Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

Field Guide to Identity

Identifiers: A Field Guide

· ·

Tim Bouma wrote a post about Trusted Digital Identity.
In it he unpacks several terms including this one

Identifier: Anything (name, numbers, symbols, etc.) that uniquely distinguishes a member of a population from another member.

I don’t think this definition gets at the complexity of all the things that can be identifiers and how to distinguish them from one another.  In 2014 I began working on what I called a field guide to a whole bunch of aspects of identity.  This is the section that I wrote about identifiers.  I am republishing it here and would love feedback – which I will incorporate into this version of the post.   A complementary post is up that looks at a very nuanced discussion of what an identifier actually is What is an Identifier?.
I should say that the frame of a field guide is intentional. We are in a landscape of a range of identifier types – that we need to understand and distinguish among just like the autobahn society created the field guide to birds so we could understand them and their characteristics in different ecosystems.

Identifiers

For people Names are a special class of Identifiers. They are both self-asserted by people and are used to refer to them and acknowledge them in social context.

System Identifiers

In systems, bureaucratic, digital and techno-bureaucratic identifiers are alpha numeric string pointers at/for people in systems.
This may seem simple but their are many different types and a person with a record in a system will likely have more then one type. To get these different types of identifiers I will share different examples.

Persistent Correlateable Identifiers

This type of identifier is re-used over time within contexts and across multiple contexts.
Examples
Student Number – When I enrolled at my university I was assigned an 8 digit student number. This number was persistent over my time as a student at the school. When interacting with school institutions I was asked to share this number so that activity could be linked together across different facets of the institution.

Social Security Number – This number is issued by the federal government to those born in the US as part of the standard process for being born. It is meant to help those who submit money to the SSN system and when they retire be able to collect money from the system.
Aadhar Number – This created by Indian government for each resident of India. To get a  number and individual enrolls all 10 finger prints, two iris scans and a photograph – 13 biometrics. Their is a check to see that this person has not registered already and then a number is issued to them.
Phone Number – People today often have a personal number that they use across many different contexts. It is common place to ask for a phone number to be able to contact a person. What people don’t know is that those are used to look people up in data broker services. The phone number is used to link together activity across contexts.
E-mail Address – Many people have one personal address and use it These are often used across different contexts. What people don’t know is that those are used to look people up in 9data broker services like RapLeaf.

Assigned Identifiers

These are assigned to individuals by systems of government and businesses to support them being re-identified when they return to an entity to interact again.  This is from section 7.4.2 of the PCIM Validation Standard.

Once associated with a person, an assigned identifier uniquely distinguishes that person from all other persons in a population without the use of any other identity attributes. Examples of assigned identifiers include birth registration numbers, driver’s license numbers, and social insurance numbers. The following considerations apply to the use of assigned identifiers:

  • Assigned identifiers may be kept internal to the program that maintains them. Examples of internal assigned identifiers are database unique keys and globally unique identifiers.
  • Assigned identifiers maintained by one program may be provided to other programs so that those programs can also use the assigned identifier to distinguish between different persons within their program/service population; however, there may be restrictions on this practice due to privacy considerations or legislation.
  • Certain assigned identifiers may be subject to legal and policy restrictions. For example, the Government of Canada imposes restrictions on the collection, use, retention, disclosure, and disposal of the social insurance number.

 

Directed Identifiers

A directed identifier is created to support individuals using different identifiers in different contexts. The purpose of this is to inhibit the ability to link records across contexts.
Examples
The British Columbia eID System – This system enrolls citizens and issues a card to them. When the card is used to access different government systems by the citizens. It does not use one identifier for the citizen. Rather for each system it uses a different identifier for the system – an identifier directed for a particular system.

Decentralized Identifiers, DIDs this type of identifier can be easily created and therefore can be directed – meaning that individuals only use a particular DID for interacting with a particular institution.  The reverse is also true. Institutions can created a separate DID for each connection they have to each individual.  Sovrin and Veres One are working on creating ways for directed identifiers being accessible to individuals and institutions to manage their connections to one another.

Defacto Identifiers

By combining a name names, and key attributes together systems use this combination to create a defacto identifier which uniquely identifies a person often in the context of a whole society. An example is the us of “name” “birth date” and “birth place”. It seems innocent enough to be asked for one’s name, birthdate and place but this becomes a persistent correlateable identifier to link and track activity across many systems. The creation of defacto identifiers that are persistent and correlateable limits people’s ability to control how they present in different contexts.

In the process of creating a feedback loop related to this article Tim pointed to section 7 of this work under development by thePan Canadian Identity Management efforts. Now his definition above makes more sense. In section 7.4 they talk about identity this way.  They are oriented to defect identifiers to ensure uniqueness.

A property or characteristic associated with an identifiable person is referred to as an identity attribute or an identity data element. Examples of identity attributes include name, date of birth, and sex. For any given program or service, identity information is the set of identity attributes that is both:

  • Sufficient to distinguish between different persons within the program/service population (i.e. achieve the uniqueness requirement for identity); and
  • Sufficient to describe the person as required by the program or service.

Section 7.4.1  says this:

The set of identity attributes that is used to uniquely distinguish a unique and particular person within a program/service population is referred to as an identifier

Opaque Identifiers

An opaque identifier is one that does not give away information about the subject it identifies.
Examples of Opaque Identifiers
The BC Government eID program has at its core an opaque identifier on each card – it points to their card record. It is just a number with no meaning. If they loose their card a new opaque identifier is issued for their next card.
Examples of Non-Opaque Identifiers

Examples of Non-Opaque Identifiers

National Identity Number in South Africa contains a lot of information it is a 13-digit number containing only numeric characters, and no whitespace, punctuation, or alpha characters. It is defined as YYMMDDSSSSCAZ:

  • YYMMDD represents the date of birth (DoB);
  • SSSS is a sequence number registered with the same birth date (where females are assigned sequential numbers in the range 0000 to 4999 and males from 5000 to 9999);
  • C is the citizenship with 0 if the person is a SA citizen, 1 if the person is a permanent resident;
  • A is 8 or 9. Prior to 1994 this number was used to indicate the holder’s race;
• Z is a checksum digit.
The US Social Security Number is created via a formula and so the number gives away information about the person it identifiers.
Phone numbers give away information about the metro region that a person was issued the number from.

End-Point

Some identifiers that represent people are also end-points to which messages can be sent.

Physical Address

It is often forgotten in conversations about digital identity that we had a system of end-points for people before networks known as a mailing address. They system of mailing addresses was developed and is maintained by the US postal service.

Network Address

Phone Number – Now with cellular phones people have their own phone numbers (not just one for a household or their workplace as a whole). This permits both voice calls being made, text messages and MMS Multi-Media messages. The name space for phone number originates from the ITU-T. They are globally unique. They are also recyclable.
E-mail Address – These addresses permit people to send messages to the address they have. They are globally unique. The name space for domain names resides with ICANN. They are also recyclable.

Device Identifier

Many digital devices have unique identifiers. Activity on digital networks can be linked together by tracking these activity originating from particular devices even if people using them .

Non-End-Point

These are identifiers that do not resolve in digital or physical networks.

Document Identifiers

Documents like birth certificates have serial numbers that identify the document.

Document Validation Systems

These systems are used to look up which documents are infact valid. When properly constructed they don’t give away any information about the person. Those using the system type in the serial number of the document and information it contains and the system simply returns a Yes/No answer about weather it is valid or not.

Beacons

A beacon actually broadcasts from a digital device a persistent correlateable identifier to any device that asks for it. It creates a form of tracking people and their devices in the physical world.
Examples
RFID chips, cellular phones, laptop computers

Polymorphic

These systems generate different identifiers depending on context.
Examples
The BC eID system way of using one card that then supports the use of different identifiers depending on context.

Time Limited & Revocable

Some identifiers are created and point at a person but are revocable. An example is a phone number that is after one stops paying one’s phone bill for a month is re-assigned to another person. An employee at a company may have an employee number that is revoked (no longer valid) once employment is terminated. A passport number is an identifier that has a time limit it is good for 5 or 10 years. A landed immigrant card (green card) in the US is only good for 10 years.

Un-Revocable

These identifiers are persistent and are not revoked. Examples include Social Security Numbers.

Identifier Issues

Identifier Recycling

Some identifiers are in systems where identifiers that point at one person can be discontinued (they stop paying their phone bill or using their e-mail address) and then the identifier can be re-assigned to a different user.

Delegation (Acting on Behalf of Another)

This functionality is critically to a variety of user populations. Elders who want to delegate access to their accounts children. Service professionals who have contractual relationships with clients such as an accountant managing access to financial & tax records. Most systems are designed with an assumption that people themselves are the only one accessing accounts. This creates a problem when people want to delegate access they have to turn over their own credentials so the person they are delegating to “pretends” to be the actual user.

Stewardship (Care-Taking – Oversight)

Their is another role that is slightly different then delegation when someone turns over a power of attorney like function for a particular account/set of functions. Stewardship of identity is the type of relationship a parent has for a child’s identity or the type of care needed to help the mentally disabled with their interactions online.

The Mesh of Pointers

We end-up with a way that identifiers work together as a web of pointers towards a particular individual.

 
 
 

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 1 Intro + What is Identity

· · 1 Comment

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Introduction

I was attending a day long think tank called Forces Shaping the Future of Identity hosted by the Office of the Director of National Intelligence and facilitated by the Institute for the Future. A man in the audience pipped up “Are we going to Define what we mean by Identity?” I smiled :).  One can’t go very far in a conversation about identity before someone asks “that” question. It always is asked when space is opened up to discuss the topic.
I have been engaged with communities of technology professionals and with forward looking civil society organizations circling around the question what is Identity for over 10 years. The simple one-liner comprehensive definition that I use is Identity is socially constructed and contextual. However it’s just one line.  This paper is a Field Guide covering core concepts along with a visual language to represent them so we can talk about it in a meaningful way across the whole lifecycle from cradle to grave, both online and off and in other times.  It builds on the model we used for the Field Guide to Trust Models that I co-wrote last year for the ID360 Conference.
Part 2: Names, Part 3: Identifiers  Part 4: Name Space, Attributes and Conclusion.
This is Part 1:

What is Identity?

Identity is socially constructed and contextual.

Our sense of self arises first from our social interactions with our family of origin.  Humans are unique animals in that 80% of our brain growth happens outside of the womb in the first three years of life. Our family of origin is within the context of a community and in this age broader society that ultimately reaches to be global in scope.
The names we have, identifier systems, attributes that are articulated all depend on our context and from there the social constructions that define these.

Sense of Self

We are told who we are by our family – they give us a name and share with us who we are.
When does it begin? When people recognize you?
When are we recognized as a person?  Different cultures have different traditions.
I have had a connection with the 3HO Sikh community. When a woman is 120 days pregnant there is a celebration to welcome the spirit of the child into the community. Women who give birth in that tradition stay at home and don’t go out for 40 days after the child is born.

Self as a Part of Something Greater

We are defined by who we are connected to. Our identities as part of something greater. Children seek to understand their environment to understand where they fit in. An example from my childhood is one my first memories.  I remember a Canada Day Celebration we attended in Hastings Park. Being Canadian is to be mutli-cultural. The day had different ethnic communities performing on a stage different folk dances while dressed in traditional dress. At some point they handed out Canadian flags on 30 centimeter (12 inch) flag poles with a stand made out of shiny gold colored plastic in a box. It symbolizes this point in time where I understood myself to be part of something bigger to be part of the nation I was born in along with understanding some key values.

Projection of Self

We begin to understand who we are by projecting ourselves into these contexts we find ourselves and learning from the response – shaping ourselves.
There is an African saying/word –  Ubuntu – I am because you are. We are the authors of each other.

Context of Observation

The context of observation matters for shaping our identities. It defines the scope of our freedom expression our ability to make choices about context.
There are three different types of observation that are quite different.
Being Seen – a mutual act. I see you, You see me. We see each other.
Being Watched – this is where one is observed but it is not known by the observee. However it is known to the observee that they might be watched for example walking down one’s street, one knows that one could be seen by any of one’s neighbors looking out their window. One also knows that being inside of one’s own home prevents one from being watched. When walking into a store one knows that the storekeeper will see us, watch us in the store and we know that when we leave the store they will not be able to watch us. When we return to the same store they will likely recognize us (because we are returning in the same body) and know something about us based on prior interactions. In time a relationship of knowing might develop.
It should be noted that our bodies in physical space give away attributes about us that we can not proactively hide. Because we live in a society that is full of implicit bias the experiences of different types of people is different in the world.  Banaji’s work on implicit bias is a starting point. Following the Trayvon Martin verdict the president gave a speech where he said that before he was president he regularly was shadowed while shopping in stores because he was stereotyped. My partner had this happen to him this fall while shopping at Old Navy and it was not the first time.
Being Stalked – This is what happens when the watching shifts from an appropriate happenstance window of time. To watching over time and space – to following and monitoring our behavior without our knowledge.

Self in Small Society

I have often heard it said that with the advent of what appears to be ubiquitous digital identity and the fact that we can be “seen” is just like it was when we lived in small societies.

In small societies it is said that there is no privacy – everyone knows everyone’s business. Their is another layer there is a relational human connection that weaves the people in this context together.
They know each other, they can understand when they are seen and know they are being watched as the move about town.
In a a small society you also know when you are not being watched when you are in your own home with your blinds drawn.
A mesh-network of relationships that form over life and inter-generationally that inform identity and role in the society.

Self in Mass Society

The self of is shaped by living in a mass society.
We developed systems using the technology of paper and bureaucratic record keeping of the state as way to give abstract identity to citizens to provide them services. This began first with the pensions given to civil war veterans. In the 1930’s a system was developed to support people paying for and getting Social Security benefits. The advent of cars as machines that people operate gave rise to the development of licensing of people to be able to drive the vehicles. These all assigned people numbers by the state so they can present themselves to the state at a future time and be recognized. It is vital to remember that we are not our government issued paperwork. We are people with our own identities, our own relational lives in our communities. We must not mistake how identity in mass society operates for what it is a system, a set of technologies to manage identity in mass society.

Self in Communities

Communities provide the middle ground in between the Small Society and Mass Society modalities of Identity. Communities of interest, communities of practice and geography give us the freedom to move between different contexts and develop different aspects of ourselves. This type of contextual movement and flexibility is part of what it mean to live in cities and particularly large cities. Where people in one context would not necessarily share other contexts. The freedom to move between different contexts exists in the digital real. The internet enabled those in more remote locations to also participate in communities of interest and practice well beyond what they could access via their local geography. We need to work to ensure the freedom to move between communities is not implicitly eroded in the digital realm. One key way to do this is to ensure that people have the freedom to use non-corelateable identifiers (pseudonyms) across different contexts they do not want linked.

Self in relationship to Employers

The power relationship between an employee and an employer is quite clear. The employer does the vetting of potential new employees. They are hired and given access to the employers systems to do work for them. When the employee was no longer working for a company because of any number of reasons – retirement, resignation, termination – the employer revokes the employees ability to access those services. This power relationship is NOT the same of an individual citizen’s relative to their government or the power relationship of a person relative to communities they participate in. In both cases the person has an inherent identity that can not be “revoked”.

Power and Context

The Self in a Small society is embedded in a social mesh one can not escape. There is no “other place” and one is defined in that society and because it is so small one can not leave.
The self in a Mass society is in a power relationship with the state. Where one has rights but one also must use the identification system they issue and manage to interact and connect with it.

The self in community gets to navigate a myriad of different ones each with its own social constructions and how power operates and flows within it. (egalitarian, religions, social) communities, work places (traditional owner, worker | worker owners | holocracy).

Abstraction

The start of all our conversations about people’s identity comes from being embodied beings. The beauty of the digital realm is that we can abstract ourselves from our bodies and via digital identities interact via digital media. This gives us the freedom to connect to communities beyond those we could access in our local geographic location.
Atoms and Bits
Atoms and Bits are different. The difference between them is still not well understood.

  • “Atoms” Physical things can only be in one place at one time.
  • “Bits” Can be replicated and be in two or more places at once.

Physical Body

Atoms – We each have only one physical body. Our physical bodies can only be in one physical place at once. It is recognizable by other humans we meet and interact with. Because it is persistent we can be re-recognized and relationships can grow and evolve based on this. When we move between contexts in physical space – we can be recognized in different ones and connections made across them. We also have social norms, taboos and laws that help us maintain social graces.

Digital Representation

Bits – When we create digital representations of ourselves we get to extend ourselves – our presences to multiple places at the same time. We can use a digital identity that is strongly linked to the identity(ies) and contexts we use/have in the physical world. We also have the freedom to create a digital representation that steps out of the identity we occupy in the physical realm.
We can be an elf or an ork in a online game.
We can cloak our gender or choose to be a different gender.
We can cloak our race or choose to be a different one when we represent ourselves online.
We can interact on a level playing field when in the physical realm we are confined to a wheel chair.
These identities we create and inhabit online are not “fake” or “false” or “not real”. They are representations of the self. The digital realm is an abstraction and gives us the freedom to articulate different aspects of ourselves outside of the physical world.

Digital Dossier

In the digital realm because it is en-coded means that our our movements around digital space leave trails, records of the meta-data generated when we click, type, post a photo, pay for a song do basically anything online. We leave these behind and the systems that we interact with collect them and reconstruct them to develop a digital dossier of us. This behavior if it happened in the world of atoms in the physical space would be considered stalking. We have a stalker economy where our second selves are owned by corporations and used to judge us and target things at us.

Power in Space & Relationships

The freedom of people to transend aspects of identity from the physical world is disruptive to some of default power dynamics.

Disrupting Privilege

The push back against Google+’s requirement for the use of “real names” was lead by women and others who use the freedom of the digital realm to step out of the bias they experience in the physical world.
The people who were pro-real name were largely white men from privileged positions in the technology industry and implicitly through the support of the policies wanted the default privileges they enjoyed in the physical realm to continue into the digital.

Shape of Space

In the physical world we understand how different physical spaces work in terms of how big they are, how many people are in them, what the norms and terms and conditions are. We know that based on these we have a social understanding.
The challenge in the digital world is that the space is shaped by code and defined by the makers of the contexts. These contexts can change at their will. As has happened repeatedly with Facebook’s changing settings for who could see what personal information. This instability creates mistrust particularly by vulnerable people in these systems.
The commercial consumer web spaces currently have a structure where they collect so much information about us via their practices of stalking us digitally. They have enormous power over us.

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 2: Names

· · Leave a Comment

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.
Part 1: Intro + hat is Identity?   Part 3: Identifiers  Part 4: Name Space, Attributes and Conclusion.
This is Part 2:

Names

Names are what we call ourselves and what others call us. They are a special kind of identifier because they are the link between us and the social world around us. We present ourselves using names so people know how to refer to us when talking to others or call us when they are talking to us. They convey meaning and have power.
Digital devices can also have names are defined by the administrators of these devices. Places have names given to them by people in a given context these help us refer to a geographic location. It should be noted that the names first nations (indian or native american) people had for places are different then the ones that the American’s colonized their land used.

Given Names

These are the names our parents give us when we are born. In America we have a naming convention of a first name and last name. This convention originates from ___ when states were seeking to impose control.

Name structure in various cultures

Different cultures have very different naming conventions. In Hong Kong their is a convention of an english first name written in English and a Chinese character written last name. In Mayanmar everyone has a first name.

Meaning in Wisdom Traditions

Different wisdom traditions ascribe different ways to interpret and ascribe meaning in names.

NickName

These arise when people start to refer to us by a different name then the name we might give ourselves. We can take these on and they can become our name. They might arise from our families, from school, from sports teams, social clubs, work places. In these different contexts, the name that we are referred to may have nothing to do with the name our our birth certificate and the people using the name to refer to us.

Name on Government Issued Paperwork

We have a convention in the liberal west of registering names with the state. This originated out of several practices in the last several hundred years. One key aspect of this is to both provide services to citizens but also to control citizens.

Pen Name / Stage Name

A name used by artists for their artistic expression and authorship. It does not match the name on government issued paperwork and is often used to obscure the link between such authorship and government paperwork names so that they are free to express themselves artistically.

Autonym

A name that one uses to refer to themselves. An example is that when Jorge Mario Bergoglio became pope he chose to become Pope Francis.

Pseudonym

A name that one uses to interact in various contexts that may be linked one’s name on one’s government issued paperwork. Bob is clearly linked to the name Robert or Barb to Barbara or Liz to Elizabeth on government issued paperwork. It is important to note that many non-european languages also have examples of these.

Mononym

This is name consisting of a single word. Examples include Stilgarian and Sai. Madona or Cher are examples of Pseudonymous, Mononym, Stage Names

Handle

A name that one uses to represent ones digital identity in online contexts. It arose in computer culture when people needed to have a user name within a computer system. This is closely related to Screen names.

Screen Name

The name that one chooses to have displayed on screen. In a system like World of Warcraft the service knows identity information of their clients who pay monthly to access their service. They choose to support those player presenting to the other players on the system and forums a “screen name” that reflects their gaming persona or character name.

Name Haystack

Different Names have different qualities of hiding in the haystack of the similar or the same names. Some people have huge name – haystacks where tens of thousands people have the same name – Mike Smith, Joe Johnston, Mohamed Husain, Avi Blum, Katherine Jones. Mike Garcia who works for NIST said that there were 17 different Mike or Michael Garcia’s. People use pseudonyms to help manage the fact that name-haystacks exist making them more or less identifiable depending on the size of theirs.

Roles

RBAC – Roll Based Access Control is based on managing the rights and privileges for digital systems based on roles. When a person gets a role assigned to them the inherit the privileges.
Community groups also have different roles that might have . Earn role from getting a degree.

Titles, Given and Created

There is a history of titles being pasted down.
Eastern Wisdom Traditions pass them down from guru to student creating lineage’s.
I have had conversations with friends about who the next “Identity Woman” might be. This identity that I have constructed to hold an aspect of my self – work focused on people’s rights around their digital selves. I could see at some point handing this identity over to someone else who wants to continue the torch over.

Collective Single Identity

Theses identities are co-created by two or more people. They are managed and maintained and people jointly act together to create a persona.

 
 
 

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 3: Identifiers

· · 1 Comment

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick.
Part 1:  Intro + what is Identity?   Part 2: Names   Part 4: Name Space, Attributes and Conclusion.
This is Part 3:

Identifiers

For people Names are a special class of Identifiers. They are both self-asserted by people and are used to refer to them and acknowledge them in social context.

System Identifiers

In systems, bureaucratic, digital and techno-bureaucratic identifiers are alpha numeric string pointers at/for people in systems.
This may seem simple but their are many different types and a person with a record in a system will likely have more then one type. To get these different types of identifiers I will share different examples.

Persistent Correlateable Identifiers

This type of identifier is re-used over time within contexts and across multiple contexts.
Examples
Student Number – When I enrolled at my university I was assigned an 8 digit student number. This number was persistent over my time as a student at the school. When interacting with school institutions I was asked to share this number so that activity could be linked together across different facets of the institution.

Social Security Number – This number is issued by the federal government to those born in the US as part of the standard process for being born. It is meant to help those who submit money to the SSN system and when they retire be able to collect money from the system.
Phone Number – People today often have a personal number that they use across many different contexts. It is common place to ask for a phone number to be able to contact a person. What people don’t know is that those are used to look people up in data broker services. The phone number is used to link together activity across contexts.
E-mail Address – Many people have one personal address and use it These are often used across different contexts. What people don’t know is that those are used to look people up in 9data broker services like RapLeaf.

Directed Identifiers

A directed identifier is created to support individuals using different identifiers in different contexts. The purpose of this is to inhibit the ability to link records across contexts.
Examples
The British Columbia eID System – This system enrolls citizens and issues a card to them. When the card is used to access different government systems by the citizens. It does not use one identifier for the citizen. Rather for each system it uses a different identifier for the system – an identifier directed for a particular system.

Defacto Identifiers

By combining a name names, and key attributes together systems use this combination to create a defacto identifier which uniquely identifies a person often in the context of a whole society. An example is the us of “name” “birth date” and “birth place”. It seems innocent enough to be asked for one’s name, birthdate and place but this becomes a persistent correlateable identifier to link and track activity across many systems. The creation of defacto identifiers that are persistent and correlateable limits people’s ability to control how they present in different contexts.

Opaque Identifiers

An opaque identifier is one that does not give away information about the subject it identifies.
Examples of Opaque Identifiers
The BC Government eID program has at its core an opaque identifier on each card – it points to their card record. It is just a number with no meaning. If they loose their card a new opaque identifier is issued for their next card.
Examples of Non-Opaque Identifiers
National Identity Number in South Africa contains a lot of information it is a 13-digit number containing only numeric characters, and no whitespace, punctuation, or alpha characters. It is defined as YYMMDDSSSSCAZ:

  • YYMMDD represents the date of birth (DoB);
  • SSSS is a sequence number registered with the same birth date (where females are assigned sequential numbers in the range 0000 to 4999 and males from 5000 to 9999);
  • C is the citizenship with 0 if the person is a SA citizen, 1 if the person is a permanent resident;
  • A is 8 or 9. Prior to 1994 this number was used to indicate the holder’s race;
• Z is a checksum digit.
The US Social Security Number is created via a formula and so the number gives away information about the person it identifiers.
Phone numbers give away information about the metro region that a person was issued the number from.

End-Point

Some identifiers that represent people are also end-points to which messages can be sent.

Physical Address

It is often forgotten in conversations about digital identity that we had a system of end-points for people before networks known as a mailing address. They system of mailing addresses was developed and is maintained by the US postal service.

Network Address

Phone Number – Now with cellular phones people have their own phone numbers (not just one for a household or their workplace as a whole). This permits both voice calls being made, text messages and MMS Multi-Media messages. The name space for phone number originates from the ITU-T. They are globally unique. They are also recyclable.
E-mail Address – These addresses permit people to send messages to the address they have. They are globally unique. The name space for domain names resides with ICANN. They are also recyclable.

Device Identifier

Many digital devices have unique identifiers. Activity on digital networks can be linked together by tracking these activity originating from particular devices even if people using them .

Non-End-Point

These are identifiers that do not resolve in digital or physical networks.

Document Identifiers

Documents like birth certificates have serial numbers that identify the document.

Document Validation Systems

These systems are used to look up which documents are infact valid. When properly constructed they don’t give away any information about the person. Those using the system type in the serial number of the document and information it contains and the system simply returns a Yes/No answer about weather it is valid or not.

Beacons

A beacon actually broadcasts from a digital device a persistent correlateable identifier to any device that asks for it. It creates a form of tracking people and their devices in the physical world.
Examples
RFID chips, cellular phones, laptop computers

Polymorphic

These systems generate different identifiers depending on context.
Examples
The BC eID system way of using one card that then supports the use of different identifiers depending on context.

Time Limited & Revocable

Some identifiers are created and point at a person but are revocable. An example is a phone number that is after one stops paying one’s phone bill for a month is re-assigned to another person. An employee at a company may have an employee number that is revoked (no longer valid) once employment is terminated. A passport number is an identifier that has a time limit it is good for 5 or 10 years. A landed immigrant card (green card) in the US is only good for 10 years.

Un-Revocable

These identifiers are persistent and are not revoked. Examples include Social Security Numbers.

Identifier Issues

Identifier Recycling

Some identifiers are in systems where identifiers that point at one person can be discontinued (they stop paying their phone bill or using their e-mail address) and then the identifier can be re-assigned to a different user.

Delegation (Acting on Behalf of Another)

This functionality is critically to a variety of user populations. Elders who want to delegate access to their accounts children. Service professionals who have contractual relationships with clients such as an accountant managing access to financial & tax records. Most systems are designed with an assumption that people themselves are the only one accessing accounts. This creates a problem when people want to delegate access they have to turn over their own credentials so the person they are delegating to “pretends” to be the actual user.

Stewardship (Care-Taking – Oversight)

Their is another role that is slightly different then delegation when someone turns over a power of attorney like function for a particular account/set of functions. Stewardship of identity is the type of relationship a parent has for a child’s identity or the type of care needed to help the mentally disabled with their interactions online.

The Mesh of Pointers

We end-up with a way that identifiers work together as a web of pointers towards a particular individual.

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 4: Name Spaces, Attributes, Conclusion

· · 1 Comment

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.
Part 1: Intro + What is Identity?   Part 2: Names   Part 3: Identifiers
This is Part 4:

Name Spaces

Different identifier systems work differently some originate from physical space and others operate purely in the digital realm.

Local

A great example of a local name space in the physical world is a school classroom. It is not uncommon in american classrooms that when there is a name space clash – that is two people have the same name in the same space – they take on different names to be identifiable within that context. Take for example those with the names “Stowe” “Fen” and “Chris” – each is one part of the name Christopher : Chris – Stowe – Fer. When they were in grade school each took on a different part of the name and it stuck with them.

Global

These names spaces mean that identifiers within them are unique and global. Phone numbers, domain names and thus e-mail addresses.

Private

Some private name spaces seem like global name spaces but they are run by private companies under privately decided terms and conditions. Examples include skype handles, twitter handles,

International Registry

These are identifiers in a global space that are registered and managed globally an example is domain names.

Attributes

Self Asserted

These are attributes that people self defined. They include things that are subjective like “favorite color” or “name”

Inherent

These arise from the individual and typically do not change (such as birth date) and are not as morphable. Sex and ethnic identity are things that people have and display in the physical world that don’t (typically) change throughout one’s life.

Ascribed

These are attributes that are given to us by others or by systems. This may include names that are imposed on us by social convention and or power relationships.

Assigned

These are attributes that are given to us by others or by systems.
Examples:
Social Security Numbers are assigned by the Social Security Administration.

Conclusion

Identity is a big topic and outlining the core concepts needed to understand it was the purpose of this paper. We need to think about how the systems that manage identity are structured. Are they designed to have power over people, supporting people having power with one another or enabling power to be networked between us to create something greater then ourselves. These questions are relevant across the whole life-cycle of identity from cradle to grave.