Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Microsoft

The Seven Laws of Identity 250

pHatidic writes "Something strange is a brewin' at Microsoft these days. Check out this video interview with Kim Cameron, Microsoft's Architect of Identity, about Kim's Laws of Identity." From the post: "We have undertaken a project to develop a formal understanding of the dynamics causing digital identity systems to succeed or fail in various contexts, expressed as the Laws of Identity. Taken together, these laws define a unifying identity metasystem that can offer the Internet the identity layer it so obviously requires. They also provide a way for people new to the identity discussion to understand its central issues. This lets them actively join in, rather than everyone having to restart the whole discussion from scratch."
This discussion has been archived. No new comments can be posted.

The Seven Laws of Identity

Comments Filter:
  • I win! (Score:5, Funny)

    by Anonymous Coward on Saturday July 23, 2005 @06:28PM (#13146448)
    "We have undertaken a project to develop a formal understanding of the dynamics causing..."

    Bingo! [perkigoth.com]
  • Obviously? (Score:5, Insightful)

    by Atlantis-Rising ( 857278 ) on Saturday July 23, 2005 @06:30PM (#13146453) Homepage
    ...that can offer the Internet the identity layer it so obviously requires.

    It obviously requires an identity layer? News to me. As a card-carrying member of the tinfoil hat brigade, I prefer anonimity.

    • No, but probably (Score:5, Insightful)

      by Anonymous Brave Guy ( 457657 ) on Saturday July 23, 2005 @06:43PM (#13146511)

      You're entitled to your tinfoil-wrapped opinion, of course, but as I always point out in these discussions, there would be a lot of advantages to having some form of confirmed identity connected with Internet-based activity, even if it's generally concealed or only anonymously verifiable except to suitable authorities.

      If everything could ultimately be tracked back to you eventually, things like spamming, virus distribution, defamation, on-line fraud, and numerous other harmful behaviours would be dramatically reduced. You could improve a lot of people's lives here.

      Of course, you also have to identify "suitable authorities" who should get the right to access this information. That might be relatively easy in the West -- we have court systems that most people would probably trust to issue such orders if and when necessary -- but the Internet is international and what's free speech to you might be illegal anti-government propaganda in certain other places.

      Personally, I think most of the supposed advantages of anonymity on the Internet are illusory anyway. Does anyone really believe that all these people in China are happily speaking freely on the Internet as it stands today anyway?

      Hence, on balance, a reliable identity system gets my conditional agreement, subject to the devil in the details of course.

      • Re:No, but probably (Score:5, Interesting)

        by kaens ( 639772 ) on Saturday July 23, 2005 @07:19PM (#13146685)
        There would be advantages to having the ability to trace back all online activities to someone - you are correct in saying that spamming, virus distribution, etc could be reduced. The problem, of course, is the "suitable authorities" issue. If implemented, something like this would have a lot of chances for abuse.

        I honestly would not trust anybody with a position of political power to have the capability of tracking back everyone's online activities - there is too much of a chance that it would eventually get used for reducing more than just the harmful activities, it could get used for reducing the amount of people in the public that have dissenting opinons.

        Also, even if the capability could be introduced, it would be cracked/spoofed/worked around somehow eventually, unless there was some sort of way to prevent computers from communicating with each other in the ways that they currently do, and some sort of way to prevent people from creating their own networks.

        Subject to the devil in details, agreed. The thing is, who do you think would have control over what the details are? As it stands not you or I.

        • it could get used for reducing the amount of people in the public that have dissenting opinons.

          Really? If everyone knew everything you did online, are you so sure that your opinion would somehow go away?

          Also, even if the capability could be introduced, it would be cracked/spoofed/worked around somehow eventually, unless there was some sort of way to prevent computers from communicating with each other in the ways that they currently do, and some sort of way to prevent people from creating their own net
          • by Anonymous Coward
            Really? If everyone knew everything you did online, are you so sure that your opinion would somehow go away?

            If the wrong person found out the wrong thing about me and people like me, I'd be worried that I and the others who share my opionions might be made to "somehow go away".

            Never underestimate the danger of corrupted power.

      • As you said it, there IS already an identity system in place. There is Carnivore in the US, China probably has something too. The World, as it is right now, it's organized into countries and nations. How are you gonna come in and tell China how to run their country? The only official entity that could do that with some kind of moral authority would be the UN, which already goes meddles in the internal affairs of countries over human rights violations and stuff. It's a lot more preferable when the UN tells y
      • If everything could ultimately be tracked back to you eventually, things like spamming, virus distribution, defamation, on-line fraud, and numerous other harmful behaviours would be dramatically reduced. You could improve a lot of people's lives here.

        Spamming and virus distribution can already be tracked back to a certain degree. Both are done by zombies and no identity system will solve that.

        As for defamation, that can, also, be easily tracked by legally requesting the logs of the server involved.

        Fra

      • At the moment, we have the certificate authorities who have self-appointed themselves as the arbiters of what is legitimate, and what is not. Unfortunately, they are driven by money, being commercial bodies, so the bad guys only need to provide enough cash to appear as legitimate.

        Also, at the moment, we have a strong need for anonymity, for whistle blowers, and other people who can not speak publicly for fear of backlash (e.g. Deep Throat). That is almost achieved with the massive amounts of network traf

      • there would be a lot of advantages to having some form of confirmed identity connected with Internet-based activity, even if it's generally concealed or only anonymously verifiable except to suitable authorities.

        There'd be a lot of advantages to ubiqutuous telescreens too. Doesn't make them any less dystopian.

        A "suitable authority" which makes the rules and to whom your actions are 100% accountable to is your master, no bones about it. Once they can not only make all the rules but enforce them too

      • If everything could ultimately be tracked back to you eventually, things like spamming, virus distribution, defamation, on-line fraud, and numerous other harmful behaviours would be dramatically reduced.

        Identiy systems are the wrong solution to legitimate problems.. Spam and viruses are technology problems and thus can be fixed by technology. (My spam filter eliminates about 99.5% of junk and I don't deal with viruses on Linux or OSX machines) Defamation can already be handled through the same legal me
    • Re:Obviously? (Score:5, Insightful)

      by pHatidic ( 163975 ) on Saturday July 23, 2005 @06:47PM (#13146531)
      It obviously requires an identity layer? News to me. As a card-carrying member of the tinfoil hat brigade, I prefer anonimity.

      You can have both, i.e. you can have strong identity and strong anonymity at the same time. For example, your television and coffee maker can have an identity without comprosing your personal anonymity. Furthermore, identity is only a record of your actions. You can create a record of your actions without actually tying that record to yourself. This way you give your anonymous speech more credibility without compromising your privacy.

      • Re:Obviously? (Score:2, Interesting)

        by it_flix ( 808213 )
        For example, your television and coffee maker can have an identity without comprosing your personal anonymity. But your coffee habits and program choices can reveal a lot about your personal identity. Especially if the coffee maker and the tv can be tied together.
      • "You can create a record of your actions without actually tying that record to yourself."

        There are two problems with this statement. First, even if this identity is not tied to yourself, it is possible to have investments in it, and thus you place some worth in it, for instance credit history. Second, if a singular identity system becomes standard on the internet, I would not be surprised in the least if the government passes legislation forcing internet identities to be tied to "real" identities. Even
    • Anonymity (Score:5, Informative)

      by mosel-saar-ruwer ( 732341 ) on Saturday July 23, 2005 @07:02PM (#13146591)

      As a card-carrying member of the tinfoil hat brigade, I prefer anonimity

      Here are the seven principles, in abbreviated form [if anyone could make voodoo dolls of the creators of the PDF format, and stick pins in their - ah - whatevers, I'd be most grateful]:

      1) User Control and Consent
      Technical identity systems must only reveal information identifying a user with the user's consent.

      2) Minimal Disclosure for a Constrained Use
      The solution which discloses the least amount of identifying information and best limits its use is the most stable long term solution.

      3) Justifiable Parties
      Digital identity systems must be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

      4) Directed Identity
      A universal identity system must support both "omni-directional" identifiers for use by public entities and "unidirectional" identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

      5) Pluralism of Operators and Technologies
      A universal identity system must channel and enable the inter-working of multiple identity technologies run by multiple identity providers.

      6) Human Integration
      The universal identity metasystem must define the human user to be a component of the distributed system integrated through unambiguous human-machine communication mechanisms offering protection against identity attacks.

      7) Consistent Experience Across Contexts
      The unifying identity metasystem must guarantee its users a simple, consistent experience while enabling separation of contexts through multiple operators and technologies.

      I'm with you: Any WWW/Internet-ish global identity management system is gonna need a principle zero:
      0) Anonymity.
      All users are free to opt to retain their anonymity.
      With the understanding that the subsequent rules 1-7 apply only to those users who chose to forgo their principle zero rights.

      • Re:Anonymity (Score:3, Informative)

        by pHatidic ( 163975 )
        Actually, rule zero is really that there is no global identity management system. Kim says this several times in the video, although this point never really came through strongly enough in the laws.
      • Any WWW/Internet-ish global identity management system is gonna need a principle zero: All users are free to opt to retain their anonymity.

        That's a one-sided bargain. You're always free not to use any service on the Internet and to retain your anonymity. Whether you should be able to retain your anonymity and still use the service is a different principle entirely.

        OT note: Is Slashdot really allowing ads with pop-ups now? Firefox just told me it blocked a pop-up for some survey company, which matche

      • to have anonyminity, you have to start anonymous? You already do not have that. Lets assume that you are using MS Windows. If so, then better than average chance that you have spyware, so you are broadcasting to the world. But lets assume that you instead start with a reasonable secure system (anything else). Do you really think that you are not known? The patriot Act gave the DOJ the same capabilities to the DOJ that CIA/NSA have. If NSA is able to tap nearly all communication in other countries, how hard
      • I read through the crap, and I was just gonna come and say law 0 is missing, but I see a whole lot of people were thinking the same.

        Still, imagine if everyone would have a voting ID/password, and in the next election you could vote with it, whether from your home computer, or walking to a public terminal and using the ID there. It would be different from your social security number, and only you, and the government would know which voting ID corresponds to which registered voter/SS number. Unique assignmen
    • It obviously requires an identity layer? News to me. As a card-carrying member of the tinfoil hat brigade, I prefer anonimity.

      Then why are you posting as Atlantis-Rising and not as Anonymous Coward?

      Identity and anonymity are not mutually exclusive. Slashdot has identified you as Atlantis-Rising. They need to identify you in order to provide you with your karma bonus, your custom homepage, and so on.

      So long as an identity system is not required to link an identity to a particular real-world perso

    • Example, "crypto ID": run a secure hash over your public x509 cert, and voila, ID number. If you can sign with that cert, you've proven your ID. Doesn't mean a damn thing, of course, except that you're someone with the private key to that cert.

      The hard part is linking abstract bits to offline identity. And I agree, every use of that I can imagine is at best unnecessarily nosy for the sake of mere convenience, at worst a platform for discriminatory censorship, DRM, panoptic tracking, and intrusive data-mini
  • by realmolo ( 574068 ) on Saturday July 23, 2005 @06:33PM (#13146469)
    We all know that the only 2 rules are going to be:

    1. Any corporation can find out whatever they want to about you for whatever reason, and use that information for any purpose they see fit.

    2. Rule number 1 also applies to city/state/federal governments

    I wish I was joking, but I'm not.
    • 3. While it will be confidential information that shouldn't be shared without some form of regulation, losing said information off the back of a truck means that the negligent companies will recieve a stern talking to and a slap on the wrist.
  • say what (Score:3, Interesting)

    by ta ma de ( 851887 ) <chris.erik.barne ... RISom minus city> on Saturday July 23, 2005 @06:34PM (#13146473)
    identity layer it so obviously requires

    Says who? How can something that is inanimate require anything? People create requirements. Maybe M$ needs the internet to have an identity layer, I say, tough noogies for them. I don't require the internet to have an "identity layer." And since I have spent this entire weekend in the "total proportion vortex," I know that my opinion is more important than M$'s.

    • Re:say what (Score:5, Insightful)

      by Dachannien ( 617929 ) on Saturday July 23, 2005 @06:49PM (#13146537)
      Indeed. Passport [wikipedia.org] should be proof enough that most Internet users are not interested in an identity layer.

      On the other hand, the Internet is sorely lacking in appropriate identity verification measures for the sorts of e-commerce being done by people who don't grasp the concept of spyware (despite it having a firm grasp on them).

      The problem in this case is, who gets to implement such a standard? The list of laws [identityblog.com] sounds good on paper, but once corporations or governments start trying to implement it, any concept of user privacy goes out the window. And as commercialized as the Internet has become, it's becoming incredibly difficult for benevolent users [wikipedia.org] to set these standards and have them perpetuated without abuse [wikipedia.org] or wanton modification [wikipedia.org].

      • Re:say what (Score:3, Informative)

        by ka9dgx ( 72702 )
        Passport merely proved what we already know, nobody trusts Microsoft for other stuff. We windows users have learned to trust Windows Update, for example. It does not, however, disprove anything.

        In posting your comment, you had to assert an identity Dachannien (617929). We all assert identity all the time when we present a username password pair. We all have a large number of accounts to manage, which is just one set of identity assertions.

        The username/password pair is an identity, usable with one web s

    • Says who? How can something that is inanimate require anything? People create requirements.
      Hear hear! And that is why I have never bought into this "gasoline" thing the auto manufaturers (big corporations) say my car "requires." What a bunch of hogwash! I'll drive my car wherever and whenever I please, thank you very much, without all this other crap they want to sell me.
  • by beacher ( 82033 ) on Saturday July 23, 2005 @06:34PM (#13146474) Homepage
    Go to the Laws of Identity [identityblog.com] link, select browser version of the document...

    Not Found Very apropriate..... heheheheh

  • One step closer... (Score:5, Interesting)

    by jmcmunn ( 307798 ) on Saturday July 23, 2005 @06:35PM (#13146480)

    This just makes me feel like I am one step closer to the personalized advertising (think minority report?) where every site I visit is bombarding me personally (instead of anonymously) with ads for stuff I recently looked at or purchased.

    If I know who I am connected to, we're only a step away from advertisers and companies knowing who is connected to them.

    I don't see scams online being any worse than over the phone or anything else. I could get a call from some random person and see "out of area" on my caller id, and they could try to sell me some product, eventually acquiring my credit card number, or some other personal information. It's no less anonymous than online really, IMHO.
    • "where every site I visit is bombarding me personally (instead of anonymously) with ads for stuff I recently looked at or purchased." Been to amazon in the past couple years?????
    • Other way around (Score:4, Interesting)

      by pHatidic ( 163975 ) on Saturday July 23, 2005 @07:00PM (#13146586)
      Identity is used to protect your privacy, not to violate it. Currently, the only way your bank can know who you are is to record your name, Date of Birth, SSN, mother's maiden name, phone number, address, etc. However none of this is needed at all, the only thing that your bank needs to know is that the same person who put the money in is the same as the person who is taking it out. If we had an identity system, this would be possible. Instead of needing to enter in 20+ personal identifiers about yourself, there would be just one number and none of your other personal info would be needed.


      So really your feeling of your lack privacy loss comes from not having enough identity, and not the other way around.

      • I agree with you that this idea could be used to improve privacy, but I think your example is unfortunate: lawful authorities are always going to want to confirm who money in a bank account belongs to for legitimate reasons, such as to validate a tax return or to enforce a court order for damages. Hence it's likely that in your particular example, real world identity would be required.

        • True, but then the bank can just store your number and then the government can store who that number corresponds to. That way the government can do what it has to, and the bank and other private companies are unable to store your personal information to spammers.
          • This imposes a large burden on government, though: to avoid your bank ever seeing your information, or linking you with anything other than the bank's own activities, the government would have to issue separate identity numbers with verified real world identities for every service that any citizen signed up to where government access might also be required. Now you've got a single point of failure, which is one of the big dangers of a system like this.

            • Now you've got a single point of failure, which is one of the big dangers of a system like this.

              Actually, that was just an example. In reality we will more likely have identity brokers that we trust with our information, and we will tell them who gets to see what. For example, see 2idi [2idi.com]. Also, it is important to remember that we won't have just one identity but MANY identities which will each be used in their appropriate contexts. For example a financial identity, a personal identity, a business identity,

      • That should be correct, but it isn't.

        "Identity" means "being you." "Privacy" means that information about you is unavailable to others. If everyone played nice, then sufficient identity would guarantee privacy. Unfortunately, commercial interests encourage others to share my info with the unwashed masses of retailers.

        I'm still me, and I've never been confused with anyone else, so I have plenty of identity ... but no privacy.

        • by pHatidic ( 163975 )
          Correct, although I stand by my original statement. Any identity system will be strictly voluntary, and it will only work if it gives you more privacy and not less.

          Secondly, a lot of times people confuse privacy with power. For example, if my personally identifying information is leaked by a company then this is more of a power issue than a privacy one. Big companies are able to harass me, but I'm not able to harass them back proportionately. I actually publish all my personal info on my website, but when

    • Personalized Advertising...

      Too bad that does not mean that if I throw away enough "Get 'Drogs' from us" or "Mr Umbootoo Rabboonni want to share billions of $$$ with you" or "You w.ant our 2.nd mort.gage" ads that I stop getting them.
  • Tell me, Microsoft, what good is identity... when you cannot find your own web pages?

    Browser report is 404 Not Found. Doh!

  • by poopooboi ( 829906 ) on Saturday July 23, 2005 @06:41PM (#13146500)
    This is philosobabble bullshit. Most people at MSN couldn't even figure out how to integrate passport into the internal apps correctly (i.e. without trouble on the client side a lot of the time).

    That's the problem. It was shit. Shit doesn't shine in any context. I'm still listening, but my impression so far is that of a pseudointellectual who needs a reality check.
    • Passport failed because it was shit, and everyone knows it... so what to do when you're playing worlddomination on the Internet and have just failed? You send the whole thing to marketing, which relabels it and adds stuff about openness and how everyone can join in, and then you just keep on doing what you did before...
      • The key to ANY identity system is the central identify repository. That's the box that holds the criteria to prove that you are you.

        Who will trust Microsoft to maintain that?

        Who will trust Microsoft to SECURE that? Including the implementations and protocols used to access it.

        As you say, Microsoft wants an early lock-in on something that they still haven't convinced people they really need.

        An "identity" system means a single point to attack to get EVERYONE'S identify (everyone who has joined it).

        And it
  • Is that seven laws or seven words of identity?
  • by Anonymous Coward on Saturday July 23, 2005 @06:48PM (#13146534)
    What ever happed to being a good'ole programmer? Or if you really stuck with it, you'd be a senior programmer.

    All this architect shit is just a bunch of marketing crap that is foisted on folks in lieu of salary.

    I don't know about Microsoft, but at Bank of America, when the "architects" join the conference calls, that's my cue that it's about to get thick and smelly.
  • Please. Stop. (Score:4, Interesting)

    by Anonymous Coward on Saturday July 23, 2005 @06:51PM (#13146543)
    Ugh. What a pretentious pile of horse hockey. Here are the shills of Microsoft, attempting to co-opt your data once again, by creating pseudo-intellectual "Laws of Identity". What a laugh. Why don't they fix their stupid insecure OS instead? Because they can't. It's beyond fixable. So now they seek to redefine identity in the virtual space so they can claim the high road in secure transactions.

    Please. Stop. You are hurting people. You are the problem, and you should please cease and desist, and go away. I am fine with my identity, and the rights therof under the laws of my land. If you were actually LIABLE for your crappy software, then you wouldn't have the time to create this faux intellectual crap. Just because you lable it a law does not make it so....
    • Yes, please stop! (Score:4, Insightful)

      by Anonymous Brave Guy ( 457657 ) on Saturday July 23, 2005 @07:05PM (#13146607)

      This isn't from Microsoft PR, it's from one of their research groups, who are generally very clever people looking at technologies that might be used some way into the future. This isn't the next MS Passport, or something they'll put as bullet point on Longhorn/Vista/whatever it's called today.

      It's fascinating that the parent AC supports the law of their land, and wants Microsoft to be held liable for their "crappy software". At the same time, the parent AC obviously opposes these ideas, which might mean many people who abuse the Internet's anonymity to break those same laws could be held liable for their actions, or be denied the ability to perform those actions in the first place if they didn't wish to accept that liability. That position is logically inconsistent...

  • I wanted to get these in the original but I couldn't really fit them. First, check out Robert Scoble's [weblogs.com] home page. He is the guy who did the interview. Secondly, check out this pic [boingboing.net] posted on BoingBoing the other day that looks suspiciously similar to Kim.

    Anyway this is an important issue so I highly recommend that people RTFA on this one. Basically, what it comes down to is that identity services should follow the same rules as your local S&M club: Sane, Safe, and Consensual.

    • One more thing (Score:5, Interesting)

      by pHatidic ( 163975 ) on Saturday July 23, 2005 @07:03PM (#13146595)
      This was my original post. Zonk changed it to make it more anti-Microsoft:

      "Something strange is a brewin' at Microsoft these days. To see what I mean, check out this video interview [msdn.com] with Kim Cameron [identityblog.com], Microsoft's Architect of Identity, about Kim's now famous now famous Laws of Identity [identityblog.com]. Personally, I was so schocked to see Micrsoft come down this hard on the side of open standards and corporate responsibility that I almost choked on my tinfoil hat. Is this the beginning of a new Microsoft? But more importantly, now is the time to start an open and ongoing discussion about the future of digital identity. Is Kim's vision [identityblog.com] something the Slashdot community could get behind?"

      • Re:One more thing (Score:2, Interesting)

        by Anonymous Coward
        Zonk misquoted you. It says you wrote what he quotes, but you assert you wrote something else. That is just sad. Changing a submission to a more anti-X point of view is one thing, misquoting someone so that it appears he/she wrote that anti-X point of view is another. Sad, sad, sad. This blog is just that. A bunch of zealots with dogmatic views. Microsoft sucks. Apple and Google rocks. Sad. For the record, this Anonymous Coward 'dislikes' both Microsoft (and Google) and although i haven't read the PDF yet t
      • Re:One more thing (Score:2, Interesting)

        by InfoCynic ( 71942 )
        Slashdot editors are anti-Microsoft? Sheesh, next thing you know they'll be telling me that Linux is some sort of superior operating system or something...
      • Re:One more thing (Score:3, Interesting)

        by Trogre ( 513942 )
        Zonk changed it to make it more anti-Microsoft

        Which is surprising, given that Zonk is a suspected XBox (and therefore Microsoft) shill.

  • by Anonymous Brave Guy ( 457657 ) on Saturday July 23, 2005 @06:57PM (#13146575)

    Having skimmed the article (the PDF works fine for all you 404 moaners...) it seems to make a lot of reasonable arguments. The title isn't entirely clear: we're basically talking about prerequisites for an effective identity framework to exist. In this respect, it's good to be up-front in acknowledging principles like the first law:

    Technical identity systems must only reveal information identifying a user with the user's consent.

    Any hint of subterfuge will immediately harm any information-based system's credibility, so we might as well start by ruling out the most serious form.

    I also like the claim-based approach. A claim needn't be "I am John Doe of 16 Some Street, Someville." It can be much more general, e.g., "I am a member of Group X, and therefore entitled to access Service Y." I think this sort of framework is far more likely to gain user acceptance and trust, and with good reason. The author clearly realises this as well; the second law is:

    The solution which discloses the least amount of identifying information and best limits its use is the most stable long term solution.

    All in all, given my stated views about complete anonymity on the Internet, this sort of research seems like useful progress, and a better compromise and basis for further research than much that I've seen before.

    • Having skimmed the article (the PDF works fine for all you 404 moaners...) it seems to make a lot of reasonable arguments.

      Yes, it seems to, until you start thinking about them.

      Any hint of subterfuge will immediately harm any information-based system's credibility, so we might as well start by ruling out the most serious form.

      Why? Isn't it understood that there will be websites out there that will use subterfuge in an attempt to get identity data from the system?

      I also like the claim-based approach

      • Isn't it understood that there will be websites out there that will use subterfuge in an attempt to get identity data from the system?

        Of course it is. But how is an untrustworthy web site going to convince you that it's really your bank when your browser pops up a flashing red warning sign all over your screen the the claimed identity can't be verified the instant you visit it? The identity concept cuts both ways.

        But they system would have to also know that you're "John Doe" as well as that "John

        • Of course it is. But how is an untrustworthy web site going to convince you that it's really your bank when your browser pops up a flashing red warning sign all over your screen the the claimed identity can't be verified the instant you visit it?

          No. That is a function of the browser and how it displays the name/address of the site. That has been covered before.

          If the browser allows the site to hide the actual address and display a different one, then the identify authentication method has been circumve

          • I'm not quite sure what you think the article was proposing, but obviously we've read it different ways. My understanding was that the article wasn't proposing concrete measures, but rather a set of constraints that any concrete measure will probably have to satisfy in order to become successful.

            As for Slashdot, please don't put words into my fingers. I didn't say Slashdot's approach was universally good; in fact, I specifically noted that it was possible for someone to fake being me by grabbing my passwo

            • From the article I keep telling you to read:

              As peoples' use of the web broadens, so does their exposure to these workarounds. Though no one is to blame, the result is pernicious.

              Look up what "pernicious" means.

              As for Slashdot, please don't put words into my fingers. I didn't say Slashdot's approach was universally good; in fact, I specifically noted that it was possible for someone to fake being me by grabbing my password.

              Again, the article refers to the current situation (which includes /.) as "pe

              • What if you went to a financial site you belonged to, and it was going to redirect you to another company for a particular service.

                Then I would drop that business because of their non-existant security model.

                OK, so let me get this straight. You won't do business with an online company that delegates some of its business functions to another business, because to you that means it has "a non-existant security model." And at the same time, here you are arguing against the security model.

                Let me giv

  • by ShatteredDream ( 636520 ) on Saturday July 23, 2005 @07:08PM (#13146624) Homepage

    Given the fact that the TSA just got caught trying to continue TIA [blindmindseye.com], I think that this is the last thing we need. It starts out very innocently. The industry adds something like this and pretty soon we have followup laws that begin to gradually force software to make full use of any sort of identity layer. Anonymity becomes nearly impossible, and for many countries that means that the Internet loses its alleged immunity to censorship.

    One of the things that disturbs me about this sort of thing is that extreme rendition can work both ways. The Syrian government might want their back scratched for a change and Uncle Sam then turns over a few names held on US soil using USA PATRIOT Act powers to secret get the information. If our government is willing to ship people to get tortured, what makes anyone think that it's not immoral enough to scratch another, more abusive government's back a little by helping them clamp down on dissent?

    Biometric information tied to your credit card would go a very long way toward solving many of these crimes. What we need are open standards for communicating and storing biometrics information. I should be able to look into a webcam with a retina scanner and it should be able to tell Amazon.com that I'm the person who owns the credit card being used. The problem with this system is that it'll end up making something like TIA more realistic because it'll be accompanied by laws that force software developers to make good use of it.

    • Every invention can be used for either good or evil. Furthermore, all technology branches. That is, since technology is built on other technology, each new invention can be used as a building block for new inventions that are either good or evil.

      The problem with your statement though is that it applies to everything. By the same logic, we shouldn't put seatbelts in cars because people might drive faster. And we shouldn't give children vaccinations because it encourages them to not wash their hands before d

  • by dr_labrat ( 15478 ) <spooner@nOSPam.gmail.com> on Saturday July 23, 2005 @07:09PM (#13146629) Homepage
    You are nobody...

    (unless you are in my phonebook)
  • For those having a hard time getting to the PDF, here are the 7 Rules of Identity according to Kim. I've removed the text for brevity. 1. User Control and Consent: Technical identity systems must only reveal information identifying a user with the user's consent. 2. Minimal Disclosure for a Constrained Use: The solution which discloses the least amount of identifying information and best limits its use is the most stable long term solution. 3. Justifiable Parties: Digital identity systems must be design
    • I'm not sure why anyone would be shocked. Many of the Liberty ideas were similar, as was Passport.

      The issue is not that nobody has ever thought of these things. This is pretty much old hat. The thing is, big business keeps itching for a way to get people to store their data in a central location, then log in from application to application without re-authenticating.

      This idea would be a boon to businesses, but in practical application, it only works on small networks. It's not the technology. It's that peo
    • Sorry for the above crappy formatting.

      For those having a hard time getting to the PDF, here are the 7 Rules of Identity according to Kim. I've removed the text for brevity.

      1. User Control and Consent: Technical identity systems must only reveal information identifying a user with the user's consent.

      2. Minimal Disclosure for a Constrained Use: The solution which discloses the least amount of identifying information and best limits its use is the most stable long term solution.

      3. Justifiable Parties: Digi
  • You mean there's more than one? I thought it was just x = x . . .

    On another note, a system of identity on the internet is a good idea as outlined in TFA, but I think that Microsoft's approach---undoubtedly, to hold all of the information in one central repository, probably controlled by itself, and just be expected to be on its best behavior and not take a peek for marketing or other reasons---isn't the correct one. If there's a system of persistent identity, it'll need to be decentralized, and it'll nee

  • A simple answer... (Score:2, Informative)

    by Afecks ( 899057 )
    If you want to hide your identity online, just use Tor [eff.org]
  • Load of Fluff (Score:4, Insightful)

    by putko ( 753330 ) on Saturday July 23, 2005 @07:38PM (#13146771) Homepage Journal
    When I see things like: We need a unifying identity metasystem that can protect applications from the internal complexities of specific implementations and allow digital identity to become loosely coupled. This metasystem is in effect a system of systems that exposes a unified interface much like a device driver or network socket does.

    I think, "why is it a metasystem?"

    Isn't it just a "system"? If I compose some systems, I just have a bigger system, right? I thought a "metasystem" was something different -- e.g. a system of rules for analyzing or processing systems (like a metaprogram -- a program that processes programs).

    When I see people using words like "metasystem", but without using some sort of formal definitions or formal notation (aka "math"), I get a bit nervous, because it starts to sound like a bunch of marketroid speak. Then I figure it is a pile of shit, being built by a bunch of shitheads (who want to sound important by using fancy made up words), and I don't pay any attention.

    And maybe a few years later I read about its total failure.
  • Ontologies (Score:3, Interesting)

    by Tetravus ( 79831 ) on Saturday July 23, 2005 @07:49PM (#13146816) Homepage
    It sounds like Microsoft has learned about ontologies [wikipedia.org], you know those things that we're going to use to build the semantic web [w3.org]. Now they're trying to build an identity ontology to allow software agents to act on your behalf. I'd prefer to see something based on authorization rather than identification but MS doesn't work along those lines. I looked at the 'Laws of Identity' page and the blog it's sourced from, but didn't watch the vid... so consume this comment with some skepticism.
  • by mechsoph ( 716782 ) on Saturday July 23, 2005 @08:37PM (#13146986)
    What is so hard about this? I sign this email, you know it's from me. I sign X-Random piece of data, you know it's from me. You send me a challenge, I sign it, and you know I'm on the other end.

    There are nice email frontends for PGP, and the web of trust makes damn good sense. It's flexible, and it makes sure that nobody's got you by the balls.

    This sounds like MS trying to reinvent something that's already working just fine, and making it horribly complicated and broken.
  • Golden Rule (Score:3, Interesting)

    by Doc Ruby ( 173196 ) on Saturday July 23, 2005 @09:01PM (#13147058) Homepage Journal
    Rule #1: MS Passport is the only choice for identity management.
  • Based on the Report, the *only* contribution Kim has succeeded in delineating are the assumptions behind Corporate suscription based frameworks.

    There is nothing here that provides any layer of protection for the construction of an online identity. None of this contributes to the level of identity assurance to enable voting online.
  • I thought I would be seeing laws like laws of Physics, but these are morals with privacy as the overriding concern.
  • The ideas presented here were extensively refined here in the Blogosphere in a wide-ranging conversation that crossed many of the conventional faultlines of the computer industry.

    That sounds more an obituary than something to get excited about.

    It would be a bit more compelling if the ideas could be traced back to some theoretical basis (where's Butler Lampson's name? Mike Schroeder? C'mon, these guys work for MSR), the discussion was focussed instead of "wide-ranging", and took place anywhere oth

  • My name is my passport... Verify me.
  • I've worked with Novell's Identity Manager and DirXML for several years now, as well as their eDirectory and several other directories. They have a lot of good back-end identity technology that's tried and true. The product set is aimed at corporate customers, but the technology is in place and probably viable for much larger-scale implementations. With the next eDirectory release, you can have two trees and IDM drivers on the same server, so you can sync trees without ever hitting the network. Am I the
  • As an interested party in the online identity world and very aware of Microsoft's role in it, I have met with Kim Cameron several times with respect to his Seven Laws and Microsoft's imminent InfoCard [identityblog.com] identity system that he is sheparding. Kim is a great guy - very sincere - but is but one tornado in a company of a thousand tornados [craigburton.com]. So I wrote an addendum, Four More "Laws of Identity" [fen.net] that addresses some of my concerns. (Kim said he enjoyed reading them and would comment after Digital ID World, but as y
  • Tor [eff.org] for all you tinfoil hat types. M$ will never get through that.
  • by TrashGod ( 752833 ) on Saturday July 23, 2005 @11:48PM (#13147673) Journal
    "...the identity layer it so obviously requires."

    I could have sworn it said "the idenitiy lawyer it so obviously requires."

    Sounds about right.
  • Law Eight (Score:4, Insightful)

    by Alsee ( 515537 ) on Sunday July 24, 2005 @01:30AM (#13148075) Homepage
    The Eighth Law is that people have a right to know their own keys.

    I want my key!
    NO KEY, NO SALE!


    If a computer comes with a boobytrapped self destructing chip that forbids you to know your own key and keeps secrets from you and restricts your ability to control your own computer then refuse to accept it.

    The "seven laws of identity" are just a public relations gimmic to help sell the well documented Trusted Computing system. Microsoft's own website [microsoft.com] documents that the Security Support Component of their upcoming operating system release *is* the Trusted Computing Group's Trusted Platform Module, and the Trusted Computing Group's technical specifications cover the identity system in detail. I have read this documentation, hundreds of pages of technical specifications.

    Step one is that the system only works if you have an approved and compliant TPM chip. The TPM chip contains a secret key that you are forbidden to know, and the chip is boobytrapped to nuke itself if you attempt to read out your key or alter the system. Step two is that the chip can then cryptocgraphically identify itself to other computers over the internet. Step three is that the chip can then tell other people exactly what software you are running, and that the system only works if you are running compliant and approved software. Step four is that people can then send encrypted data and keys to your chip, and you are prohibited from reading or altering the data or keys sent to you. The chip keeps the keys and data secret and secure against the owner. The chip can then send messages and attest to your "identity" and that it has control over the system and that you cannot do anything they do not want you to be able to do. That you cannot lie about your identity or your "capabilities" to read or alter your own data. Note that this is a really bizzare use of the word "capabilities". This is that you and your computer have the "capability" to deny you the ability to read or alter your own data.

    If you try to run unapproved software, or if you attempt to alter your software or data in any way, then the chip denies you access to read or modify your own files, and the chip reveals in internet communications that you have an invalid identity and that the internet communication can be refused.

    If we include the Eighth Law, that people have a right to know their own keys, then everything is fine and dandy. If you are allowed to know your own keys then your computer can keep no secrets against you and truely own and control your computer. So long as you are allowed to know your own key you cannot be locked in or locked out. So long as they refuse the Eighth Law, so long as this is just a front for Trusted Computing, then this is to be rejected in the strongest terms possible.

    I want my key!
    NO KEY, NO SALE!


    -
  • Two other posters prefer 1) an authorization rather than identification based approach, and 2) maintenance of walls between i.e. their bank and their doctor. Well credit card and insurance companies make this a bit messy but I digress.

    It seems to me both posters are completely correct in capturing the general attitudes everyday people have about this sort of thing, or would have if it was translated into a verbal explanation of what somebody was offering to do for you ("I'll make it so you can just check a box and your bank and doctor will be able to talk to each other").

    My first analysis of the rules was that it boiled down to an essential conflict between "Do as little evil as possible" and "We must do some evil".

    This tension is artificial and derives from the author's treatment of an assertion (that globally verifiable identity between meatspace and cyberspace is necessary) as equivalent to a philosophical or religious law, or at least a position of unanimous agreement. This position is not only false, but also makes the author suspect of ulterior motives considering his employer, notwithstanding the list of authors provided (which is what kept me reading to a point).

    However if one wishes to create a viable business system on the net that reflects the (putative) sovereign status of a human being over his or her own person, the architecture should work differently.

    In particular, open standards, one-way only authorization hashes, and user-initiated transactions rather than corporate-initiated transactions, would seem to be more appropriate.

    As an example consider that one's social security number is both very insecure and very important to an individual. Same for a credit card number. Having a database which obviously links an individual's real world identity to such a number, and making the database available through an imperfect system to a virtually unlimited number of agents with their own motives, means that as time goes on the probability of one's identity being publically divulged approaches 1.

    On the other hand, if you personally create a data structure (say an xml file) using an open standard (say for insurance claims) and encrypt it in such a way that part is only readable by one person on a given insurance company's staff, and further encrypt it so that only your doctor and yourself can see the other bits, well that sounds like an authorization based approach and I would have far less to worry about that. It would certainly make the FBI's job a bit harder but they can always get a court order to make the insurance agent and doctor talk, if it's that important.

    My point is that the author's strategy is fatally contaminated by his employment by Microsoft. There are other logical constructs one could make to guide system development, for example one could try to make the net more anonymous and more user-centric, and place stronger legal liability on the corporate entities that use, store and transmit the data. Individuals are empowered to use the system as a homeowner uses his telephone and the circuit created for a call.

    It is not necessary to do evil at all. The only people who think so are those who have been trained to see people as objects instead of seeing them as the kings of inviolate kingdoms whom the system must serve with sincerity and humility.

    The paper makes some good points but I submit that the general agreement that identity is needed online which the author suggests exists, does not in fact exist. People need to be able to trust companies they buy things from, and assurance that they are not "fly by night" operations, i.e. that you can call the better business bureau or the police on them, is what makes commerce possible. That, or just paying cash. I think the author needs to get back to the concrete reality of just how our economy currently works, so long as he is getting around to making suggestions about underlying infrastructure, and think about whether or not people really want this kind of thing.

Like punning, programming is a play on words.

Working...