• Skip to primary navigation
  • Skip to main content

Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

  • About
  • Services
  • Media Coverage
  • Podcast
  • Blog
  • Contact
  • Show Search
Hide Search

Identity Systems

Seeing Self-Sovereign Identity in Historical Context

Kaliya Young · June 21, 2022 ·

Seeing-Self-Sovereign-Identity-in-Historical-ContextDownload

Abstract

A new set of technical standards called Self-Sovereign Identity (SSI) is emerging, and it reconfigures how digital identity systems work. My thesis is that the new configuration aligns better with the emergent ways our social systems in the west have evolved identity systems to  work at a mass scale and leverage earlier paper-based technologies.

To make this case  I trace two different histories. The first follows the ways in which  identities were designed and managed in computer systems.  The innovations in SSI are a major breakthrough in the design of computer identity systems. The second history examines the evolution of paper-based identity systems that emerged in Europe. This section integrates  recent scholarship about the emergence of a particular social-psychology that came with  the first paper-based identity documents. This work explains what paper based identities meant and why they were accepted and made sense to people. The last section of the paper brings these two histories together and explains why the underlying technological design of SSI aligns  with Western liberal democratic values in a way that the earlier digital identity systems designs do  not.

Introduction 

Developers and policymakers think about social and technological systems as a given in the present moment. The assumption that current systems are a given applies to paper-based identity systems, digital identity systems, and the social systems that we relate to and use to form our identities. This paper adopts a materialist approach that sees all things as the result of processes.  

The first section of the paper reviews the basics of Self-Sovereign Identity (SSI) technology for readers unfamiliar with it —however, it is not intended to be a history of how SSI developed. 

The second section of the paper provides a view of how digital identity systems have evolved since the emergence of computers. This section makes critical differences between those earlier systems clear for non-experts. For example, the new self-sovereign identity systems reduce the inherent opportunities for tracking and, therefore, the privacy risks of earlier digital identity systems and the current dominant technical architecture of enterprise identity and access management. 

The third part of the paper looks at the history of paper-based identity systems that are in widespread use today. It explains  how they work and why they make effective trade-offs between accountability and visibility across systems. This section begins tracing  this history further back than most other accounts —beginning with the actions of the Catholic Church around 500 CE. This section integrates  recent scholarship about the emergence of a particular social-psychology present when the first paper-based identity documents were created. It explains they were accepted and made sense to people. It also walks through scholarship that tracks the material evolution of paper identity documents from when they first appeared to now.

The fourth section of the paper explains how SSI technologies differ from other models of digital identity management—particularly Enterprise Identity, Access Management, and the consumer IdP models. The primary difference is that SSI provides a way to express high confidence digital credentials in a digital format without anchoring identity information to identifiers such as network endpoints under the control of the state or some other corporate entity. SSI provides a way to restore the qualities of paper-based documents in the digital world: once issued to the individual, documents are under his or her control. Individuals can show their documentation to whomever they choose. In addition, SSI improves the efficiency and security of earlier identity systems by limiting the information that individuals must reveal to verify aspects of their Identity.

I am a practitioner who works day in and day out with technologists, business leaders and policy makers. I work in communities full of sincere people working hard to develop good designs for emerging digital identity systems. I am a “natural academic” and have read extensively across a range of disciplines, including those focused on systems design and understanding, and use my literacy in these areas in this paper.

The paper explains the underlying systems design of both paper-based and digital identity and explores qualities of each in a historical context. This includes exploring them both on their own and together where they intersect  in the real world as SSI-based systems designed by Western liberal democracies (New Zealand, Canada, United States, European Union). r.   

One can not reasonably write about identity without at least acknowledging the philosophical questions of identity. These have likely existed since human beings first achieved consciousness. We find them throughout all cultures in our myths, stories, religions, and philosophies. The primary questions being asked: “Who am I?”, “Am I more than just my body?”, and so on. I am setting aside these legitimate paths of exploration, choosing to ground human identity in a historical materialist approach. This approach sees “all structures that surround us and form our reality (mountains, animals, and plants, human languages, social institutions) as the products of specific historical processes.”

Before proceeding, I must emphasize that everything in this historical materialist tradition results from a process Every “thing” that you can point to, that you can identify, results from emergent processes over time. Our lives as human beings in bodies are the result of processes. The artifacts we create to point to or identify people in the complex society we live in—such as “identity documents”—result from these processes. Identity is a process. 

When discussing “identity,” the physical things identified seem central; however, the historical processes that shaped the document or technology used to express it are often forgotten . Documents containing “identity information” result from historical decisions, accidents, and innovations that helped organizations function. Both a human person and their identity documents have a physicality, but how they came to be, the process of their creation, is as important as their “thingness.” 

I introduce this anchoring frame of understanding historical processes because I will use it throughout the paper to explain the processes of various identity systems. By looking at processes, crucial differences between these systems can be seen and understood. If one simply looks at the “things” or resulting artifacts, the differences are less obvious. Different identity architectures are arrived at through processes that have different implications for people and interact with the power relationships between people and organizations.

Self-Sovereign Identity Technology

The following is  a brief, overview of SSI. It is not a history.  For that I recommend Chapter 16 in the Self-Sovereign Identity book. This section covers the basic architecture and core standards of SSI so that: a) the contrast between SSI and other systems can be discussed in the technology section, and b) the appropriateness of SSI to replace paper-based identity documents can be explored in the final section. 

Verifiable Credentials

Verifiable Credentials (VCs) is a World Wide Web Consortium (W3C) specification that defines a universal data format for digital credentials and how to share proofs of their authenticity. A credential can assert anything that an entity wants to assert about another entity and is adaptable for many purposes. An example of a government issued credential is a birth certificate. An example of a credential from civil society is a professional association membership; an example of a commercial credential is a loyalty card from a store; and an example of an employment credential is an employee badge. 

Figure 1. Verifiable Credentials diagram from the W3C specification. 

The issuer of the credentials and the receiver of the credentials (Verifier) do not need to directly communicate because of the clever use of public-private key cryptographic technology. The Issuer uses their private key to seal the credentials before issuing them, as structured data, to the Holder. The Holder stores these credentials in their Digital Wallet. As with a physical wallet, the Holder can choose to present the Verified Credentials stored in their Digital Wallet to anyone. 

When the Holder of the credential wants to present them to any receiver/acceptor (called a Verifier in this model), the Holder sends over a verifiable credential presentation. Then, using the Issuer’s public key, the Verifier runs a mathematical computation to check that the data structure originated with the Issuer, who controls the requisite private key associated with the public key, and that it has not been altered. The Issuers share public keys widely (sometimes via blockchain), so the Verifiers can use mathematical calculations to verify the authenticity of the Holder’s verifiable credential. 

Since the initial compilation of version 1 of the Verifiable Credential specification (2018), developers have expanded its effectiveness to better preserve privacy. Holders can now present particular pieces of information instead of the entire credential. So, a Holder could, for example, show just their age in years and not their birthdate. Or, a Holder could prove they served in the military but not have to share in which branch they served  or the dates of their service. Or, a Holder could prove they were a student at a particular school but not reveal their student number. This type of sharing is called selective disclosure. 

Decentralized Identifiers

A management application and associated storage are needed to support the exchange of Verifiable Credentials and cryptographic key materials associated with the Issuer. The application also has to leverage cryptographic key material generated and managed by the Holder, but never stored with anyone. 

The management of this type of material is difficult. Earlier systems used special key registry services that published the public key associated with a particular email address. People who wanted to send a cryptographically secure email to a given address could use the public key associated with the sender’s email address. To decrypt a message from a particular sender, the receiver would look up the sender’s public key and know that it came from that sender. The scale of key management for a Verifiable Credentials system is vast.  A database, like the MIT key server, or a website, like keys.openpgp.org, does not scale,    Relying on such a centralized service would make the system brittle and vulnerable..

On top of that, keys associated with an email address are anchored to a globally centralized system. Innovators of SSI technology decided to store, and manage, keys in a way that is both scalable and accessible but not controlled by a centralized authority. 

Developers need to provide users with persistent identifiers and pointers to cryptographic keys. Still, administrators also need to reassign different keys to an identifier when updating content that those keys unlock. Developers cannot store cryptographic keys in a fixed database assigned to an email address, like the MIT key database described above. Developers need to find another level of abstraction, so that the cryptographic keys can be rotated over time in relation to persistent decentralized identifiers. Blockchains collectively manage databases (either permissioned or permissionless) that once written are not erasable. Although Verifiable Credentials can be issued without decentralized identifiers or blockchains, together both of these innovations provide a beneficial common standard for sharing keys in a resolvable way. Here is a description from the W3C Standard.

Decentralized identifiers (DIDs) are a new type of identifier that enables verifiable, decentralized digital Identity. A DID identifies any subject (e.g., a person, organization, thing, data model, abstract entity, etc.) that the controller of the DID decides that it identifies. In contrast to typical, federated identifiers, DIDs have been designed so that they may be decoupled from centralized registries, identity providers, and certificate authorities. Specifically, while other parties might be used to help enable the discovery of information related to a DID, the design enables the controller of a DID to prove control over it without requiring permission from any other party. DIDs are URIs (Uniform Resource Identifiers) that associate a DID subject with a DID document, allowing trustable interactions associated with that subject.

Each DID document can express cryptographic material, verification methods, or service endpoints, which provide a set of mechanisms that enable a DID controller to prove control of the DID. Service endpoints enable trusted interactions associated with the DID subject. A DID document might contain the DID subject itself—that is, if the DID subject is an information resource, such as a data model.

This [specification includes] a common data model, a URL format, and a set of operations for DIDs, DID documents, and DID methods.

Figure 2. The diagram of the relationship between key components of a DID and DID Document from the W3C DID Specification. 

Decentralized identifiers sit in stark contrast to earlier systems of identifiers that were permanently anchored in either globally managed registries (e.g. Domain Names in the DNS via ICANN or Phone numbers via the ITU-T) or within private namespaces such as usernames at websites (within the domain name system), Twitter handles, or Instagram handles.  

The Decentralized Identifier is a breakthrough in technical architecture that centers control of the identifier within an entity itself (via the software it controls). Identifiers do not need to be assigned by some outside issuing authority; the entities themselves can generate identifiers. Ownership of these identifiers can be proven independent of any “issuing authority.” This proof is achieved by using the properties of public-private key cryptography. 

Decentralized Identifiers do not have to be stored on a blockchain to be valid. The public keys associated with a DID, created and owned by any entity (person or organization), can connect to any other party. Pair-wise, these connections can be unique to the two parties. A specification under development called DIDComm will standardize this type of communication. 

DIDComm sits in contrast to several antecedent technologies, like the cryptographically secure email via PGP. Email via PGP publishes an associated public key, in a publicly accessible way, on a key server. All messages sent  to that address use that key, making it non unique per connection. DIDComm is also distinct from widely used messaging applications that use unique keypairs per connection, like WhatsApp, Signal, and Telegram. These applications avoid user names/identifiers and “cheat” by leveraging phone numbers as a persistent identifier that can identify users in the network. They also do not exchange unique keys per connection with other parties – but rather have a singular public key they share and use for all their connections.

The Historical Evolution of Identity in Computer Systems 

The earliest computer systems were developed and used by business enterprises or organizations, like research institutions. The first computer systems, like the Colossus and Eniac, were created in World War II. They were so rudimentary that there was no need for a “user account.” Shortly after that, large mainframes were developed  to support more than one user interacting with one computer system. Developers invented user-names and passwords to manage access. As a logical next step, the ability to write messages to other users of the same mainframe computer was invented by those early users. These messaging systems were the antecedents of email.

In the 1970s, with the creation of the ARPAnet, large computer systems began to link together by a protocol stack called TCP/IP. By using these connections, users could send messages between computer systems in different cities. Because messages could be transmitted between people in different locations, standards were developed to manage those messages. The standard for transferring messages between computer systems on the Internet is the Simple Message Transfer Protocol (SMTP), which is still in widespread use because it creates a way for anyone with an email address to send a message to anyone else with an email address. These early ARPAnet users began a naming system so that human-readable names could be mapped to Internet Protocol (IP) addresses, making email usable for people. Addresses took the form of “user name_@_institution name_._type of institution_.” By default, messages are not encrypted. In the 1990s, PGP key servers were developed to add encryption.

As computer systems within the enterprise became more complex, multiple programs ran on a single large system. Eventually, users needed a single login that would let them access a whole variety of services included in  enterprise systems. This led to protocols to manage the complexity of the enterprise. LDAP (Lightweight Directory Access Protocol) supported the maintenance of directory services so that information about users could be used throughout the enterprise. 

Another protocol called SAML (Security Assertion Markup Language) supports federated authentication and authorization both within enterprises and potentially between enterprises. SAML helps manage who has access to what systems. These internal federation architectures, using SAML and LDAP, were the dominant methods of identity management because they made sense in the context of enterprise computer systems. 

These digital Identity management solutions emerged within social and cultural power structures, like employment, where having control “over people” by controlling their identifiers aligned with the power to hire and fire them. Employees did the work for the enterprise—they were not a free persons acting in a social universe of peers and associates or as business customers. Because these original architectures were well-established beginning in the 1990s and solidified in the early 2000s, they shaped the thinking of many identity management professionals about how identity management in the digital realm could be done. 

The architecture of assigning users an identifier and managing it for them was first used not for the consumer internet, but within enterprise systems. A whole field of enterprise identity and access management arose before the web even existed. This control architecture is still widespread and makes sense relative to the inherent power relationship between employees and employers. Companies hire employees to do work. In exchange for that work, they are paid wages. When an employer is not happy with an individual’s work or simply does not have enough work to be done, they will let an employee go. This dynamic of hiring and firing is designed to meet the needs of the enterprise. 

When the employee’s work involves interacting with a computer system, it makes sense that the employer provides access to that computer system. This assignment is made via an identifier/employee number assigned by the employer to that employee. The employee could leverage a shared secret (password) when seeking to access the system doing what is called authentication and then given authorization. Then when the employee no longer works for the company, this digital representation for the employee in the enterprise system should be terminated so they can no longer access the systems – authorization is denied. In other words, access to the system should end for the person who is no longer an employee.  These control structures are part of the original enterprise identity and access management. 

When the first consumer internet arose, companies like AOL and Compuserve offered accounts to users. Social media companies still use this  same system today. Users get this type of identifier when they go to a new service and choose a username within a service’s namespace. This identifier sits within the issuer’s namespace and domain of control. This means that the issuer can terminate the subject’s access to that service’s namespace. 

After picking a username, the user chooses a password. The password is thus a shared secret that both the user and the service know (but no one else). Finally, when the user asserts they are the entity in control of a given username, the service challenges them to also present the shared secret (i.e., the password). In recent years, there has been a push to support the wider adoption of additional authentication factors, some of which use cryptography (like RSA tokens or Yubikeys). However, the process of two or three-factor authentication still involves proving control of an identifier managed by the Identity Provider. 

Figure 3. This diagram shows a Sole Source Topology for Identity where the individual gets new separate accounts for every service they interact in—resulting in individuals having dozens if not hundreds of different accounts at different services and needing to manage just as many user-name and password combinations. 

This way of managing identity has architectural control properties quite similar to the enterprise control over employee accounts. Federation expands the use of the identifier beyond the one site or service. Services known as Relying Parties encourage new and returning users to leverage an account from another service. These Relying Parties require that users prove they have control of an identifier on that service. Once control is proven, the users gain access to the Relying Party’s site. A standard called OpenID was invented at a conference facilitated by the author to support this type of transaction. It led to the proliferation of “sign-in with” buttons, which let users use their Facebook, Google, LinkedIn, Twitter, Github, or other ID to log into a range of websites.  

Figure 4. The flow of an OpenID Connect connection that has an Identity provider. 

While this model, in theory, leads to a variety of Identity Providers, in practice, very few emerged because of the “NASCAR Problem.” Only a few Identity Providers can fit on a given login screen, so users have very few choices for Identity Providers. 

Self-Sovereign Identity technology stands in stark contrast to its antecedent technologies:  topologies  of single-source identity and identity federations. SSI differs from earlier digital identity systems because the receiver/accepter of a credential can be assured of its veracity without directly connecting to the issuer. Receivers don’t have to make a phone call to check a document, and they don’t have to establish a technical federation using a protocol like SAML or OAuth to ping a database of the issuer. 

It is also worth comparing these digital technologies with the embodied Identity of humans. As human beings navigate a social world in physical space, they show up in their physical bodies, associated clothing and are recognized by others. In effect, their bodies and clothes are an “authentication factor” because our memory of people is tied to their physical form. When the physical world’s social, human process in the physical world is translated into the digital world, identifiers are assigned to people by organizational entities that ultimately have control over those identifiers. This means that people are becoming disconnected from their social world, where Identity is individually asserted and socially recognized. The platforms that host, manage, and control our digital identifiers are within their rights to delete our digital identities and even reassign our identifiers to others. We are not free people in these systems because we are directly under the authority of these mega identity providers.

Figure 5.  This diagram shows how the identity providers dis-intermediates individuals from other organizations they connect with by logging in via their Identity Provider.

All the social platforms like Facebook, LinkedIn, Instagram, and Twitter manage their own name-spaces. These platforms also own the connections between the people who have accounts on their services. This means that the social fabric of our society, translated into the digital realm, is owned by these platforms and not by us—the people who are connecting to each other. 

DIDComm, explained above, can provide an alternative to this control architecture. With this new Self-Sovereign Identity technology, we the people own (via software we control) the digital identifiers we use to connect to other people. With SSI, we control and own our social connection, as expressed in the digital realm. SSI technology provides a reclamation of the social, digital commons from its enclosure by the mega-Identity providers like Google and Facebook.

Figure 6. The timeline of key points in the development of computer/digital identity systems from the first computer systems to the present day.

Contemporary Institutions and Paper-based Identity Documents 

This section looks at two phenomena: the origins of contemporary institutions and the origins of identity documents in relation to those institutions. Their histories are woven and interrelated. I am taking this approach because identity documents issued by various institutions are taken for granted, and it is assumed that “it was always this way.” Several years ago, a gentleman who works with the UN was on a panel at a conference asserting that “states have always issued identity documents to people.” This can seem true because, in our living memory, it has always been so. However, I had to pipe up as a ‘panelist from the floor’ to remind everyone that, in fact, the passport system was only started 100 years ago. It has emphatically not always been this way. So how did it come to be? 

Colin Koopman wrote in How We Became Data: A Genealogy of the Informational Person: 

I suggest that bringing the politics of information into view requires extending the scope of our historical analysis to the period preceding wartime information sciences and the postwar information theory to which they gave rise. 

Koopman, C How We Became Our Data: A Genealogy of the Informational Person

His book has a whole chapter about the origins of the bureaucratic birth certificate system we have today; his book looks at the history of forms and processes used in the US between 1913 and 1937. For this historiography, I want to push the timeline back even further to consider deeper questions about why systems of birth certificates and other forms of documentation appeared in Europe centuries earlier. I believe that we have identity documents because we have non-kin-based institutions that require identity documents to function. These two things – documents and institutions (which have governance mechanisms) – together help create complex networked contemporary society and, below, I make this argument in several different ways. 

I am drawing on recent scholarship highlighting the key emergent processes that created 1) new institutions in Europe and 2) the social psychology of people who saw themselves as “individuals” with “identities” of their own relative to these institutions. Identity systems created  by institutions predate any digital systems by millennia. Moreover, these pre-digital identity systems have a material logic informed mainly by the physical reality of paper, which was the available technology substrate to manage these systems.  

Many histories of modern identity systems often begin in the Middle Ages with letters of introduction, then move on to birth certificates, census receipts, and citizenship papers. We will get to that history. However, it is worth asking, “Why did these technologies of Identity make sense to the people who adopted them?” and “What happened in the preceding thousand years in Europe to make this technology of identity documentation acceptable?” 

To get at this more in-depth history, I draw on Joseph Henrich’s book The Weirdest People in the World. In it, Henrich describes cultural forces that were set in motion by the Catholic Church beginning in the 500s. Beginning around this time, the church imposed a marriage and family program (MFP) that banned cousin marriage. This eventually extended all the way to 7th cousins—they had the tools to do this tracking back seven generations (or 140 years) via baptismal records or logs. This documentation of who was baptized served as a precursor to the state issuance of birth certificates.  

As part of MFP they imposed other norms that prohibited close family members who were not blood related from getting married. My sisters husband is my brother-in-law. This term originates from the MFP and comes from this time – it was in church law that one was considered a brother. If my sister died and my brother-in-law wanted to marry me he would be prohibited from doing so even though we are not blood relatives but relatives according to the law (of the church).  

Keeping records to avoid cousin marriages, while an interesting antecedent to birth certificates, does not explain the cultural shifts that lay the ground for people thinking of themselves as individuals. The breakup of cousin marriages effectively broke apart intensive kin-based institutions that linked people together based on family ties. Without these kin-based institutions “to organize production, provide security, and endow people with a sense of meaning and identity, individuals were both socially compelled and personally motivated to relocate, seek out like-minded others, form voluntary associations, and engage with strangers.” 

As kin-based systems broke apart over hundreds of years, people moved to towns and cities and joined religious institutions like monestaries in much larger numbers beginning in the 10th and 11th centuries. It was in these places that proto-WEIRD psychology emerged, involving

analytic thinking and non-relational morality. These changes favored the development of impartial rules that granted privileges and obligations to individuals, while also creating impersonal mechanisms for enforcing trusts such as accounting records, commercial laws, and written contracts. The new social organizations created new ways for human social groups to be organized and operated that were not based on kinship ties. There was experimentation, and other institutions copied and spread good ideas.

 Below are the core elements Henrich describes as defining WEIRD psychology: 

1. Analytic thinking: This grew in importance as people navigated the world of “individuals” rather than dense familial interconnections, reducing the importance and value of holistic thinking. 

2. Internal attribution: As social life shifted to the individual, “traits like dispositions, preferences, and personalities as well as mental states like beliefs and intentions became important. Soon lawyers and theologians even began to imagine that people had ‘rights.'”

3. Independence and nonconformity: “In a society with weak kin ties and impersonal markets,” individuals focused on their uniqueness rather than venerating ancient wisdom and elders. 

4. Impersonal prosociality: With life being governed by impersonal norms for dealing with strangers, “people came to prefer impartial laws that applied to their groups or communities (their cities, guilds, monasteries, etc.) independent of older social relationships, tribal identity, or social class.” 

As beliefs and values changed, the material possibilities in people’s lives did too. As a result, new opportunities emerged for how society could be organized.  

“As intensive kin-based institutions dissolved, medieval Europeans became increasingly free to move, both relationally and residentially. Released to choose their own associates—their friends, spouses, business partners, and even patrons… Constructing their own relational networks opened a door to the development and spread of voluntary associations, including new religious organizations as well as novel institutions such as charter towns, professional guilds, and universities.”

Henrich, JosephThe WEIRDest People in the World: How the West Became Psychologically Peculiar and Particularly Prosperous, 2020. 

When looking at these slow, but over-the-long-run significant, social shifts, we can ask: “Why did identity systems of institutions emerge when they did, and why did people choose to adopt these technologies?” Because these newly emergent assemblages were not defined by familial/genetic ties, people needed to find ways to support defining who had entered the boundary of the institution. The institutions needed tools to remember who was part of the institution and who had left. E.g.: In the case of guilds, knowing who their members are; in the case of towns, knowing who residents are; in the case of the military, knowing who makes up the soldiers in military units; or in the case of hospitals, knowing who the medical patients are. The one technology available to do this was a paper-based record-keeping system. This commonly took two froms : log book lists or cabinet files. Both ways involved keeping track of who was in a social formation. These systems could also involve a letter or certificate given to the person themselves. In the case of university, institutions needed to track students as they matriculated through the institution, verify those students graduated from an institution with a degree, so they communicated that via paper certificates with the seal of the institution. 

This process of identity formation and boundary creation is not unique to human social systems, institutions, or assemblages, but also part of how biological networks function. 

Social networks exhibit the same general principles as biological networks. There is an organized ensemble with internal rules that generates both the network itself and its boundary (a physical boundary in biological networks and a cultural boundary in social networks). Each social system—a political party, a business organization, a city, or a school—is characterized by the need to sustain itself in a stable but dynamic mode, permitting new members, materials, or ideas to enter the structure and become part of the system. These newly entered elements will generally be transformed by the internal organization (i.e., the rules) of the system.

One way that these boundaries are created and sustained was via paper-based identity systems, and the rules of the organizational assemblies, in turn, shaped how identity systems were operated and  managed.  

“What processes stabilize and maintain the Identity of these assemblages? The spatial boundaries defining the limits of an authority structure are directly linked to its jurisdiction[…] The stability of these jurisdictional boundaries will depend on their legitimacy as well on their continuous enforcement.”

I argue that one of the processes and technologies that arose to stabilize and maintain the identity of these assemblages is paper-based identity systems. Because authority or governance was not based on kinship ties with these new organizations, they “had to decide how to govern themselves in ways that were both acceptable to current members and capable of attracting new members in competition with other organizations.” They did so by “developing laws governing individuals [and thus] developed well-functioning representative assemblies.” 

So, the need to manage who was in and out of these institutions also led to the emergence of novel governance systems because these new institutions emerged and innovated new mechanisms to define their boundaries and membership. This development laid the groundwork for the development of systems of democratic governance, which in turn also required a method of knowing  who was in the organization or assemblage. Today, we see that one of the hallmarks of democratic election systems is the publicly available voter rolls of who can vote and, once the election is completed, who actually voted. 

These systems of people interacting beyond their own kin lead to the emergence of pre-capitalism that developed “a growing repertoire of social norms and organizational practices [that] were cobbled together, described in charters, and formulated into written laws. Lex mercatoria, for example, evolved into commercial law.” These activities meant that strangers were doing business with strangers using contracts to access justice. To get this all to work, the parties with a contract must have a way to express their identity in the contract—one that is recognized by other individuals operating within the context—so they could, if need be, turn to those outside of the contract to help resolve disputes and manage enforcement. In Europe, this need for clearly expressing identity required  various paper-based documents that established Identity and included practices that emerged first around seals. In time seals  evolved to personal signatures that represented individuals’ decisions in a concrete form on contracts.  

Identity systems also serve a mechanism of cultural and meaning transmission over time. Social networks of humans interacting with each other exhibit the same principles as biological networks. “Culture is created and sustained by a network (form) of communications (processes) in which meaning is generated. The culture’s material embodiments (matter) include artifacts and written texts, through which meaning is passed on from generation to generation.”

For pre-digital identity systems, some of the artifacts used to construct meaning are paper documents related to identity information. These documents arise from the processes that institutions implement to create them. There were local authorities that registered births and issued birth certificates so that authorities could prove how old a child was (to prevent child labor) and who one’s parents were for inheritance purposes. 

These institutions are not “people” who are interacting with one another and using bodies as the known common factor to recognize each other. When returning to interact with an institution and its systems, people must represent themselves in a way that is understandable to the institution or more precisely to a person who is acting in a role with that institution. This is done by producing documents issued to the person by either that institution or another institution whose authority they accept. 

These institutional processes require some basic steps of enrollment or registration. Often an indexical number is assigned to an individual—this helps the institution find the records of this person again and add more information to the institution’s record of the person. Often when a person is interacting with institutions, other attributes about the person are often collected and recorded in identity documents, ledgers, and records kept by the institution.

There are several contemporary examples of institutional networks becoming explicit and understanding how people are enrolled with them and later return to represent themselves. In Canada work has been done by the public and private sector to develop a Pan-Canadian Trust Framework that articulates 24 micro-processes involved in creating an identity with high confidence in government-related systems. Global governing institutions like the International Civil Aviation Organization (ICAO) have set standards for Evidence of Identity and are seeking to standardize birth registration documentation globally. A whole range of institutions then use birth certificates that result from birth registration in order to recognize people. 

Modern nation-states and the identities that people have in relation to them emerged with the Treaty of Westphalia in 1648 as territorial states were recognized as legal entities. These entities, modern nation-states, are a relatively new emergent phenomena. They have a physical territorial form, but it is essential to remember that “human social systems[…] exist not only in the physical domain, but also in a symbolic social domain, shaped by the “inner world” of concepts, ideas, and symbols that arise with human thought, consciousness, and language[…]”  

It is important to remember that the state does not just  occupy land but that it also exists in the thoughts and beliefs of its subjects. These thoughts and beliefs arise through a process of social autopoiesis via an autopoietic network (self generating) and via communication:  

“Social systems use communication as their particular mode of autopoietic reproduction. Their elements are communications that are produced and reproduced by a network of communications and that cannot exist outside of such a network.”

Citizenship in territorial nation-states is a significant example of autopoiesis  in action. Mawaki Chango’s research shows that the initial issuance of identity cards to residents in the territory we call France was a crucial step in forming the idea that they were indeed citizens of a nation called France within those people’s minds. This process is replicated worldwide and shapes the beliefs of billions of people who are registered by the states where they live. 

It is worth noting that these state projects to register citizens also imposed naming conventions that we now take for granted. The inherited patronym was designed by states doing such record keeping in early projects to “allow officials to identify, unambiguously the majority of its citizens.” When successful, it went far to create legible people, and they remain the first recorded facts on documents of Identity. 

Here is a brief timeline of the evolution of both identity processes and their accompanying paper-based identity documents.

Figure 7 this presents a timeline of key developments in the history of paper-based identity documents. 

When individuals want to use  information about themselves asserted by one institution to gain access or services at another institution,  paper documents  are the pivot point of sharing that information. When I want to go to a bar and the bar needs to know how old I am—I present my drivers license at the door. The person at the door of the bar does not query a state level database to discern my age. The state has no idea where and with whom I shared my identity information. This is a diagram of how this works. 

Figure 8. This shows how paper documents are issued to and used by individuals. A person petitioning for a document will submit the needed requirements to the issuer (in the case of a birth certificate, the parents will fill out the forms and have the doctors sign them). The issuer, in this case the county registry, issues a certificate that the birth has been recorded in the county register. The individual seeking employment can prove their age by sharing this paper certificate with a potential employer – indeed this was the use case that motivated social reformers in the 1920s to push for universal birth registration that was achieved in the United States by 1940.

This section makes the argument that our current identity systems and their paper-based documents and processes cannot be separated from our complex interlocking institutions from which they spontaneously arose over millennia. We cannot “go back” at a global scale to peer and kin-based identity systems with no material artifacts. Given the pervasiveness of today’s digital technology, we cannot go forward with just paper-based tools to share and prove Identity with institutions that make our complex society function. So what options are there? The next section explores the incompatibility of the Enterprise Identity and Access Model and Consumer IdP model with the underlying architecture of paper based systems and argues that SSI models preserve important desirable qualities of paper-based systems.

The Path from Paper Based Identity Documents to Digital Identity Systems in Alignment with Western Liberal Democratic Values

The question of how paper-based systems can be replicated in the digital realm is not an easy one. If it was easy it would have been done years ago. So let us consider some potential paths that were present a decade ago.  

One could adopt the digital identity management systems and paradigms that emerged for managing the relationship between employees who needed access to digital systems to do their work as discussed in the first part of this paper. Employers assign employees an indexical number, an identity relative to their work at the company, and provision them with an account to access enterprise systems. By default, this enterprise architecture puts the employer “over” the employee with the power to see everything the employee does with their digital identity and terminate the employee’s digital identity in that system. 

So, it would follow in this model that governments can create digital identifiers that serve as persistent network end points for their citizens and then use this digital identifier and account to manage the citizen’s interaction with the state and all realms of life. This puts the state (itself an assembly of many organizations) in the role of providing digital identifiers to its citizens. Digital identities architectured in this way would be controlled and owned by the state. The government would have control over it in the same way that Google and Facebook have control “over” our digital social accounts, and in the same way that an employer has control “over” our accounts as employees in enterprise systems. 

This architecture doesn’t seem right and just within the context of Western liberal democracies. It allows the state to see  an enormous amount of the activities performed by an individual. t gives the state  the power to terminate the digital account and thus the “informational person,” a term coined by Colin Kooping.

Systems have emerged with these underlying architectural designs, and they all began more than 10 years ago before the SSI architectures were created. 
Some nation-states, tiny countries with highly accountable (and largely digitalized and online) institutions and high trust societies such as Estonia and Singapore, are pursuing this model. The central government issues  digital identifiers and leverages that national identifier across multiple contexts. The Indian government has enrolled the  majority of its residents into a system by collecting 13 biometrics (10 finger prints, two iris scans and a photo) from each of them and then assigning them a 12-digit identifier, Aadhaar number. The designers of India’s system imagined this number would be the center of the “India Stack” and could be used by people to login to all digital services both governmental and commercial. The World Bank has been promoting systems based on this model throughout Africa and offering substantial loans to support their implementation.

Figure 9. This is a slide from presentations by iSPRIT about how they envisioned the Aadhaar number of each Indian being at the center of a technology stack. 

The enterprise identity and access model that phones an authorized database repeatedly for authentication is not appropriate for the relationship between a citizen and their state. It is not a viable model for the exchange of information about people between all possible institutions within in a complex society. This is for three reasons: 1) the necessary  technical federation would be complex and vulnerable to cyber attack 2) the state can see all the transactions in which a citizen uses their account, and 3) the state can to terminate a citizen’s account his architecture doesn’t seem right and just within the context of Western liberal democracies. Campaigns against proposed digital identity systems with a centralized IdP design were waged in Australia and the UK successfully. 

When we look at how paper-based documents work, the individual was the pivot point in exchanging information from one institution to another. It is worth noting that institutions who receive shared information  (the Verifier) and want to be very sure the paper-based documents they are presented with are not a fraud might call the issuer to confirm the veracity of the documents. 

Self-Sovereign Identity technologies provide a way to restore key  qualities of paper-based documents in the digital realm. They make the person the pivot point for the exchange of information between institutions. Once issued to the individual, documents are under their control and can be shown to whomever the individual chooses. Verifiable Credentials have even better anti-fraud protections with digital signatures (so the Verifier does not need to contact the issuer). 

Figure 10. Self-Sovereign Identity specific use-case around the issuance and sharing of a verifiable credential in the educational context.

SSI bridges the gap between paper identity documents and digital identity documents in a way that does not put the state or any other institution in control of an individual’s identity. Individuals may issue their own identity documents without the approval of the state. However, to increase credibility, it will be common to share verified credentials with assertions from another party. The individual’s dependence on other parties for credentials is equivalent to their reliance on a community for their reputation in pre-digital times. This aligns with the emergent properties of social, institutional systems over the last thousand years in the European context.  

Figure 11. This shows the two different timelines of computer/digital identity systems and paper based systems.  They are two distinct histories with different needs and business processes that created each of them.  They can meet together in Self-Sovereign Identity  as its underlying architecture is similar to how paper based systems work  translated into digital. 

For better or worse, European models for many types of institutions have been exported around the world. The SSI protocol is broad and widely expressive. It is, as another name for it implies, decentralized, so any entity can use these open standards for any purpose they choose. This means that any institution, including kin-based and indigenous communities, could also use SSI to design credentials and issue them to their members on their own terms. Indeed, in New Zealand, a Maori-owned social enterprise, Ahou is exploring how express traditional kin-based Identity in this new digital format. They are also collaborating with the New Zealand government to have these identity documents recognized by them based on their historical treaty arrangements. 

In summary, SSI preserves or restores some features of earlier paper-based identity systems that emerged over millennia in Europe. Essentially, it provides a real alternative path to express credentials in a digital format that prevents the anchoring of identity information to identifiers as network endpoints under the control of the state or some other corporate entity. SSI improves the efficiency and security of earlier identity systems by limiting the information that must be revealed to verify aspects of Identity. It also reduces both the workload and the security risks associated with repeated checking between the issuer and the Relying Party to verify a credential.

Exciting SSI announcement was not well received by some

Kaliya Young · December 17, 2018 ·

The Microsoft-Mastercard SSI alliance is great news, but some thought it was a bad thing.

By all accounts, Fast Company’s Cale Guthry Weissman is a good reporter who knows his audience. Informed that Microsoft and Mastercard were partnering to create a new kind of digital identity, he went to get some answers, assessed the situation, and wrote an article that called the alliance “frightening”

But the solution they offer–a one-stop, universal identification for any and all applications–would mean that every citizen would be entering into a system built by private companies that centralizes all of their personal data. Every digital company wants to be a data hoover, and this program seems to underscore the extent of this pursuit.
[…]
Overall, this announcement speaks to a common tone-deafness among large companies when it comes to privacy. While proving digital identity can certainly be onerous, some solutions may only imperil us even more.

  • Microsoft and Mastercard have a frightening plan to create “digital identities”, Fast Company 12/04/18

Weissman can be forgiven for such a sentiment; tech companies have a well earned reputation for turning their users into unwitting laborers  on data farms. But it should be noted that Mastercard isn’t “a tech company”. When Weissman reached the global credit card company for comment they explained their bold new venture with excitement, emphasising that they’re going to use trusted sources to give control to the user, who will “share only the information needed to conduct their transactions,” but it didn’t really seem to take. They came off like someone who walked into a party wearing a set of Google Glass, then tried to use the uncomfortable pause that it created to explain how his dork goggles weren’t just a mass surveillance tool, they were also going to change the world! The spokesman would have done better to explain that SSI applications are explicitly NOT “centralized” as Weissman came away understanding, but they appear to have got a bit carried away.

“The next update will let me see into your soul, but it’s nothing to worry about.”

It seems like a good solution because it is a good solution, but Mastercard won’t be able to sell it themselves

We have no reason to doubt that Mastercard’s excitement is earnest. Credit card companies live the third-party verification problem every day, because they’re third party verifiers. Mastercard sees ease-of-use and fraud prevention savings in this project that are meaningful, and are excited about being able to achieve them without having to handle customer data. They’re telling their merchants and cardholders: “Look! You’re going to FINALLY have control of your own verification process! No more 2 pieces of ID with a credit card, and we don’t even have to hand the process over to a data-harvesting behemoth to get it done! (You just know Facebook or Amazon would have underbid anyone to get their hands on card verification contract, and for all the wrong reasons.) But Fast Company isn’t inclined to take them at their word. After all, they are partnering with Microsoft, who would surely know what to do with a bunch of cardholder and merchant data.
Microsoft, for their part, declined comment, which is interesting since they have so many good people working on this project who could comment eloquently including Daniel Buchner, Pamela Dingle and Kim Cameron among others. Perhaps from the PR department the silence is born of experience. Microsoft is the butt of the funniest tech jokes, and is aware of the shadow they cast. There isn’t anything they say to the general public to convince them that an identity play they’re making isn’t just another way to sink their tentacles into their users a bit further. The process knowledge just isn’t out there. Best say nothing until it’s ready.

Microsoft have good reasons to be this helpful.

The Microsoft that dominated the 90s and early oughts got their lunch eaten by Google, Facebook and Amazon, who cornered users into a Faustian bargain that they didn’t even know they were making. Microsoft’s unbreakable hold on the enterprise software market financed attempts to compete in the data and advertising realm, but it’s clear by now that beating data harvesters at their own game isn’t in the company’s DNA. This identity play may be Microsoft doing the next best thing: taking them out at the knees by giving the data control back to the customers.
Facebook is able to give access Cambridge Analytica and others access to user data by virtue of the fact that they have it. They could (and still do) broker access to users via their data, because they have ongoing user consent. If the user revokes that consent, nobody is checking if they’re honouring that revocation.
But they can’t sell what they don’t have. A user-centred permissions system would allow individuals to give Twitch streaming access to their X-Box ONE account, or not. LinkedIN could offer seamless work history verification, which would allow for an easy transition into the corporate HR services business, handling payroll, insurance and benefits for enterprises – all newly simplified user centric verifiable credentials. There are all sorts of places Microsoft can organically grow their core software business once the framework is in place to allow users and organizations to provide and revoke data from each other… once they can get over concerns people have over how the system actually operates.
There is not yet an SSI killer app. While Microsoft would no doubt like very much to develop one, they’re probably just as happy having someone else strike the discovery vein that gets the public’s attention. Once the user base gets wise to their new-found control, a self-sovereign-ID-enabled Microsoft will be in a position to enter the 2020s as a major player in this new market place of decentralized identity and credentials under the true control of the user.
(With files from Braden Maccke. Feature image courtesy Humans Unlimited Blog.)

Three new SSI papers I helped Review

Kaliya Young · October 29, 2018 ·

Last week was the Internet Identity Workshop and also in the past week there were two new papers released about Self-Sovereign Identity both of which I had a hand in reviewing.  ( A third just got released and it was added below in early November.)
They are both good papers and I recommend them.
The first one to be released by by the Future of Property Rights program at New America Foundation was A Nail finds a Hammer: Self-Sovereign Identity, Design Principles and Property Rights in the Developing World.  From the Introduction:

Our interest in identity systems was an inevitable outgrowth of our earlier work on blockchain-based1 land registries.2 Property registries, which at the simplest level are ledgers of who has which rights to which asset, require a very secure and reliable means of identifying both people and properties. In the course of investigating solutions to that problem, we began to appreciate the broader challenges of digital identity and its role in international development. And the more we learned about digital identity, the more convinced we became of the need for self-sovereign identity, or SSI. This model, and the underlying principles of identity which it incorporates, will be described in detail in this paper.
We believe that the great potential of SSI is that it can make identity in the digital world function more like identity in the physical world, in which every person has a unique and persistent identity which is represented to others by means of both their physical attributes and a collection of credentials attested to by various external sources of authority. These credentials are stored and controlled by the identity holder—typically in a wallet—and presented to different people for different reasons at the identity holder’s discretion. Crucially, the identity holder controls what information to present based on the environment, trust level, and type of interaction. Moreover, their fundamental identity persists even though the credentials by which it is represented may change over time.
 

The Second is by the Identity Working Group of the German Blockchain Association Self-sovereign Identity:  A position paper on blockchain enabled identity and the road ahead. 
From the Introduction:

Digital Identity is a field that matters to a seemingly infinite number of stakeholders from diverse backgrounds. Confronted with this extensive scope, we decided to structure this position paper around two major objectives:
First, to provide our readers with a structured overview of the identity field from the perspective of self-sovereign identity, and second, to motivate stakeholders in the identity community to embrace the idea of a universal identity layer and join us for the road ahead.
As a result of our collaboration in the identity working group in the German Blockchain Association, we propose the SSI model as a way to enable an identity ecosystem that is capable of solving many inefficiencies in existing identity solutions and addressing novel demands on identity in the emerging decentralised web. Whilst SSI systems can be constructed without the need for any blockchain system, blockchain systems can add significant value to SSI systems, as this paper will show. Ultimately, the universal identity layer that we describe is required to enable blockchain based decentralised systems and business models to reach their full potential.
Our aim is to present an overview that is independent from any one company’s product offering. We instead present an industry-wide consensus on the model of SSI that is geared towards the establishment of a truly interoperable and modular identity system that utilizes open standards. The paper can thus be understood as the baseline of agreement between all represented businesses from the identity space. The paper is an attempt to describe the universal identity layer from a high-level perspective with a focus on shared positions and agreement instead of going into technical implementation details that certainly matter but need to be discussed further on in the debate we intend to initiate with this position paper.

The Third report was pulled together by folks at GovLab NYU. BLOCKCHANGE: Blockchain Technologies for Social Change. FIELD REPORT: On the Emergent Use of Distributed Ledger Technologies for Identity Management

This is from page 54 which is part of a two page pull out by me :).

THE BLOCKCHAIN IDENTITY PARADIGM CHANGE
During our analysis, some have suggested that the above (enterprise) ID lifecycle is not representative of how blockchain can transform Identity. They have subsequently called for a new paradigm.
According to Kaliya “Identity Woman” Young: “The mental models of how identity is “managed” whether by an employer relative to an employee or by a government relative to a citizen or by an individual just logging into to a web service is disrupted by the new emerging standards of DIDs and Verifiable Credentials.

The authors did a literature of existing Identity Management research from academia that is not really familiar with current industry frames (a read a lot of this literature while I was in the Master of Science in Identity Management and Security and it was stale and out of date).  The case studies built on these existing frames rather then engaging from the current literature frames rather then new ones.
 
 
 
 

Is putting hashed PII on any immutable ledger(blockchain) is a bad Idea

Kaliya Young · February 3, 2018 ·

I decided to open a thread On Twitter for ID & security professionals to share why (/if) putting hashed PII on any immutable ledger(blockchain) is a bad Idea.
Not everyone agreed that it was bad if certain things were done right.
There were 15 direct responses and then a whole lot of subthreads. I have pulled out all the subthreads. All tweets are linked to. Yes…all of them. Let me know if i missed a thread and I will pull it in. Let me know if you post about this thread on your blog – I will post a link. Also I am giong ot share this with the identity gang list – you can join it here: https://lists.idcommons.net/lists/subscribe/community
Jeff Lombardo also made a summary of the conversation on his blog. https://x-iam.com/can-blockchain-solves-the-privacy-of-identity-connundrum.html
 
[Read more…] about Is putting hashed PII on any immutable ledger(blockchain) is a bad Idea

Bills of Rights Reposted

Kaliya Young · September 7, 2017 ·

The Many Bills of Rights

This was originally published 1 August 2011
The second recommendation of the World Economic Forum report Personal Data: The Emergence of a New Asset Class after innovation around User-Centricity and Trust is the definition of global principles for using and sharing personal data.
The The Startup Circle of PDEC is forming and defining its core principles now too.
This post is an aggregation of Bills of Rights and Principles developed about data, privacy and social networks.
September 2010

Visions and Principles for the Personal Data Ecosystem

by Kaliya Hamlin, Identity Woman
The future is at stake – without control over our own personal data, having a copy of all the digital bread crumbs we are leaving behind in the digital world, we leave ourselves to be tracked, and potentially manipulated by commercial interests without our knowledge.
This presents a vision for core aspects of the emerging interoperable, open standards based ecosystem of personal data services – rooted in the core functionality of a Personal Data Store – the vault/locker/services/broker where all an individuals data is collected and stored and managed.
Dignity of the Individual is Core Human dignity must lie at the core of the Personal Data Ecosystem. People must be able to shape how they represent themselves in digital contexts. People need the freedom to shape how they present themselves and how the data they generate in their lives is collected and used.
Systems Must Respect Relationships Relationships must be respected between people, between people and groups, and between groups and groups.  The Personal Data Ecosystem must respect that people and communities have different levels of publicness.  The relationships that people have with one another must be respected and the social context in which they are formed must be honored.
Remember the Greatness of Groups Personal Data and control over it give people a core human dignity.  It also must be remembered that human social life and human identity is shaped by our participation and membership in groups. It is the core organizing form of our society. Fundamental functionality must enable people to organize in groups, and it must be abstracted from any particular service or domain space.
The Social Web is not Networked Individualism People broadcasting what they do to their friends or followers does not make a social web; communities and groups do.
Protocols that Enable Broad Possibilities are Essential Protocols matter deeply: they shape what is possible by their definition of use cases that are possible or not in a given protocol landscape.   To have a truly social and dynamic web, there is a role for protocols that are designed specifically for that purpose, not just to create web pages or send emails.
Open Standards for Data and Metadata are Essential It is vital that the personal data store ecosystem be interoperable with open standards so people are free to choose which personal data services they wish to use.  Just like people are free to pick which bank to hold their money and provide services to them in the financial realm.
Defaults Must Work for Most People Most of the Time All systems have defaults.  The paradox of choice is that more options can overwhelm people and they end up not considering the choices they have. Real people need to have input into the creation and ongoing development of systemic defaults.
Norms and Practices in the Personal Data Ecosystem Must be Backed up by Law Emerging technologies need to have legal agreements and frameworks innovated to match their functionality.  The work on the legal framework for this ecosystem is as important as the protocols and code that make it go.
Business Opportunities Abound in this New Personal Data Ecosystem The paradigm of user collection, control and management of the personal data they are creating implicitly and explicitly around the web is a huge opportunity for services and ways of doing business. Creativity is needed to think through these new possibilities.
Diversity is Key to the Success of the Personal Data Ecosystem Large companies and nimble startups are all needed for the success of this emerging ecosystem.
 
 
September 2010

PDX Principles

by Phil Windley, CTO Kynetx, Technometria Blog
Here’s a list of a few things that I think distinguish a PDX from just places where your personal data is stored:

  • user-controlled – the user needs to be in control of the data, who has access, and how it is used. Once that data is in my PDX, I make decisions about it. That doesn’t mean the data might not also be somewhere else. For example, data about my purchases from Amazon will certainly be stored at Amazon and not under my control. But I might also be emailing the receipts to a service that parses them and puts the data in my PDX for my use.
  • federated – there isn’t one place where your data is stored, but multiple places that the data needs to be able to flow between, in a permissioned way. There’s no center, just a lot of cooperating system with my PDX orchestrating the interactions. While Amazon might not give my PDX access to and control over my transactions, my phone company might provide a PDX-capable contact service where I choose to store my contact information.
  • interoperable – various PDX services and brokers have to be able to operate together according to standards to perform their roles. When I take money out of my account at Wells Fargo and deposit it at Chase, I don’t lose part of the value because Chase doesn’t know how to handle some part of the transaction. The monetary system is interoperable with standards and, sometimes, shims that connect it all together.
  • semantic – a PDX knows more about the data that it holds than existing data stores do. Consider Dropbox. I can put all kinds of things in my Dropbox, but it’s syntactic, not semantic. By that I mean that if I want to put healthcare data in Dropbox and control who uses it, I create a folder and put the data in it with specific permissions. The fact that there is a folder with a certain name located at a particular place in the folder hierarchy is purely syntactic. In a semantic world, the data itself is tagged as healthcare data and no matter where it is, it’s protected according to the policies I’ve put in place.
  • portability – a PDX doesn’t trap data in proprietary formats. If my phone company is storing my contact data in the cloud and I decide that I want to move it to my own server or another service, I can—from a technical as well as a policy standpoint. Note that this doesn’t mean we have to wait until thousands upon thousands of data format specification get hammered out. Semantic metadata can provide a means of translating from one format to another.
  • metadata management – one of the primary roles of the PDX is managing data about my data. What are the roles I’ve created? What permissions have I granted as exceptions to the defaults? What semantics surround the various data fields? What data sharing, encoding, and encrypting policies have I created? All of this has to be kept and managed in my behalf in the PDX.
  • broker services – the PDX is a place where the user manages a federated network of data stores. As an example of why this is important, consider the shortcomings of OAuth. If I use an application that needs access to four OAuth mediated APIs, I have to go through the OAuth ceremnoy with each API provider separately. Now consider that I might have dozens of apps that use a popular API. I have to go through the OAuth ceremony for each of them separately. In short a broker saves us from the N x M explosion of permissioning ceremonies. Similarly for various data services.
  • discoverable – a PDX should provide discoverability for its APIs and schemas so that any application I’m interested in knows how to interact with it. Discoverability protects users from having to completely specify addresses, mappings, and schemas to every application that comes along.
  • automatable and scriptable – a PDX without automation is worse than no PDX at all because it burdens the user rather than saving effort. A PDX will be a player in a larger ecosystem of services. I don’t see is as a mere API that allows services and applications to GET and PUT data—it’s not WEBDAV on steoids. The PDX is an active participant in the greater ecosystem of services that are cooperating on the user’s behalf.

June 18, 2010

Social Network Users’ Bill of Rights

Computers Freedom and Privacy Conference
For more background on the social network users’ bill of rights, also known as #BillOfRights, please see It’s time for a Social Network Users’ Bill of Rights,
We the users expect social network sites to provide us the following rights in their Terms of Service, Privacy Policies, and implementations of their system:

  • Honesty: Honor your privacy policy and terms of service
  • Clarity: Make sure that policies, terms of service, and settings are easy to find and understand
  • Freedom of speech: Do not delete or modify my data without a clear policy and justification
  • Empowerment : Support assistive technologies and universal accessibility
  • Self-protection: Support privacy-enhancing technologies
  • Data minimization: Minimize the information I am required to provide and share with others
  • Control: Let me control my data, and don’t facilitate sharing it unless I agree first
  • Predictability: Obtain my prior consent before significantly changing who can see my data.
  • Data portability: Make it easy for me to obtain a copy of my data
  • Protection: Treat my data as securely as your own confidential data unless I choose to share it, and notify me if it is compromised
  • Right to know: Show me how you are using my data and allow me to see who and what has access to it.
  • Right to self-define: Let me create more than one identity and use pseudonyms. Do not link them without my permission.
  • Right to appeal: Allow me to appeal punitive actions
  • Right to withdraw: Allow me to delete my account, and remove my data

 
May 19, 2010

A Bill of Privacy Rights for Social Network Users

Commentary by Kurt Opsahl, EFF
Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connections with loved ones, family, friends and colleagues. They have access to extremely sensitive information, including data gathered over time and from many different individuals.
Here at EFF, we’ve been thinking a lot recently about what specific rights a responsible social network service should provide to its users. Social network services must ensure that users have ongoing privacy and control over personal information stored with the service. Users are not just a commodity, and their rights must be respected. Innovation in social network services is important, but it must remain consistent with, rather than undermine, user privacy and control. Based on what we see today, therefore, we suggest three basic privacy-protective principles that social network users should demand:
#1: The Right to Informed Decision-Making
Users should have the right to a clear user interface that allows them to make informed choices about who sees their data and how it is used.
Users should be able to see readily who is entitled to access any particular piece of information about them, including other people, government officials, websites, applications, advertisers and advertising networks and services.
Whenever possible, a social network service should give users notice when the government or a private party uses legal or administrative processes to seek information about them, so that users have a meaningful opportunity to respond.
#2: The Right to Control
Social network services must ensure that users retain control over the use and disclosure of their data. A social network service should take only a limited license to use data for the purpose for which it was originally given to the provider. When the service wants to make a secondary use of the data, it must obtain explicit opt-in permission from the user. The right to control includes users’ right to decide whether their friends may authorize the service to disclose their personal information to third-party websites and applications.
Social network services must ask their users’ permission before making any change that could share new data about users, share users’ data with new categories of people, or use that data in a new way. Changes like this should be “opt-in” by default, not “opt-out,” meaning that users’ data is not shared unless a user makes an informed decision to share it. If a social network service is adding some functionality that its users really want, then it should not have to resort to unclear or misleading interfaces to get people to use it.
#3: The Right to Leave
Users giveth, and users should have the right to taketh away.
One of the most basic ways that users can protect their privacy is by leaving a social network service that does not sufficiently protect it. Therefore, a user should have the right to delete data or her entire account from a social network service. And we mean really delete. It is not enough for a service to disable access to data while continuing to store or use it. It should be permanently eliminated from the service’s servers.
Furthermore, if users decide to leave a social network service, they should be able to easily, efficiently and freely take their uploaded information away from that service and move it to a different one in a usable format. This concept, known as “data portability” or “data liberation,” is fundamental to promote competition and ensure that users truly maintain control over their information, even if they sever their relationship with a particular service.
 
June 22, 2009

A Declaration of Health Data Rights

endorsed by many organizations and companies
In an era when technology allows personal health information to be more easily stored, updated, accessed and exchanged, the following rights should be self-evident and inalienable. We the people:

  1. Have the right to our own health data
  2. Have the right to know the source of each health data element
  3. Have the right to take possession of a complete copy of our individual health data, without delay, at minimal or no cost; if data exist in computable form, they must be made available in that form
  4. Have the right to share our health data with others as we see fit

These principles express basic human rights as well as essential elements of health care that is participatory, appropriate and in the interests of each patient. No law or policy should abridge these rights.
 
2009

The New Deal on Data

Mobility in a Networked World The Global Information Technology Report 2008-2009,  World Economic Forum
The first step toward open information markets is to give people ownership of their data.  The simplest approach to defining what it means to “own your own data” is to go back to Old English Common Law for the three basic tenets of ownership, which are the rights of possession, use, and disposal:
1. You have a right to possess your data. Companies should adopt the role of a Swiss bank account for your data.  You open an account (anonymously, if possible), and you can remove your data whenever you’d like.
2. You, the data owner, must have full control over the use of your data. If you’re not happy with the way a company uses your data, you can remove it. All of it. Everything must be opt-in, and not only clearly explained in plain language, but with regular reminders that you have the option to opt out.
3. You have a right to dispose or distribute your data. If you want to destroy it or remove it and redeploy it elsewhere, it is your call. Ownership seems to be the minimal guideline for the “new deal on data.”  There needs to be one more principle, however—which is to adopt policies that encourage the combination of massive amounts of anonymous data to promote the Common Good.  Aggregate and anonymous location data can dramatically improve society. Patterns of how people move around can be used for early identification of infectious disease outbreaks, protection of the environment, and public safety. It can also help us measure the effectiveness of various government programs, and improve the transparency and accountability of government and nonprofit organizations.
 
March 2008

The Properties of Identity

At a Crossroads: Personhood and Digital Identity in the Information Society
articulated by Bob Blakley, Jeff Broberg, Anthony Nadalin, Dale Olds, Mary Ruddy, Mary Rundle, and Paul Trevithick.
Identity behaves according to a number of observable properties, as follows:
Identity is social. Humans are naturally social. To engage in social interactions (including commerce) people need something that persists and that can be used as a basis for recognition of others – an “identity”.
Identity is subjective. Different people have different experiences with the same individual and therefore attribute different characteristics to that individual; that is, they will construct different identities for him.
Identity is valuable. By building a history of a person’s past actions, exchange of identity information creates social capital and enables transactions that wouldn’t be possible without identity.  In other words, identity lends predictability to afford a comfortable level of confidence for people making decisions.
Identity is referential. An identity is not a person; it is only a reference to a person. Even if a person develops spin-off personas so that other people know him through those various digital identities, and even if others create profiles of a person, ultimately the collection of characteristics that signal who a person is need to point back to that person.
Identity is composite. Some information about a person arises from the person himself; he volunteers it. But other information about him is developed by others without his involvement.
Identity is consequential. Because identity tells of a person’s past actions, the decision to exchange identity information carries consequences: Disclosure of identity information in a certain context can cause harm; failure to disclose identity information in another context can create risk.
Identity is dynamic. Identity information is always changing; any particular identity dossier might be inaccurate at any given moment.
Identity is contextual. People have different identities that they may wish to keep entirely separate. Information can be harmful in the wrong context, or it can simply be irrelevant. Keeping identities separate allows a person to have more autonomy.
Identity is equivocal. The process of identification is inherently error-prone.
 
September 5, 2007

A Bill of rights for Users of the Social Web

By Joseph Smarr, Marc Canter, Robert Scoble, and Michael Arrington, Open Social Web
We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:
Ownership of their own personal information, including:

  • their own profile data
  • the list of people they are connected to
  • the activity stream of content they create;

Control of whether and how such personal information is shared with others; and
Freedom to grant persistent access to their personal information to trusted external sites.
Sites supporting these rights shall:

  • Allow their users to syndicate their own profile data, their friends list, and the data that’s shared with them via the service, using a persistent URL or API token and open data formats;
  • Allow their users to syndicate their own stream of activity outside the site;
  • Allow their users to link from their profile pages to external identifiers in a public way; and
  • Allow their users to discover who else they know is also on their site, using the same external identifiers made available for lookup within the service.

 
April 25, 2007

The Data Bill of Rights

By John Battelle, The Search Blog
So, I submit for your review, editing and clarification, a new draft of what rights we, as consumers, might demand from companies making hay off the data we create as we trip across the web:

  • Data Transparency. We can identify and review the data that companies have about us. A sticky issue is whether we can also identify and review data that is made about us based on other data the company might have. (IE, based on your behavior, we at Amazon know you might also like….)
  • Data Portability. We can take copies of that data out of the company’s coffers and offer it to others or just keep copies for ourselves.
  • Data Editing. We can request deletions, editing, clarifications of our data for accuracy and privacy.
  • Data Anonymity. We can request that our data not be used, cognizant of the fact that that may mean services are unavailable to us.
  • Data Use. We have rights to know how our data is being used inside a company.
  • Data Value. The right to sell our data to the highest bidder.
  • Data Permissions. The right to set permissions as to who might use/benefit from/have access to our data.

Read more: http://battellemedia.com/archives/2007/04/the_data_bill_of_rights#ixzz1KwXPBJkN
 
July 27, 2005

AttentionTrust.org: a Declaration of Gestural Independence

By Seth Goldstein
The choruses of attention, data, privacy and identity are all converging in one giant conceptual mashup, which stretches from Web 2.0 pundits to members of Congress grappling with identity theft regulation. Lost at times are the basic rights we are fighting for, which I understand to be:

  • You have the right to yourself.
  • You have the right to your gestures.
  • You have the right to your words.
  • You have the right to your interests.
  • You have the right to your attention.
  • You have the right to your intentions.

 
May 2005

Laws of Identity

1. User Control and Consent: Digital identity systems must only reveal information identifying a user with the user’s consent.
2. Limited Disclosure for Limited Use: The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.
3. The Law of Fewest Parties: Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.
4. Directed Identity: A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
5. Pluralism of Operators and Technologies: A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
6. Human Integration: A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.
7. Consistent Experience Across Contexts: A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.
 
January 26th, 2000

A Declaration of the Rights of Avatars

by Rolf Kosters
When a time comes that new modes and venues exist for communities, and said modes are different enough from the existing ones that question arises as to the applicability of past custom and law; and when said venues have become a forum for interaction and society for the general public regardless of the intent of the creators of said venue; and at a time when said communities and spaces are rising in popularity and are now widely exploited for commercial gain; it behooves those involved in said communities and venues to affirm and declare the inalienable rights of the members of said communities. Therefore herein have been set forth those rights which are inalienable rights of the inhabitants of virtual spaces of all sorts, in their form henceforth referred to as avatars, in order that this declaration may continually remind those who hold power over virtual spaces and the avatars contained therein of their duties and responsibilities; in order that the forms of administration of a virtual space may be at any time compared to that of other virtual spaces; and in order that the grievances of players may hereafter be judged against the explicit rights set forth, to better govern the virtual space and improve the general welfare and happiness of all.
Therefore this document holds the following truths to be self-evident: That avatars are the manifestation of actual people in an online medium, and that their utterances, actions, thoughts, and emotions should be considered to be as valid as the utterances, actions, thoughts, and emotions of people in any other forum, venue, location, or space. That the well-established rights of man approved by the National Assembly of France on August 26th of 1789 do therefore apply to avatars in full measure saving only the aspects of said rights that do not pertain in a virtual space or which must be abrogated in order to ensure the continued existence of the space in question. That by the act of affirming membership in the community within the virtual space, the avatars form a social contract with the community, forming a populace which may and must self-affirm and self-impose rights and concomitant restrictions upon their behavior. That the nature of virtual spaces is such that there must, by physical law, always be a higher power or administrator who maintains the space and has complete power over all participants, but who is undeniably part of the community formed within the space and who must therefore take action in accord with that which benefits the space as well as the participants, and who therefore also has the rights of avatars and may have other rights as well. That the ease of moving between virtual spaces and the potential transience of the community do not limit or reduce the level of emotional and social involvement that avatars may have with the community, and that therefore the ease of moving between virtual spaces and the potential transience of the community do not in any way limit, curtail, or remove these rights from avatars on the alleged grounds that avatars can always simply leave.
Articles:

  1. Avatars are created free and equal in rights. Special powers or privileges shall be founded solely on the common good, and not based on whim, favoritism, nepotism, or the caprice of those who hold power. Those who act as ordinary avatars within the space shall all have only the rights of normal avatars.
  2. The aim of virtual communities is the common good of its citizenry, from which arise the rights of avatars. Foremost among these rights is the right to be treated as people and not as disembodied, meaningless, soulless puppets. Inherent in this right are therefore the natural and inalienable rights of man. These rights are liberty, property, security, and resistance to oppression.
  3. The principle of all sovereignty in a virtual space resides in the inalterable fact that somewhere there resides an individual who controls the hardware on which the virtual space is running, and the software with which it is created, and the database which makes up its existence. However, the body populace has the right to know and demand the enforcement of the standards by which this individual uses this power over the community, as authority must proceed from the community; a community that does not know the standards by which the administrators use their power is a community which permits its administrators to have no standards, and is therefore a community abetting in tyranny.
  4. Liberty consists of the freedom to do anything which injures no one else including the weal of the community as a whole and as an entity instantiated on hardware and by software; the exercise of the natural rights of avatars are therefore limited solely by the rights of other avatars sharing the same space and participating in the same community. These limits can only be determined by a clear code of conduct.
  5. The code of conduct can only prohibit those actions and utterances that are hurtful to society, inclusive of the harm that may be done to the fabric of the virtual space via hurt done to the hardware, software, or data; and likewise inclusive of the harm that may be done to the individual who maintains said hardware, software, or data, in that harm done to this individual may result in direct harm done to the community.
  6. The code of conduct is the expression of the general will of the community and the will of the individual who maintains the hardware and software that makes up the virtual space. Every member of the community has the right to contribute either directly or via representatives in the shaping of the code of conduct as the culture of the virtual space evolves, particularly as it evolves in directions that the administrator did not predict; the ultimate right of the administrator to shape and define the code of conduct shall not be abrogated, but it is clear that the administrator therefore has the duty and responsibility to work with the community to arrive at a code of conduct that is shaped by the input of the community. As a member of the community himself, the administrator would be damaging the community itself if he failed in this responsibility, for abrogation of this right of avatars could result in the loss of population and therefore damage to the common weal.
  7. No avatar shall be accused, muzzled, toaded, jailed, banned, or otherwise punished except in the cases and according to the forms prescribed by the code of conduct. Any one soliciting, transmitting, executing, or causing to be executed, any arbitrary order, shall be punished, even if said individual is one who has been granted special powers or privileges within the virtual space. But any avatar summoned or arrested in virtue of the code of conduct shall submit without delay, as resistance constitutes an offense.
  8. The code of conduct shall provide for such punishments only as are strictly and obviously necessary, and no one shall suffer punishment except it be legally inflicted according to the provisions of a code of conduct promulgated before the commission of the offense; save in the case where the offense endangered the continued existence of the virtual space by attacking the hardware or software that provide the physical existence of the space.
  9. As all avatars are held innocent until they shall have been declared guilty, if detainment, temporary banning, jailing, gluing, freezing, or toading shall be deemed indispensable, all harshness not essential to the securing of the prisoner’s person shall be severely repressed by the code of conduct.
  10. No one shall be disquieted on account of his opinions, provided their manifestation does not disturb the public order established by the code of conduct.
  11. The free communication of ideas and opinions is one of the most precious of the rights of man. Every avatar may, accordingly, speak, write, chat, post, and print with freedom, but shall be responsible for such abuses of this freedom as shall be defined by the code of conduct, most particularly the abuse of affecting the performance of the space or the performance of a given avatar’s representation of the space.
  12. The security of the rights of avatars requires the existence of avatars with special powers and privileges, who are empowered to enforce the provisions of the code of conduct. These powers and privileges are therefore granted for the good of all and not for the personal advantage of those to whom they shall be entrusted. These powers and privileges are also therefore not an entitlement, and can and should be removed in any instance where they are no longer used for the good of all, even if the offense is merely inactivity
  13. A common contribution may, at the discretion of the individual who maintains the hardware, the software, and the data that make up the virtual space, be required in order to maintain the existence of avatars who enforce the code of conduct and to maintain the hardware and the software and the continued existence of the virtual space. Avatars have the right to know the nature and amount of the contribution in advance, and said required contribution should be equitably distributed among all the citizens without regard to their social position; special rights and privileges shall never pertain to the avatar who contributes more except insofar as the special powers and privileges require greater resources from the hardware, software, or data store, and would not be possible save for the resources obtainable with the contribution; and as long as any and all avatars are able to make this contribution and therefore gain the powers and privileges if they so choose; nor shall any articles of this declaration be contingent upon a contribution being made.
  14. The community has the right to require of every administrator or individual with special powers and privileges granted for the purpose of administration, an account of his administration.
  15. A virtual community in which the observance of the code of conduct is not assured and universal, nor the separation of powers defined, has no constitution at all.
  16. Since property is an inviolable and sacred right, and the virtual equivalent is integrity and persistence of data, no one shall be deprived thereof except where public necessity, legally determined per the code of conduct, shall clearly demand it, and then only on condition that the avatar shall have been previously and equitably indemnified, saving only cases wherein the continued existence of the space is jeopardized by the existence or integrity of said data.
  17. The administrators of the virtual space shall not abridge the freedom of assembly, save to preserve the performance and continued viability of the virtual space.
  18. Avatars have the right to be secure in their persons, communications, designated private spaces, and effects, against unreasonable snooping, eavesdropping, searching and seizures, no activity pertaining thereto shall be undertaken by administrators save with probable cause supported by affirmation, particularly describing the goal of said investigations.
  19. The enumeration in this document of rights shall not be construed to deny or disparage others retained by avatars.

 
September 23, 1980

OECD privacy guidelines, part 2: Basic Principles of National Application

Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
Use Limitation Principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except:
a)    with the consent of the data subject; or
b)    by the authority of law.
Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
Openness Principle: There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
Individual Participation Principle: An individual should have the right:
a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;
b) to have communicated to him, data relating to him
1. within a reasonable time;
2. at a charge, if any, that is not excessive;
3. in a reasonable manner; and
4. in a form that is readily intelligible to him;
c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and
d) to challenge data relating to him and, if the challenge is  successful to have the data erased, rectified, completed or amended.
Accountability Principle: A data controller should be accountable for complying with measures which give effect to the principles stated above.

The Identity Film from IIW

Kaliya Young · October 19, 2016 ·

This film is getting released at IIW. When it is up it will be posted below.

TEDx Constitution Drive: Exploring Identity

Kaliya Young · October 19, 2016 ·

After TEDxBrussels in 2011 I was invited to present at TEDx Constitution Drive. Enjoy!

Identity and Social Justice

Kaliya Young · October 18, 2016 ·

I co-presented Identification and Social Justice with Bob Blakley who is the Global Director, Information Security Innovation at Citi as the closing keynote at the Cloud Identity Summit in Colorado.
I gave this presentation in 2012 at the Cloud Identity Summit as the Closing Keynote address. It highlights issues that surround the rich having privilege and able to manage their identities more favorably then the poor.
 

Identification and social justice from Kaliya “Identity Woman” Young

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 1 Intro + What is Identity

Kaliya Young · December 11, 2014 · 1 Comment

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Introduction

I was attending a day long think tank called Forces Shaping the Future of Identity hosted by the Office of the Director of National Intelligence and facilitated by the Institute for the Future. A man in the audience pipped up “Are we going to Define what we mean by Identity?” I smiled :).  One can’t go very far in a conversation about identity before someone asks “that” question. It always is asked when space is opened up to discuss the topic.
I have been engaged with communities of technology professionals and with forward looking civil society organizations circling around the question what is Identity for over 10 years. The simple one-liner comprehensive definition that I use is Identity is socially constructed and contextual. However it’s just one line.  This paper is a Field Guide covering core concepts along with a visual language to represent them so we can talk about it in a meaningful way across the whole lifecycle from cradle to grave, both online and off and in other times.  It builds on the model we used for the Field Guide to Trust Models that I co-wrote last year for the ID360 Conference.
Part 2: Names, Part 3: Identifiers  Part 4: Name Space, Attributes and Conclusion.
This is Part 1:

What is Identity?

Identity is socially constructed and contextual.

Our sense of self arises first from our social interactions with our family of origin.  Humans are unique animals in that 80% of our brain growth happens outside of the womb in the first three years of life. Our family of origin is within the context of a community and in this age broader society that ultimately reaches to be global in scope.
The names we have, identifier systems, attributes that are articulated all depend on our context and from there the social constructions that define these.

Sense of Self

We are told who we are by our family – they give us a name and share with us who we are.
When does it begin? When people recognize you?
When are we recognized as a person?  Different cultures have different traditions.
I have had a connection with the 3HO Sikh community. When a woman is 120 days pregnant there is a celebration to welcome the spirit of the child into the community. Women who give birth in that tradition stay at home and don’t go out for 40 days after the child is born.

Self as a Part of Something Greater

We are defined by who we are connected to. Our identities as part of something greater. Children seek to understand their environment to understand where they fit in. An example from my childhood is one my first memories.  I remember a Canada Day Celebration we attended in Hastings Park. Being Canadian is to be mutli-cultural. The day had different ethnic communities performing on a stage different folk dances while dressed in traditional dress. At some point they handed out Canadian flags on 30 centimeter (12 inch) flag poles with a stand made out of shiny gold colored plastic in a box. It symbolizes this point in time where I understood myself to be part of something bigger to be part of the nation I was born in along with understanding some key values.

Projection of Self

We begin to understand who we are by projecting ourselves into these contexts we find ourselves and learning from the response – shaping ourselves.
There is an African saying/word –  Ubuntu – I am because you are. We are the authors of each other.

Context of Observation

The context of observation matters for shaping our identities. It defines the scope of our freedom expression our ability to make choices about context.
There are three different types of observation that are quite different.
Being Seen – a mutual act. I see you, You see me. We see each other.
Being Watched – this is where one is observed but it is not known by the observee. However it is known to the observee that they might be watched for example walking down one’s street, one knows that one could be seen by any of one’s neighbors looking out their window. One also knows that being inside of one’s own home prevents one from being watched. When walking into a store one knows that the storekeeper will see us, watch us in the store and we know that when we leave the store they will not be able to watch us. When we return to the same store they will likely recognize us (because we are returning in the same body) and know something about us based on prior interactions. In time a relationship of knowing might develop.
It should be noted that our bodies in physical space give away attributes about us that we can not proactively hide. Because we live in a society that is full of implicit bias the experiences of different types of people is different in the world.  Banaji’s work on implicit bias is a starting point. Following the Trayvon Martin verdict the president gave a speech where he said that before he was president he regularly was shadowed while shopping in stores because he was stereotyped. My partner had this happen to him this fall while shopping at Old Navy and it was not the first time.
Being Stalked – This is what happens when the watching shifts from an appropriate happenstance window of time. To watching over time and space – to following and monitoring our behavior without our knowledge.

Self in Small Society

I have often heard it said that with the advent of what appears to be ubiquitous digital identity and the fact that we can be “seen” is just like it was when we lived in small societies.

In small societies it is said that there is no privacy – everyone knows everyone’s business. Their is another layer there is a relational human connection that weaves the people in this context together.
They know each other, they can understand when they are seen and know they are being watched as the move about town.
In a a small society you also know when you are not being watched when you are in your own home with your blinds drawn.
A mesh-network of relationships that form over life and inter-generationally that inform identity and role in the society.

Self in Mass Society

The self of is shaped by living in a mass society.
We developed systems using the technology of paper and bureaucratic record keeping of the state as way to give abstract identity to citizens to provide them services. This began first with the pensions given to civil war veterans. In the 1930’s a system was developed to support people paying for and getting Social Security benefits. The advent of cars as machines that people operate gave rise to the development of licensing of people to be able to drive the vehicles. These all assigned people numbers by the state so they can present themselves to the state at a future time and be recognized. It is vital to remember that we are not our government issued paperwork. We are people with our own identities, our own relational lives in our communities. We must not mistake how identity in mass society operates for what it is a system, a set of technologies to manage identity in mass society.

Self in Communities

Communities provide the middle ground in between the Small Society and Mass Society modalities of Identity. Communities of interest, communities of practice and geography give us the freedom to move between different contexts and develop different aspects of ourselves. This type of contextual movement and flexibility is part of what it mean to live in cities and particularly large cities. Where people in one context would not necessarily share other contexts. The freedom to move between different contexts exists in the digital real. The internet enabled those in more remote locations to also participate in communities of interest and practice well beyond what they could access via their local geography. We need to work to ensure the freedom to move between communities is not implicitly eroded in the digital realm. One key way to do this is to ensure that people have the freedom to use non-corelateable identifiers (pseudonyms) across different contexts they do not want linked.

Self in relationship to Employers

The power relationship between an employee and an employer is quite clear. The employer does the vetting of potential new employees. They are hired and given access to the employers systems to do work for them. When the employee was no longer working for a company because of any number of reasons – retirement, resignation, termination – the employer revokes the employees ability to access those services. This power relationship is NOT the same of an individual citizen’s relative to their government or the power relationship of a person relative to communities they participate in. In both cases the person has an inherent identity that can not be “revoked”.

Power and Context

The Self in a Small society is embedded in a social mesh one can not escape. There is no “other place” and one is defined in that society and because it is so small one can not leave.
The self in a Mass society is in a power relationship with the state. Where one has rights but one also must use the identification system they issue and manage to interact and connect with it.

The self in community gets to navigate a myriad of different ones each with its own social constructions and how power operates and flows within it. (egalitarian, religions, social) communities, work places (traditional owner, worker | worker owners | holocracy).

Abstraction

The start of all our conversations about people’s identity comes from being embodied beings. The beauty of the digital realm is that we can abstract ourselves from our bodies and via digital identities interact via digital media. This gives us the freedom to connect to communities beyond those we could access in our local geographic location.
Atoms and Bits
Atoms and Bits are different. The difference between them is still not well understood.

  • “Atoms” Physical things can only be in one place at one time.
  • “Bits” Can be replicated and be in two or more places at once.

Physical Body

Atoms – We each have only one physical body. Our physical bodies can only be in one physical place at once. It is recognizable by other humans we meet and interact with. Because it is persistent we can be re-recognized and relationships can grow and evolve based on this. When we move between contexts in physical space – we can be recognized in different ones and connections made across them. We also have social norms, taboos and laws that help us maintain social graces.

Digital Representation

Bits – When we create digital representations of ourselves we get to extend ourselves – our presences to multiple places at the same time. We can use a digital identity that is strongly linked to the identity(ies) and contexts we use/have in the physical world. We also have the freedom to create a digital representation that steps out of the identity we occupy in the physical realm.
We can be an elf or an ork in a online game.
We can cloak our gender or choose to be a different gender.
We can cloak our race or choose to be a different one when we represent ourselves online.
We can interact on a level playing field when in the physical realm we are confined to a wheel chair.
These identities we create and inhabit online are not “fake” or “false” or “not real”. They are representations of the self. The digital realm is an abstraction and gives us the freedom to articulate different aspects of ourselves outside of the physical world.

Digital Dossier

In the digital realm because it is en-coded means that our our movements around digital space leave trails, records of the meta-data generated when we click, type, post a photo, pay for a song do basically anything online. We leave these behind and the systems that we interact with collect them and reconstruct them to develop a digital dossier of us. This behavior if it happened in the world of atoms in the physical space would be considered stalking. We have a stalker economy where our second selves are owned by corporations and used to judge us and target things at us.

Power in Space & Relationships

The freedom of people to transend aspects of identity from the physical world is disruptive to some of default power dynamics.

Disrupting Privilege

The push back against Google+’s requirement for the use of “real names” was lead by women and others who use the freedom of the digital realm to step out of the bias they experience in the physical world.
The people who were pro-real name were largely white men from privileged positions in the technology industry and implicitly through the support of the policies wanted the default privileges they enjoyed in the physical realm to continue into the digital.

Shape of Space

In the physical world we understand how different physical spaces work in terms of how big they are, how many people are in them, what the norms and terms and conditions are. We know that based on these we have a social understanding.
The challenge in the digital world is that the space is shaped by code and defined by the makers of the contexts. These contexts can change at their will. As has happened repeatedly with Facebook’s changing settings for who could see what personal information. This instability creates mistrust particularly by vulnerable people in these systems.
The commercial consumer web spaces currently have a structure where they collect so much information about us via their practices of stalking us digitally. They have enormous power over us.

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 2: Names

Kaliya Young · December 11, 2014 · Leave a Comment

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.
Part 1: Intro + hat is Identity?   Part 3: Identifiers  Part 4: Name Space, Attributes and Conclusion.
This is Part 2:

Names

Names are what we call ourselves and what others call us. They are a special kind of identifier because they are the link between us and the social world around us. We present ourselves using names so people know how to refer to us when talking to others or call us when they are talking to us. They convey meaning and have power.
Digital devices can also have names are defined by the administrators of these devices. Places have names given to them by people in a given context these help us refer to a geographic location. It should be noted that the names first nations (indian or native american) people had for places are different then the ones that the American’s colonized their land used.

Given Names

These are the names our parents give us when we are born. In America we have a naming convention of a first name and last name. This convention originates from ___ when states were seeking to impose control.

Name structure in various cultures

Different cultures have very different naming conventions. In Hong Kong their is a convention of an english first name written in English and a Chinese character written last name. In Mayanmar everyone has a first name.

Meaning in Wisdom Traditions

Different wisdom traditions ascribe different ways to interpret and ascribe meaning in names.

NickName

These arise when people start to refer to us by a different name then the name we might give ourselves. We can take these on and they can become our name. They might arise from our families, from school, from sports teams, social clubs, work places. In these different contexts, the name that we are referred to may have nothing to do with the name our our birth certificate and the people using the name to refer to us.

Name on Government Issued Paperwork

We have a convention in the liberal west of registering names with the state. This originated out of several practices in the last several hundred years. One key aspect of this is to both provide services to citizens but also to control citizens.

Pen Name / Stage Name

A name used by artists for their artistic expression and authorship. It does not match the name on government issued paperwork and is often used to obscure the link between such authorship and government paperwork names so that they are free to express themselves artistically.

Autonym

A name that one uses to refer to themselves. An example is that when Jorge Mario Bergoglio became pope he chose to become Pope Francis.

Pseudonym

A name that one uses to interact in various contexts that may be linked one’s name on one’s government issued paperwork. Bob is clearly linked to the name Robert or Barb to Barbara or Liz to Elizabeth on government issued paperwork. It is important to note that many non-european languages also have examples of these.

Mononym

This is name consisting of a single word. Examples include Stilgarian and Sai. Madona or Cher are examples of Pseudonymous, Mononym, Stage Names

Handle

A name that one uses to represent ones digital identity in online contexts. It arose in computer culture when people needed to have a user name within a computer system. This is closely related to Screen names.

Screen Name

The name that one chooses to have displayed on screen. In a system like World of Warcraft the service knows identity information of their clients who pay monthly to access their service. They choose to support those player presenting to the other players on the system and forums a “screen name” that reflects their gaming persona or character name.

Name Haystack

Different Names have different qualities of hiding in the haystack of the similar or the same names. Some people have huge name – haystacks where tens of thousands people have the same name – Mike Smith, Joe Johnston, Mohamed Husain, Avi Blum, Katherine Jones. Mike Garcia who works for NIST said that there were 17 different Mike or Michael Garcia’s. People use pseudonyms to help manage the fact that name-haystacks exist making them more or less identifiable depending on the size of theirs.

Roles

RBAC – Roll Based Access Control is based on managing the rights and privileges for digital systems based on roles. When a person gets a role assigned to them the inherit the privileges.
Community groups also have different roles that might have . Earn role from getting a degree.

Titles, Given and Created

There is a history of titles being pasted down.
Eastern Wisdom Traditions pass them down from guru to student creating lineage’s.
I have had conversations with friends about who the next “Identity Woman” might be. This identity that I have constructed to hold an aspect of my self – work focused on people’s rights around their digital selves. I could see at some point handing this identity over to someone else who wants to continue the torch over.

Collective Single Identity

Theses identities are co-created by two or more people. They are managed and maintained and people jointly act together to create a persona.

 
 
 

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 3: Identifiers

Kaliya Young · December 11, 2014 · 1 Comment

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick.
Part 1:  Intro + what is Identity?   Part 2: Names   Part 4: Name Space, Attributes and Conclusion.
This is Part 3:

Identifiers

For people Names are a special class of Identifiers. They are both self-asserted by people and are used to refer to them and acknowledge them in social context.

System Identifiers

In systems, bureaucratic, digital and techno-bureaucratic identifiers are alpha numeric string pointers at/for people in systems.
This may seem simple but their are many different types and a person with a record in a system will likely have more then one type. To get these different types of identifiers I will share different examples.

Persistent Correlateable Identifiers

This type of identifier is re-used over time within contexts and across multiple contexts.
Examples
Student Number – When I enrolled at my university I was assigned an 8 digit student number. This number was persistent over my time as a student at the school. When interacting with school institutions I was asked to share this number so that activity could be linked together across different facets of the institution.

Social Security Number – This number is issued by the federal government to those born in the US as part of the standard process for being born. It is meant to help those who submit money to the SSN system and when they retire be able to collect money from the system.
Phone Number – People today often have a personal number that they use across many different contexts. It is common place to ask for a phone number to be able to contact a person. What people don’t know is that those are used to look people up in data broker services. The phone number is used to link together activity across contexts.
E-mail Address – Many people have one personal address and use it These are often used across different contexts. What people don’t know is that those are used to look people up in 9data broker services like RapLeaf.

Directed Identifiers

A directed identifier is created to support individuals using different identifiers in different contexts. The purpose of this is to inhibit the ability to link records across contexts.
Examples
The British Columbia eID System – This system enrolls citizens and issues a card to them. When the card is used to access different government systems by the citizens. It does not use one identifier for the citizen. Rather for each system it uses a different identifier for the system – an identifier directed for a particular system.

Defacto Identifiers

By combining a name names, and key attributes together systems use this combination to create a defacto identifier which uniquely identifies a person often in the context of a whole society. An example is the us of “name” “birth date” and “birth place”. It seems innocent enough to be asked for one’s name, birthdate and place but this becomes a persistent correlateable identifier to link and track activity across many systems. The creation of defacto identifiers that are persistent and correlateable limits people’s ability to control how they present in different contexts.

Opaque Identifiers

An opaque identifier is one that does not give away information about the subject it identifies.
Examples of Opaque Identifiers
The BC Government eID program has at its core an opaque identifier on each card – it points to their card record. It is just a number with no meaning. If they loose their card a new opaque identifier is issued for their next card.
Examples of Non-Opaque Identifiers
National Identity Number in South Africa contains a lot of information it is a 13-digit number containing only numeric characters, and no whitespace, punctuation, or alpha characters. It is defined as YYMMDDSSSSCAZ:

  • YYMMDD represents the date of birth (DoB);
  • SSSS is a sequence number registered with the same birth date (where females are assigned sequential numbers in the range 0000 to 4999 and males from 5000 to 9999);
  • C is the citizenship with 0 if the person is a SA citizen, 1 if the person is a permanent resident;
  • A is 8 or 9. Prior to 1994 this number was used to indicate the holder’s race;
• Z is a checksum digit.
The US Social Security Number is created via a formula and so the number gives away information about the person it identifiers.
Phone numbers give away information about the metro region that a person was issued the number from.

End-Point

Some identifiers that represent people are also end-points to which messages can be sent.

Physical Address

It is often forgotten in conversations about digital identity that we had a system of end-points for people before networks known as a mailing address. They system of mailing addresses was developed and is maintained by the US postal service.

Network Address

Phone Number – Now with cellular phones people have their own phone numbers (not just one for a household or their workplace as a whole). This permits both voice calls being made, text messages and MMS Multi-Media messages. The name space for phone number originates from the ITU-T. They are globally unique. They are also recyclable.
E-mail Address – These addresses permit people to send messages to the address they have. They are globally unique. The name space for domain names resides with ICANN. They are also recyclable.

Device Identifier

Many digital devices have unique identifiers. Activity on digital networks can be linked together by tracking these activity originating from particular devices even if people using them .

Non-End-Point

These are identifiers that do not resolve in digital or physical networks.

Document Identifiers

Documents like birth certificates have serial numbers that identify the document.

Document Validation Systems

These systems are used to look up which documents are infact valid. When properly constructed they don’t give away any information about the person. Those using the system type in the serial number of the document and information it contains and the system simply returns a Yes/No answer about weather it is valid or not.

Beacons

A beacon actually broadcasts from a digital device a persistent correlateable identifier to any device that asks for it. It creates a form of tracking people and their devices in the physical world.
Examples
RFID chips, cellular phones, laptop computers

Polymorphic

These systems generate different identifiers depending on context.
Examples
The BC eID system way of using one card that then supports the use of different identifiers depending on context.

Time Limited & Revocable

Some identifiers are created and point at a person but are revocable. An example is a phone number that is after one stops paying one’s phone bill for a month is re-assigned to another person. An employee at a company may have an employee number that is revoked (no longer valid) once employment is terminated. A passport number is an identifier that has a time limit it is good for 5 or 10 years. A landed immigrant card (green card) in the US is only good for 10 years.

Un-Revocable

These identifiers are persistent and are not revoked. Examples include Social Security Numbers.

Identifier Issues

Identifier Recycling

Some identifiers are in systems where identifiers that point at one person can be discontinued (they stop paying their phone bill or using their e-mail address) and then the identifier can be re-assigned to a different user.

Delegation (Acting on Behalf of Another)

This functionality is critically to a variety of user populations. Elders who want to delegate access to their accounts children. Service professionals who have contractual relationships with clients such as an accountant managing access to financial & tax records. Most systems are designed with an assumption that people themselves are the only one accessing accounts. This creates a problem when people want to delegate access they have to turn over their own credentials so the person they are delegating to “pretends” to be the actual user.

Stewardship (Care-Taking – Oversight)

Their is another role that is slightly different then delegation when someone turns over a power of attorney like function for a particular account/set of functions. Stewardship of identity is the type of relationship a parent has for a child’s identity or the type of care needed to help the mentally disabled with their interactions online.

The Mesh of Pointers

We end-up with a way that identifiers work together as a web of pointers towards a particular individual.

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 4: Name Spaces, Attributes, Conclusion

Kaliya Young · December 11, 2014 · 1 Comment

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.
Part 1: Intro + What is Identity?   Part 2: Names   Part 3: Identifiers
This is Part 4:

Name Spaces

Different identifier systems work differently some originate from physical space and others operate purely in the digital realm.

Local

A great example of a local name space in the physical world is a school classroom. It is not uncommon in american classrooms that when there is a name space clash – that is two people have the same name in the same space – they take on different names to be identifiable within that context. Take for example those with the names “Stowe” “Fen” and “Chris” – each is one part of the name Christopher : Chris – Stowe – Fer. When they were in grade school each took on a different part of the name and it stuck with them.

Global

These names spaces mean that identifiers within them are unique and global. Phone numbers, domain names and thus e-mail addresses.

Private

Some private name spaces seem like global name spaces but they are run by private companies under privately decided terms and conditions. Examples include skype handles, twitter handles,

International Registry

These are identifiers in a global space that are registered and managed globally an example is domain names.

Attributes

Self Asserted

These are attributes that people self defined. They include things that are subjective like “favorite color” or “name”

Inherent

These arise from the individual and typically do not change (such as birth date) and are not as morphable. Sex and ethnic identity are things that people have and display in the physical world that don’t (typically) change throughout one’s life.

Ascribed

These are attributes that are given to us by others or by systems. This may include names that are imposed on us by social convention and or power relationships.

Assigned

These are attributes that are given to us by others or by systems.
Examples:
Social Security Numbers are assigned by the Social Security Administration.

Conclusion

Identity is a big topic and outlining the core concepts needed to understand it was the purpose of this paper. We need to think about how the systems that manage identity are structured. Are they designed to have power over people, supporting people having power with one another or enabling power to be networked between us to create something greater then ourselves. These questions are relevant across the whole life-cycle of identity from cradle to grave.

Core Concepts in Identity

Kaliya Young · July 31, 2013 · 1 Comment

One of the reasons that digital identity can be such a challenging topic to address is that we all swim in the sea of identity every day.  We don’t think about what is really going in the transactions….and many different aspects of a transaction can all seem do be one thing.  The early Identity Gang conversations focused a lot on figuring out what some core words meant and developed first shared understanding and then shared language to talk about these concepts in the community.
I’m writing this post now for a few reasons.
There is finally a conversation about taxonomy with the IDESG – (Yes! after over a year of being in existence it is finally happening (I recommended in my NSTIC NOI Response  that it be one of the first things focused on)
Secondly I have been giving a 1/2 day and 1 day seminar about identity and personal data for several years now (You can hire me!).  Recently I gave this seminar in New Zealand to top enterprise and government leaders working on identity projects 3 times in one week.  We covered:

  • The Persona and Context in Life
  • The Spectrum of Identity
  • What is Trust?
  • A Field Guide to Internet Trust
  • What is Personal Data
  • Market Models for Personal Data
  • Government Initiatives Globally in eID & Personal Data

[Read more…] about Core Concepts in Identity

Recent Travels Pt1: IIW

Kaliya Young · November 27, 2011 · Leave a Comment

IIW is always a whirlwind and this one was no exception. The good thing was that even with it being the biggest one yet it was the most organized with the most team members.  Phil and I were the executive producers. Doc played is leadership role.  Heidi did an amazing job with production coordinating the catering, working with the museum and Kas did a fabulous job leading the notes collection effort and Emma who works of site got things up on the wiki in good order.
We had a session that highlighted all the different standards bodies standards and we are now working on getting the list annotated and plan to maintain it on the Identity Commons wiki that Jamie Clark so aptly called “the switzerland” of identity.



 
 
 
 
 
 
 
 
 
 
We have a Satellite event for sure in DC January 17th – Registration is Live.
We are working on pulling one together in Toronto Canada in
early February, and Australia in Late March.
ID Collaboration Day is February 27th in SF (we are still Venue hunting).
I am learning that some wonder why I have such strong opinions about standards…the reason being they define the landscape of possibility for any given protocol. When we talk about standards for identity we end up defining how people can express themselves in digital networks and getting it right and making the range of possibility very broad is kinda important.  If you are interested in reading more about this I recommend Protocol:  and The Exploit. This quote from Bruce Sterling relative to emerging AR [Augmented Reality] Standards.

If Code is Law then Standards are like the Senate.

 
 


 
 
 
 
 
 
 
 
 
 

Identity in the Contexts of the Future OR Participatory Totalitarianism

Kaliya Young · November 24, 2011 · Leave a Comment

This is the latest from Google in their “names policy”

We understand that your identity on Google+ is important to you, and our Name Policy may not be for everyone at this time.

Kinda sounds like the owners of stores in the south who said their stores were not for everyone especially black people who didn’t have skin color they liked. It is a fundamentally discriminatory policy.  If we don’t have the freedom to choose our own names in digital space and the freedom to maintain different identifiers across different social spaces we will end up in a very creepy world…Here is my TEDxBrussels talk.
[Read more…] about Identity in the Contexts of the Future OR Participatory Totalitarianism

Web Wide Sentence Level Annotation -> Hypothes.is

Kaliya Young · October 15, 2011 · Leave a Comment

I first met Dan Whaley last spring via an introduction from Jim Fournier co-founder of Planetwork.  I was inspired by the vision he was working on building Hypothes.is –  a way to have sentence level annotation of news and other articles on a web wide scale. Really a foundation for peer review on the web. The motivation for his work is to support greater discernment of the truth around climate change and other key issues facing our society and our planet.  (Another area I could see this being really useful right now is around accountability in the financial system and ways to make that real.)
He asked me to be a part of the project as an advisor particularly around identity issues and technology options for identity.  He is taking my advice and coming to IIW this coming week.  Its an honor to be amongst other distinguished advisors like Brewster Kahle,  John Perry Barlow,  Mark Surman and others..

He has been working on a development plan and has a solid on one in place.  He has launched a Kickstarter Campaign and  stars in the video that articulates the vision of the project.  If you are inspired by the vision I encourage you to contribute.

Is Google+ is being lynched by out-spoken users upset by real names policy?

Kaliya Young · August 28, 2011 · 5 Comments

Following my post yesterday Google+ says your name is “Toby” not “Kunta Kinte”, I chronicled tweets from this morning’s back and forth with  Tim O’Reilly and Kevin Marks, Nishant  Kaushik, Phil Hunt,  Steve Bogart and Suw Charman-Anderson.
I wrote the original post after watching the Bradley Horwitz (@elatable) – Tim O’Reilly (@timoreilly) interview re: Google+. I found Tim’s choice of words about the tone (strident) and judgement (self-righteous) towards those standing up for their freedom to choose their own names on the new social network being rolled out by Google internet’s predominant search engine disappointing.  His response to my post was to call me self-righteous and reiterate that this was just a market issue.
I myself have been the victim of a Google+ suspension since July 31st and yesterday I applied for a mononym profile (which is what it was before they insisted I fill out my last name which I chose to do so with my online handle and real life identity “Identity Woman”) 
In the thread this morning Tim said that the kind of pressure being aimed at Google is way worse then anything they are doing and that in fact Google was the subject of a “lynch mob” by these same people.  Sigh, I guess Tim hasn’t read much history but I have included some quotes form and links to wikipedia for additional historial context.
Update: inspired in part by this post an amazing post “about tone” as a silencing/ignoring tactics when difficult, uncomfortable challenges are raised in situations of privilege was written by Shiela Marie.  
I think there is a need for greater understanding all around and that perhaps blogging and tweeting isn’t really the best way to address it.  I know that in the identity community when we first formed once we started meeting one another in person and really having deep dialogues in analogue form that deeper understanding emerged.  IIW the place we have been gathering for 6 years and talking about the identity issues of the internet and other digital systems is coming up in mid-October and all are welcome.  The agenda is created live the day of the event and all topics are welcome.
Here’s the thread… (oldest tweets first)
 Note all the images of tweets in this thread are linked to the actual tweet (unless they erased the tweet).  [Read more…] about Is Google+ is being lynched by out-spoken users upset by real names policy?

Google+ says your name is "Toby" NOT "Kunta Kinte"

Kaliya Young · August 27, 2011 · 21 Comments

This post is about what is going on at a deeper level when Google+ says your name is “Toby” NOT “Kunta Kinte”. The punchline video is at the bottom feel free to scroll there and watch if you don’t want to read to much.

This whole line of thought to explain to those who don’t get what is going on with Google+ names policy arose yesterday after I watched the Bradley Horwitz – Tim O’Reilly interview (they start talking about the real names issue at about minute 24).

[Read more…] about Google+ says your name is "Toby" NOT "Kunta Kinte"

The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

Kaliya Young · July 31, 2011 · 3 Comments

There are many definitions of trust, and all people have their own internal perspective on what THEY trust.
As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.
I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.
However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.
When spoken of in every day conversation trust is most often social trust.
[Read more…] about The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

Ecosystem as the frame for NSTIC

Kaliya Young · July 31, 2011 · Leave a Comment

What is an Ecosystem?
The National Strategy for Trusted Identities in Cyberspace paints a broad vision for an Identity Ecosystem. The strategy author’s choice to name the big picture vision an “ecosystem” is an opportunity not to be lost. An Identity Ecosystem construct will inform the choice of processes and structures appropriate to govern it.

An ecosystem is a biological environment consisting of all the organisms living in a particular area, as well as all the nonliving, physical components of the environment with which the organisms interact, such as air, soil, water and sunlight.

This definition reminds us that the context of an Identity Ecosystem is broad and goes beyond just the identities of people and devices but extends to the contexts in which they operate and interact, the network and indeed the wider world. When we discuss a person’s digital identity it should not be forgotten that we are each fundamentally biological beings living in complex social systems composed of groups, organizations and businesses, all socially constructed and embedded in a larger context, the biosphere surrounding the planet earth.
An overall Identity Ecosystem is needed because small islands of identity management online are working, but they have not been successfully woven together in a system that manages the tensions inherent in doing so to ensure long term thrivability of the overall system. [Read more…] about Ecosystem as the frame for NSTIC

NSTIC Response by Identity Woman

Kaliya Young · July 31, 2011 · 2 Comments

Context for my response to the NSTIC Governance NOI
Table of Contents to Blog Posts of My Response
My Complete Response in PDF form Kaliya-NSTIC-NOI
Introductory Letter of the Response.

Context for my NSTIC NOI response
I surprised myself when writing my response to the NSTIC (National Strategy for Trusted Identities in Cyberspace)  Governance NOI (Notice of Inquiry).  I wasn’t sure exactly what I was going to say because the questions seemed like they were way ahead of where they should be interms of where things were.  I decided to begin by sharing important Context, Frames and Terms that were important before getting to the Questions of Governance and what should be done now.
I began with the word Ecosystem – what it meant and that a system was at the heart of this strategy not something simple or easily actionable.
I touched on the history of the Identity Community and how much conversation and intensive dialogue happened amongst that early community to get to a place where collaboration was natural and “easy”. A huge amount of effort went into developing shared language and understanding then and this is needed once again.  The range of self identified stakeholders for NSTIC is quite large (the range of not self identified stakeholders it could be said is everyone on the planet or at least all those with a digital connection (via phone or interent).
I put forward two different methods/tools/processes that could be used to form shared language and understanding across this stakeholder community Polarity Management and Value Network Mapping.
I suggest that the governance structure proposed a “steering group” actually have a mandate to regularly listen to and act on the recommendations of the system that are generated via 3 different well established dialogic processes (Creative Insight Council, World Cafe and Open Space Technology [What we use at IIW]. I then answer the NOI questions referencing the ideas above.
I am going to be posting the whole of my Response in a series of posts and linking them all from there.
I began with one earlier last week which is focused on “trust” both as an emergent property of the overall system AND as the current name of technology and policy/legal frameworks for identity creation.

Links to NSTIC Response Posts:
[Read more…] about NSTIC Response by Identity Woman

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Interim pages omitted …
  • Go to page 6
  • Go to Next Page »

     Copyright © 2023 Identity Woman  evelurie.com/web design/develop     

  • Terms of Use
  • Privacy Policy
  • Sitemap
  • Contact