conference. It is also hard to tell what will be happening in our fast moving industry 7 months from now. PLEASE go to SXSW create an account and then vote for these two 🙂

I put a lot of thought in to what to put forward this year knowing it would be 9 months out. One of the trends that is just starting to emerge is identity verification – my hunch is that by March this will be a topic getting a lot of attention and worth exploring at SXSW.

Who are you? Identity trends on the Social Web.

“On the Internet Nobody Knows You’re a Dog” Is this famous New Yorker cartoon still true? Twitter is doing verified accounts. Facebook claims everyone using their “real name” gives strong social validation ‘proof’. Equifax is validating age with information cards (digital tokens). We will explore the current trends and their implications for the future.

  1. What is identity?
  2. Why are people doing identity validation?
  3. Who is doing identity validation?
  4. Why are websites seeking people who have had their identities validated?
  5. Is identity validation improving the web?
  6. What are the current open standards in this space?
  7. Are approaches by men and women different about idnetity presentation and validation?
  8. What kinds of businesses are requiring online identity validation for customers?
  9. Is identity validation going to squish “free speech”?
  10. How is this trend changing the web?

With my She’s Geeky hat on: What Guys are Doing to Get More Girls in Tech!

The point of this is to get beyond the women say there are issues in the field and guys say there isn’t – to have guys who know there is an issue and are proactively doing constructive stuff to address it.

Many tech fields have a low percentage of women. If you are a guy do you wonder what you can do about it? Learn about successful strategies and proactive approaches for supporting women you work with and participate in community with. We will even cover some well-intentioned efforts that have gone awry.

  1. How many women by percentage participate in different technical fields?
  2. Why does it matter that they are underrepresented in these fields?
  3. What are the cultural norms that men and women have about performance and self-promotion?
  4. What is Male Programmer Privilege?
  5. What can a guy do who has a sister that is math/science inclined but being steered away from the field?
  6. How have the men on the panel improved things in their workplaces?
  7. How have the men on the panel addressed the challenges that arise in open communities? (that is where you don’t have a boss that fires people for inappropriate behavior/comments)
  8. What are the qualities of a workplace that is friendly for women?
  9. How to go beyond tokenism in workplaces, communities and conferences?
  10. How to encourage women more?

Other interesting Preso/panels covering Identity topics:

The Politics & Economics of Identity Put forward by my friend Liza Sabature of Culture Kitchen and the Daily Gotham Identity Politics” has always been left to the realm of feminist, civil rights activists, aka “minority politics”. This panel will explore the social and political ramifications of the business of identity and reputation. We will talk about the good, the bad and the ugly and what social entrepreneurs, businesses and digital activists are doing to impact this new economy.

  1. What is identity?
  2. What is reputation?
  3. What is privacy?
  4. How have big business historical monetized privacy?
  5. How social media works on identity and reputation?
  6. Online surveillance in the US : DMCA, FISA, Patriot Act
  7. Facebook BEACON : a study on how not to spy on people for fun and profit
  8. Google Adsense or Spysense?
  9. What are Vendor-Relationship Management systems?
  10. Will we need “Identity Management Systems” instead of VRMs?

Distributed Identity: API’s of the Semantic Web Without much conscious thought, most of us have built identities across the web. We fill in profiles, upload photos, videos, reviews and bookmarks. This session will explore the practical use of Social Graph API and YQL to build new types of user experience combining identity discovery and data portability.

Online Gatekeeping: Who Died and Made You King? by Liz Burr As the web becomes more open via social networks, we’re adopting new rules of communication. But who creates these rules? How much does class, race and gender figure into social media policing? We’ll discuss how identity affects social networks, as well as look at how online communities police themselves as participation expands.

  1. Which groups are in control of what is worth sharing via social media?
  2. Are the under-25 community using social media differently?
  3. How do we recognize and confront social media ‘gatekeepers’?
  4. Is our behavior in online communities merely a reflection of offline stereotypes and experiences?
  5. What is the impact of the amplification of social stereotypes online on under-represented groups?
  6. How do we integrate previously, under-represented groups into this more social world?
  7. Is there really such a thing as a “digital ghetto”? If so, is it our responsiblity to combat it?

OpenID: Identity is the platform is put forward by Chis Messina.
I have to say it is really great to have this be put forward so plainly and simply – to “get religion” about user-centric tdentity and its central role in shaping the fugure the social web.

Ignore the hype over social networking platforms and web OS’s! The platform of the social web is identity. Facebook and Twitter Connect are just the beginning of the era of user-centric identity. I’ll go beyond the basics of OpenID and learn how to effectively incorporate internet identity into your apps.

Your Online Identity After Death and Digital Wills

If you died tomorrow, would someone take care of your internet accounts? How do you tell subscribers the blogger has died? Every day people die and no one can access their email. Let’s explore what can be done to manage your online identity after you pass on.

  1. What usually happens to email accounts when a person dies? Policies for Gmail, Yahoo, Hotmail and AOL
  2. What about WordPress.com and Blogger for digital policies concerning the death of a blogger?
  3. Do You have a digital will setup?
  4. Products and services to manage digital wills, electronic correspondence after death and auto replies.
  5. Grief, “You Have Mail” and online memorial services.
  6. Who owns blog content after the death of a blogger?
  7. How to calculate the worth of your website or blog.
  8. How can you manage your online accounts and passwords for easy access after you pass?
  9. What are some recent legal examples of online account ownership disagreements?
  10. How to keep your passwords safe?

How to Benefit from 1-Click Identity Providers by Luke Shepard from Facebook.

Sites across the Web are opening up to support open identity platforms, such as OpenID. How can companies at scale and those with large user bases successfully work with open standards including OpenID, Activity Streams and new social markup language specs? Can companies survive the challenges of incorporating OpenID into their websites?

  1. Are there any success stories with OpenID?
  2. What does the OpenID user experience look like?
  3. Who has implemented OpenID?
  4. What have been some of the failures of OpenID?
  5. What is OpenID?
  6. What are the user benefits of OpenID?
  7. How can websites educate users about open protocols?
  8. What are the privacy concerns around OpenID?
  9. What kind of user data is made available to sites when they implement OpenID?
  10. What will it take for OpenID to become mainstream?

Crime Scene: Digital Identity Theft


ID biz models "in the future maybe" says Johannes

Kaliya Young · August 18, 2009 · Leave a Comment

Johanne Ernst is a builder of Identity technologies (and one of the clearest thoughtful thinkers about identity technologies and markets. He just posted a great post about business models in the identity space. I know he has at various times tried raise money as an entrepruner in this space – so he has thought a lot about the business models.

For those of you who don’t know Johannes he developed Light-Weight Identity (LID) a URL based ID system at the same time Brad Fitzpatrick did at Live Journal and then participated in merging it all together into YADIS discovery which became woven together with OpenIDv1, XRI/i-names  and sxip to become OpenIDv2. He also was the first drawer of the identity triangle (OpenID, SAML, InfoCards) which evolved into the Venn of Identity.

Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

The mot important sentence is this one – Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

I take heart with what he has to say especially because he addresses it to a big part of what I do – organize (un)conferences to continue momentum for the field.

From his post:

Value-added services:
Many people have ideas for value-added services that could be sold once sufficiently many users used internet identities at enough sites. The trouble is that the transaction volume for OpenID (or any other identity technology on the internet) is still far too low to make this viable.

So the verdict here is: perhaps in the future.   

So what’s an analyst, or conference organizer, or entrepreneur, or venture capitalist to do?

My take: Hang in there, keep the burn rate low, make no major moves, would be my advice. (Believe it or not, sometimes I’m being asked about my advice on this.) All the signs are pointing in the right direction, the latest being Google’s major OpenID push. Let’s not confuse being majorly annoyed how long this is all taking (speaking about myself here) with something being fundamentally wrong (because there isn’t).

Sooner or later, at least the value-added services opportunity will emerge. Perhaps others. But so far it has not yet.

Identity & Gov and & Open Standards

Kaliya Young · August 17, 2009 · Leave a Comment

I am really happy to let you all know about this forth coming OASIS ID-Trust Identity Management 2009 event September 29-30.

The theme of the event will be “Transparent Government: Risk, Rewards, and Repercussions.”

The U.S. National Institute of Standards and Technology (NIST) will be hosting it in Gainthersburg, Maryland.

In the why attend the reference part of a directive by Barack Obama to the National Security Council and Homeland Security Council.

“to defend our information and communications infrastructure, strengthen public/private partnerships, invest in cutting edge research and development and to begin a national campaign to promote cyber-security awareness and digital literacy.” The U.S. federal government aims to accomplish all of this while becoming increasingly open and transparent.

The program is now available – and looks quite good.

There is a discount available until August 31. There are special registration proceedures for non-US citizens.

Web Finger! moving out into world

Kaliya Young · August 14, 2009 · 1 Comment

I love the Internet Identity Workshop! it is where innovative ideas are hatched, answers to hard problems are vetted and standards consensus emerges. This is just the latest in amazing collaborations that have emerged.

Web Finger was covered on Tech Crunch today with this headline – Google Points At WebFinger. Your Gmail Address Could Soon Be Your ID.

At IIW in May they had a session lead by John Panzer. The notes were not filled out that much but (All the Notes from IIW)   

but there is a white board of their conversation and a link to what google had up.

Chris Messina spliced it together

XRD the discovery protocol is part of how Web Finger works. This spun out of XRI.

Techcrunch didn’t explicitly pick up on the fact that Eran Hammer-Lahev has been a key collaborator and is at Yahoo! (they did link to the mailing list where he is posting). He has been really driving XRD forward lately.

All exciting stuff.

DiSo ideas are not that new.

Kaliya Young · August 14, 2009 · 3 Comments

Reading these:

A Perfect Storm Forming for Distributed Social Networking– Read Write Web

Evolution of Blogging – GigaOm

The Push Button Web – Anil Dash

The inside Out Social Network – Chris Messina

The Future Social Web – Jeremiah Owyang

I realize how incredibly ahead of the times I was along with many of the people I have been working with on open standards identity and social web standards.

I wrote this describing open standards for distributed social networking online in April of 2004f or the Planetwork Conference (from Archive.org)  that I was promoting.

———————— From Archive.org April 2004 ——————

ID Commons: Social Networking For Social Good: Creating Community Trust Infrastructure Through An Identity Commons

In 2003 the Planetwork LinkTank white paper The Augmented Social Network: Building Identity and Trust into the Next-Generation Internet proposed weaving new layers of identity and trust into the fabric of the Internet to facilitate social networking for social good – online citizenship for the information age.

The LinkTank white paper outlined three main objectives:

  1. Establishing a new kind of persistent online identity that supports the public commons and the values of civil society.
  2. Enhancing the ability of citizens to form relationships and self-organize around shared interests in communities of practice and engage in democratic governance.
  3. Creating an Internet-wide system for more efficient and effective knowledge sharing between people across institutional, geographic, and social boundaries.

Currently each site with a login or membership profile is like an island, or at worst a walled castle, as no common inter-operation is possible among large numbers of them. Creating a truly interoperable network will require an explicit social agreement that governs the operation of the trusted network, and implementation of a new software protocol consistent with that agreement.

Identity Commons

[note this is a reference to the “first” Identity Commons – the current Identity Commons shares the values and some of the organizing principles of this first organization but evolved from it]

The Identity Commons is an open distributive membership organization, designed to develop and operate a common digital identity infrastructure standard based on the shared principle of protecting each user’s control of their own identity data. A common identity infrastructure must be embedded within a binding social agreement ensuring that the technology and its institutional users operate in accordance with core principles. In addition to developing this agreement, Identity Commons is managing the development and implementation of the new technology needed to achieve this as a fiscal project of Planetwork, a California 501(c)3 non-profit.

The Identity Commons is based on an implementation of two new OASIS standards:

XRI – a new identity addressing scheme fully compatible with URIs
XDI – specifies link contracts for shared use of data across the Internet

For more technical information see: http://xrixdi.idcommons.net

Once implemented, the Identity Commons infrastructure will:

  • Give individuals, organizations, and even ad-hoc groups persistent addresses (digital identities) that can be used in many ways. Each party can decide what their own address links to, and who can follow the links.
  • Provide single sign-on, enabling individuals to connect to multiple sites without having to provide a login and password to each.
  • Empower user/citizens to manage their own consolidated profiles, which will be likely to stay up to date as everyone maintains only their own master copy.
  • Generate network maps that enable communities to more efficiently understand their own membership, make connections, recognize patterns, filter messages, and self-organize around new topics and functions.
  • Provide collaborative filtering services based on knowledge and reputation databases where contributors can also control their own level of anonymity.
  • Enable group formation around common interests and affinities with reputation attributes for trusted communication, which could be the key to eliminate spam.

How is this different from what is already happening in the private sector?

Currently every web site has a privacy policy, but they vary widely, are rarely read, are only good until they are changed and are thus effectively useless.

The Identity Commons (IC) solves this by (1) replacing thousands of privacy policies with a single institutional membership agreement that simplifies the user experience. Every Identity Commons member site is party to a legally binding commitment that can only be changed by amending the IC membership agreement – which is governed by all IC members. And (2) by using electronic contracts to grant, record, and enforce data sharing across boundaries.

Ultimately there can only be one fully interoperable social network; just as email can travel anywhere on the Internet, your profile must also be able to do so. Microsoft would love to make this possible, and fully control it – their Passport system was designed to do just that. By hosting identity data for nearly everyone who has a computer Microsoft hopes to put themselves in the middle of every transaction they can.

In response to this, a group of large companies formed the Liberty Alliance which developed protocols that will allow institutions to “federate” data across company boundaries. Federation is an improvement over the Microsoft Passport model, however, both of these approaches treat individuals solely as consumers, and neither provide support for civil society, citizen collaboration or for individual citizens to control their own identity data.

The Identity Commons agreement and technical infrastructure is a way to correct this imbalance of power, allowing the Internet to fulfill its great potential as a “commons” in which individual citizens can interact freely and as equals everywhere on Earth.

————- end Identity Commons description from Planetwork’s 2004 site ———

Writing this document was the first work that I did as an evangelist for the proposed open standards for distributed digital identity to enable open distributed social networks.
I wrote it based on reading through all their work and listening to their vision of the founders of Identity Commons and those working together for 2+ years hoped for in the adoption of the open standards they were working on. These protocols are now all ratified in OASIS (one of three standards bodies for the internet the other two being IETF and W3C) – XRI, XDI along with XRD/XRD that spun out of XRI as it became incorporated in OpenIDv2 as a key part of what makes it work.

Identity that is user owned, controlled managed – and this includes the preferences, attention data, uterances, 1/2 of transaction data – is at the heart of what one needs to make this vision of distributed social networking work. I think until recently it has been misunderstood as esoteric and just talk – amazing progress has been made since the early days of the identity gang that community has grown and developed many of the conceptual understandings and protocols that are taken as givens.

Folks from what the identity community (and perhaps should consider “updating” its name to the identity and social web community).…invented – as in used for the first time these two words together Social and Web – SOCIAL WEB – (according to wikipedia)

With the title of this paper: The Social Web: Creating An Open Social Network with XDI

This paper was preceeded by the Augmented Social Network: Building and Trust into the Next Generation Internet

Like the Web or email, the ASN would be available to anyone. It would become a common part of the Internet infrastructure – a person-centered and group-centered service of the net. It will be implemented through the widespread adoption of technical protocols; any online community infrastructure could choose to be part of the ASN by implementing them. Central to its design are fundamental principles of openness, inclusivity, and decentralization — which are necessary for a thriving democracy. At the same time, the ASN would support the highest available forms of security to protect privacy.

The Identity Gang began talking/meeting in the later part 2004 and has continued to meet in the Internet Identity Workshop.

There is much wisdom that these communities have developed that can be useful in moving / re-articulating the vision… to be sure lessons are to be learned from understanding more about why certain approaches/standards/proposed ways of doing things didn’t happen (yet).

I think the market wasn’t ready for what the identity community was saying. As someone who has been evangelizing about this set of issues practically full time since 2004. In the first few years I would talk in a range of communities and at conferences about all these issues, user control, open standards the danger of the potential emergence of large silo’s that locked users in and people just “didn’t get” it was an issue or that there was even a need for these kinds of standards. Now the market is finally ready.

The 9th Internet Identity Workshop  is this November – and REGISTRATION IS OPEN!

There is a whole conversation on the DiSo list where I highlighted this context/history. There might be a beer meetup in Berkeley this evening at Triple Rock at 7:30.

Digital Identity -> Sculpture

Kaliya Young · August 13, 2009 · Leave a Comment

My friend Cameron Hunt sent me a link to this AMAZING site this morning.

IDENTITÄT: the »Gestalt « of digital identity

From the far end of the Concept page:

The goal of the project was not to create a readable data sculpture of someone’s digital life, but to express how an analogue snapshot of complex dig­ital identities can be presented. Based on four de­fined cri­te­ria all sculp­tures had to be compa­ra­ble in their form, size and ex­pres­sion. Af­ter generating those sculp­tures based upon the particles only, we added time as an under­lying factor. The particle system, which rep­resents a persons inter­ests, spreads in space until it is bal­anced. The speed of this expan­sion, the thickness of the cre­ated hull and the starting point of the drawing process is connected to the factors age, activ­ity and communication behav­ior.


This system leads to an embod­i­ment for the final ~Gestalt of dig­ital identity. A still life of an ongo­ing process about re­defining and dec­orating. This dynam­ic process of dig­ital »day life« is cap­tured in our person­al interpretation of the dig­ital identity as an amorp­hous sculp­ture.
The Process Page says more about how they did it.

Missing: Privileged Account Management for the Social Web.

Kaliya Young · July 27, 2009 · 3 Comments

This year at SXSW I moderated a panel about OpenID, OAuth and data portability in the Enterprise. We had a community lunch after the panel, and walking back to the convention center, I had an insight about a key missing piece of software – Privileged Account Management (PAM) for the Social Web – how are companies managing multiple employees logging in to their official Twitter, Facebook and YouTube accounts?

I thought I should also explain some key things to help understand conventional PAM then get to social web PAM in this post covering:

  1. regular identity management in the enterprise,
  2. regular Privileged Account Management in the enterprise
  3. Privileged Account Management for the Social Web.


1) IdM (Identity Management) in the Enterprise

There are two words you need to know to get IdM and the enterprise: “provisioning” and “termination“.

a) An employee is hired by a company. In order to login to the company’s computer systems to do their work (assuming they are a knowledge worker), they need to be provisioned with an “identity” that they can use to log in to the company systems.

b) When an employee leaves (retires, quits, laid off, fired), the company must terminate this identity in the computer systems so that the employee no longer has access to these systems.

The next thing to understand is logs.

So, an employee uses the company identity to do their work and the company keeps logs of what they do on company systems. This kind of logging is particularly important for things like accounting systems – it is used to audit and check that things are being accurately recorded, and who did what in these systems is monitored, thus addressing fraud with strong accountability.

I will write more about other key words to understand about IdM in the enterprise (authentication, authorization, roles, directories) but I will save these for another post.

2) Ok, so what is Privileged Account Management in the Enterprise?

A privileged account is an “über”-account that has special privileges. It is the root account on a UNIX system, a Windows Administrator account, the owner of a database or router access. These kinds of accounts are required for the systems to function, are used for day-to-day maintenance of systems and can be vital in emergency access scenarios.

They are not “owned” by one person, but are instead co-managed by several administrators. Failure to control access to privileged accounts, knowing who is using the account and when, has led to some of the massive frauds that have occurred in financial systems. Because of this, the auditing of logs of these accounts are now part of compliance mandates in

  • Sarbanes-Oxley
  • the Payment Card Industry Data Security Standard (PCI DSS),
  • the Federal Energy Regulatory Commission (FERC),
  • HIPAA.

Privileged Account Management (PAM) tools help enterprises keep track of who is logged into a privileged account at any given time and produce access logs. One way this software works is: an administrator logs in to the PAM software, and it then logs in to the privileged account they want access to. The privileged account management product grants privileged user access to privileged accounts [1].

Links to articles on PAM, [1] Burton Group Identity and Privacy Blog, KuppingerCole, Information Security Magazine.

3) Privileged Account Management on the Social Web.

Increasingly companies have privileged accounts on the social web. Dell computers has several for different purposes. Virgin America, (they link to the account from their website – thus “validating” that this is their real account), JetBlue, Southwest Airlines, Zappos CEO, (employees who twitter), Comcast Cares (Frank Eliason) (interestingly comcast on twitter is blank).

Twitter is just the tip of the iceberg – there are also “fan pages” on Facebook for brands. Coca-Cola, Zappos, NYTimes, Redbull, Southwest, YouTube Channels, Dunkin’ Donuts, etc, etc. on thousands of other platforms and yet-to-be-invented services.

These are very powerful accounts – they are managed and maintained by many employees around the clock and are the public voices of companies.

I have yet to see or hear of any software tools to enable enterprises to manage Social Web privileged accounts. How are companies managing access by multiple employees to these accounts?

Is there software that does this yet?

Is anyone working on these kinds of tools?

Leave your comments here or tweet with me @identitywoman

SSN's can be guessed

Kaliya Young · July 6, 2009 · Leave a Comment

This just in from slashdot:

“The nation’s Social Security numbering scheme has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth. The researchers used the information they gleaned to predict, in one try, the first five digits of a person’s Social Security number 44 percent of the time for 160,000 people born between 1989 and 2003.

This is from the Wired coverage:

By analyzing a public data set called the “Death Master File,” which contains SSNs and birth information for people who have died, computer scientists from Carnegie Mellon University discovered distinct patterns in how the numbers are assigned. In many cases, knowing the date and state of an individual’s birth was enough to predict a person’s SSN.

“We didn’t break any secret code or hack into an undisclosed data set,” said privacy expert Alessandro Acquisti, co-author of the study published Monday in the journal Proceedings of the National Academy of Sciences. “We used only publicly available information, and that’s why our result is of value. It shows that you can take personal information that’s not sensitive, like birth date, and combine it with other publicly available data to come up with something very sensitive and confidential.”

Basically it means we shouldn’t be honest about our date of birth and home town on Facebook (or any other social network) or we are making ourselves vulnerable to discernment of our SSN’s. I wonder if they can figure out mine? I received my as an adult when I was attending college in California.

I decided to poke around and see what Facebook had up about Identity Theft. I did find a link to this study that created a profile by “Freddi Stauer,” an anagram for “ID Fraudster,”.

Out of the 200 friend requests, Sophos received 82 responses, with 72 percent of those respondents divulging one or more e-mail address; 84 percent listing their full date of birth; 87 percent providing details about education or work; 78 percent listing their current address or location; 23 percent giving their phone number; and 26 percent providing their instant messaging screen name.

Sophos says in most cases, Freddi also got access to respondents’ photos of friends and family, plus a lot of information about personal likes and dislikes, and even details about employers.

Facebook users were all too willing to disclose the names of spouses and partners, with some even sending complete resumes. One facebook user divulging his mother’s maiden name—the old standard used by many financial and other Web sites to get access to account information.

Most people wouldn’t give this kind of information out to people on the street but their guard sometimes seems to drop in the context of a friend request on the Facebook site, O’Brien says.

According to Sophos, the results of what it calls its Facebook ID Probe has significance for the workplace as well as personal life because businesses need to be aware that this type of social-networking site may pose a threat to corporate security.

I have tried to search the Facebook blog to see what they have to say about identity theft and apparently they haven’t mentioned it.

India says it will be creating National ID for Citizens

Kaliya Young · June 29, 2009 · 1 Comment

I found this last night on Slashdot – it was to important not to blog about. “India to Put All Citizen Info into Central Database”
Reading the article in The Independent this stood out for me

The creation of the ID or Unique Identification Number (UID) was a major plank of the manifesto of the ruling Congress Party during the recent election.

India is not a western democracy where “everyone” has papers and certificates of birth. As the article highlights

“This could be used as a security measure by the government which leaves migrant workers, refugees and other stateless people in India in limbo, without access to public services, employment and basic welfare.”

Our identities don’t come from government – they come from our social interactions and relationships.
The other issue that comes from this is “everyone in one database” is a giant honey pot.

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

     Copyright © 2023 Identity Woman  evelurie.com/web design/develop     

  • Terms of Use
  • Privacy Policy
  • Sitemap
  • Contact