Thursday, May 26, 2005, 9:26 AM

One Level of Indirection

A claim I heard a while ago is that every problem in computer science can be solved by adding a level of indirection.

Upon a closer reading of Stephen DownesAuthentication and Identification, I realized he gets into a bit of a spot with his approach, and has to redefine what most of us would accept as authentication to self-identification...
It is common at this juncture to confuse an identity claim with authentication. For example, the presentation of a bank card (a token) to a bank machine, combined with an assertion (the keying of a PIN), is often taken to constitute a type of authentication. However, it is not; it is nothing more than the claim to be a certain person.
Many of us would rather refer to the above process as the authentication of the account holder’s identity to the bank machine with a bank card (what you have) and the PIN (what you know), as opposed to self-identification of the account holder to the bank machine.

Because Downes does not separate an entity from its identity (or identities), authenticating an identity is equivalent to self-identification of an entity. So, to Downes, if you authenticate an identity (or self-identify, in his terminology), you lose any control and privacy—hence the need to (somewhat awkwardly) differentiate self-identification from authentication. The point I made in an earlier post (Strong Identities Can Be Anonymous) is that an entity does not have to be bound to its identity. This level of indirection allows for anonymous identities, and addresses most of the privacy and control concerns Downes raises in his article.

Update (November 12, 2007)
Joe Long tells me it was Jim Grey who said that any programming problem can be solved by adding one level of indirection and that any performance problem can be solved by removing one level of indirection. (I should do some research on this.)

Tuesday, May 24, 2005, 5:06 PM

Jot Down Your Passwords?

Noted. Munir Kotadia reported that Microsoft security guru: Jot down your passwords. Has it really come to this? A choice between writing down secrets or having easily guessable ones? I guess so. See also: Passwords: the Weakest Link?.

Monday, May 23, 2005, 3:21 PM

The Life and Limb Problem

I had earlier written about the three problems with using biometrics as authenticators:
  • The Technology Problem
  • The Social Acceptability Problem
  • The Clonability Problem
I'm adding one more:
  • The Life and Limb Problem
This problem with biometrics became clear to me with a report by Jonathan Kent, Malaysia car thieves steal finger, on the BBC News. The problem with some (not all) biometric metrics is that we are measuring some aspect of a body part that is not (painlessly) detachable from the rest of the body. When identity theft is to be commited on systems with biometric locks, physical violence is a very real and possibly easiest option for the criminals.

Wednesday, May 18, 2005, 10:41 AM

Why I'm Passionate About Digital Identity

I drafted this piece a while ago in response to Johannes Ernst’s post Where have all the visionaries gone?. Initially, I thought it was a bit over-the-top for this blog; but upon reflection, touchy-feely might be just what we need...

The future I see is a world of real choices. Every possible “thing” can be connected to every other “thing”. Things organize to help us live more simply, if we choose. Or we can choose to observe the full complexities of a fully wireless, connected world that we can barely imaging today. Just like the forest – we can see it as an elegant entity, or a very complex ecosystem.

But yet we maintain a level of privacy greater than most of us know today. (None of these blunt identity devices like RFID’s in passports.)

The descendants of AI agents (that we used to tinker with in grad schools) help us to manage just about every aspect of our lives from our calendars, to our groceries, to our health, to our social lives... if we choose. And these are our agents, if we choose – or perhaps Google might provide them to us in exchange for being able to study our habits – and again, it is our choice.

Things that are potentially criminal cannot be carried out with anonymous identity, so crime is low. Things that are harmless to others can be carried out with full anonymity. (Yes, I realize the interesting debates, as always, will be around what should be criminal.)

My ideal future fuses the utopia of security, privacy, and choice. As a society, the trade-offs we make between security and freedom are real ones, not Hobson’s choices; and as individuals, we have the freedom to choose which society we want to live in.

The required work week is tending towards zero (because machines keep improving productivity), but we soldier on because we have hopes that go beyond survival and our current state of existence.

(And, oh yes, no hunger, wars, plagues.)

But, today, we don’t yet have the constructs to support this connected world. Our identity systems today are grossly inadequate. And identity systems need to be at the core of this future world. So, we think, we design, we build, we write. Hopefully, some of the efforts of our digital identity community ends up in the foundation of that future society. I fully expect so. Call me a dreamer.

DIDW 2005 Links

Noted. There are a number of people who have written events at Digital Identity World 2005 last week. I thought it would be useful to collect them in one place:
Phil BeckerChange Waves and the Digital ID World 2005 Conference
Don BowenMy famous friend, Pat!
Kim CameronJamie on the Asphalt metaphor
Chris CeppiDIDW Notes
Johannes ErnstWhat is Microsoft InfoCard?
Dan FarberMicrosoft's enlightened identity metasystem
Dan FarberDigital identity with a capital 'I'
Dan FarberConverging federation standards?
Steve GillmorSomething in the Air
Timothy GraysonFare thee well DIDW
Kaliya HamlinIdentity Commons and Persistent Digital Identity
Kaliya HamlinDoc's Possy - Identity Gang On Stage
Kaliya HamlinMicrosoft's Presentation @ DIDW
Kaliya HamlinDick on Identity 2.0
Kaliya HamlinIdentity Gang Meeting - links and last 1/2 summary
Chris JablonskiJamie Lewis on the future of identity management
Scott MaceDIDW 2005: Kim Cameron's 7 laws of identity
Drummond ReedKey talks at DIDW 2005
Tom SandersMicrosoft calls for online identity overhaul
Doc SearlsDIDW retrospectives (MORE LINKS HERE!)
Silicon Valley SleuthMicrosoft: your new best friend for online identities
James van KesselClosing Session - Summing It Up, Doc Searls (Linux Journal)!1pqEVRpKSYYbjvBgwmt75xIg!132.entry
Mark WahlDigital ID World 2005, day 1
Mark WahlDigital ID World 2005, day 2
There is also a collection of the presentations at

Monday, May 16, 2005, 3:52 PM

More on InfoCards

Noted. Last week, Digital Identity World was a hot place for revelations on Microsoft's/Kim's InfoCard. Here are a few links to articles and postings:

Phil BeckerMicrosoft Leaks Identity - Is Info Cards a Good Thing?
Kim CameronSteve Gillmore; John Fontana on the Identity Metasystem; 'Enlightened' Identity Metasystem
Kim CameronFast Forward to InfoCards
Mark G. DixonPutting Rubber on the Identity Management Road
Johannes ErnstWhat is Microsoft InfoCard?
Joris EversMicrosoft to flash Windows ID cards
Dan FarberMicrosoft's enlightened identity metasystem
John FontanaMicrosoft sells ID mgmt. plan
Steve GillmoreSomething in the Air
Dave KearnsInfoCard Info
Hubert Le Van GongMicrosoft's InfoCard
MicrosoftMicrosoft's Vision for an Identity Metasystem
Mike RowehlInfoCard

And here's an old post of mine:

Thursday, May 12, 2005, 1:10 PM

Grayson's Observations on Themes in Identity

Noted. Tim Grayson continues to make good observations on digital identity. In Themes in Identity (or at least at Digital Identity World), Tim observes that the following themes:
o Long Tail -- the fact that there are lots of products that have low sales volume, but it could be profitable to target these segments.
o Emergence -- properties that evolve out of complex adaptive systems.
o Identity Vetting -- binding of identities to entities (typically a human).
o Loosely Coupled Systems -- as in David Weinberger's Small Pieces Loosely Joined.
were highlighted at DIDW. I would add the following ideas:
o Distributed Systems -- implied by Loosely coupled systems.
o End-Point Security -- how there is a realization in the market that every device needs to be locked down with strong identity. (See Evolution to Self-Secured Nodes.)
o Bottoms-Up -- building up global directories from pieces at the end-user or subdirectories.
o Metasystems -- a system that will give a global view of any significant set of identities will be a metasystem.
o Tipping point -- centers around the discussion of what it'll take for the next generation of digital identity to become the dominant system.
Update (May 12, 2005):
Tim had more to say in DIDW theme update:
o Liability -- i.e. people are starting to realize the that federation is not just a technology issue. See Federation Won't Mean World Peace.
o Enterprise vs Social Identity -- realization that businesses and social circles need very different privacy needs. I wrote about this in Information Dogma.
o Rising Out of the Weeds -- convergence on understanding on scope of the problem.

Wednesday, May 11, 2005, 11:24 PM

Wahl on Repurposable Identity Systems

Noted. Mark Wahl wrote on Repurposable identity management systems (part 1) and (part 2). Some good thinking on what identity systems should look like.

Monday, May 09, 2005, 11:10 PM

The Identity Gang

Managed to squeeze in some time to be at the Hyatt Regency in San Francisco to join the Identity Gang in a pre-Digital Identity World Conference get-together. Glad I did. It was a four hour gathering that drifted from Kim's work on claims-based universal identity metasystems, to privacy issues, to usability, to policy presentation, to whether we should start a conference of sorts for the Identity Gang. (The list of attendees is in

I'm glad I went because I got to meet a number of people who I only know via blogs I've read.

But, more importantly, I discovered that I'm in good company in thinking that, at least technologically, this digital identity endeavor is one of the biggest thing that is not just going to affect many of our future digital systems, and will also be the basis of many of our future social constructs. It is important to get it as close to right as possible because so much (our privacy, our relationship with our government, even our security) will depend on it.

See Also:
o Berkman Center, Identity Gang Meeting Agenda.
o Kim Cameron, Bottoms up identity discussion at DIDW.
o Marc Cantor, ID Gang. (I'm in the picture.)
o Johannes Ernst, Identity Gang Meeting.
o Kayila Hamlin, Identity Gang Meeting - links and last 1/2 summary.
o Dick Hardt, Identity Gang meeting @ DIDW.

Authenticate the Identity, Trust the Entity

I have one additional thought (at least, to date) to add to the conversation Jamie Lewis et al on Trust. We should talk about authenticating (or assuring) identities and trusting entities. Identities are conceptual constructs. (See Xageroth's What is Identity?). One of the reasons I feel uncomfortable about using the word trust with an identity as the object is that it is difficult for me to have an emotional attachment to a conceptual construct. I might trust the entity that the identity represents because it is a human being. If authentication of the identity is done right, I might be comfortable with the strength of the identity; but, to paraphrase Xageroth, saying that I trust an identity, is like saying I trust liquidity or gravity.

Update (May 11, 2005):
I love the blogosphere! One slip of the mind, and others catch it. Xageroth pointed out that all we ever really trust are conceptual constructs (if we get philosophical). I agree. I need to pick my words/concepts more clearly. Let me rephrase the following ...
Identities are conceptual constructs. One of the reasons I feel uncomfortable about using the word trust with an identity as the object is that it is difficult for me to have an emotional attachment to a conceptual construct.
I should have avoided using the term "conceptual construct" -- everything's a conceptual construct -- so, obviously, there are some conceptual constructs that I trust (i.e. entities). I should have said something like
Identities are like name tags or telephone numbers. I might trust the people who issued the name tags or the phone numbers (identity providers); I might trust that when I dial the phone number that it will ring the right phone (strength of authentication); and, I might also trust the person I'm talking to with the name tag or at the other end of the phone -- but, it doesn't make much sense for me to say that I trust the name tag or the telephone number.
Hope that makes it clearer... Maybe the term I'm looking for is inanimate object... It doesn't make sense to trust an inanimate object. An identity is akin to an inanimate object.

PS. I don't mean to nitpick here, but I don't think of Yoda as an identity. I think of Yoda as an entity. (I think that even works from an English symantics point of view.)

Thursday, May 05, 2005, 2:05 PM

Drummond's Corollaries for Identifiers

Noted. Drummond Reed has been writing on corollaries to Kim Cameron's Laws of Identity. The corollaries are targeted at identifiers (instead of identities). Here's what he's done so far:

o First Corollary of Identifiers (
o Mark Baker on the First Corollary (
o The Second Corollary of Identifiers (
o Andy Dale on the Second Corollary (
o The Third Corollary of Identifiers (
o The Fourth Corollary of Identifiers (

Wednesday, May 04, 2005, 11:20 AM

Authentication vs Identification

Noted. For some reason, there's been an unusually large amount of deep thinking around identity the last few days. Stephen Downes wrote an article on Authentication and Identification ( I added his definitions of authentication and identification to my glossary.

Update (May 6, 2005):
o Johannes Ernst responded with Resistance is useless: there is no point in authentication systems (according to Stephen Downes).
o Xageroth Sekarius added: Stephen's mIDm.

Identity vs Identifiers

Xageroth Sekarius did some deep thinking in What is Identity?. The observation that I thought was especially pertinent was that:
... identity is actually not something you can store in a database. ... Identity is a logical construction we need for individuality. ... you can't truly store identity in a database. It would be equivalent to storing liquidity or gravity in a database as opposed to the language to describe liquidity or gravity.
Therein lies the difference between identity and identifiers. Identity is "concept of individuality", while identitifers are data sets that signify identities.

Thanks, Xageroth!

o Xageroth also wrote The Identity Dilemma and then The Identity Solution? in April.

Tuesday, May 03, 2005, 10:50 PM

Jamie Lewis et al on Trust

Jamie Lewis wrote Thinking Out Loud About Trust, Part I yesterday and kicked off a bunch of postings from Dave Kearns (Trust-busting), Kim Cameron (A thread you should follow), and Phil Windley (Doing Away with Trust)... and I'm sure there's more to come.

I agree with Dave's sentiment that the trust is often used because of marketing reasons. I also agree with the notion that trust is often thrown around too easily when describing technical systems. However, my reason for agreeing is rather simple... trust is primarily an emotion. (See Trust is an Emotion.)

Here's how I define trust in the context of digital systems:

Trust is an evaluation, by an entity, of the reliablity of an identity when the identity is involved in interactions. The level of trust is typically based on the technical strength of the identity, but it also includes the evaluating entity's subjective considerations (e.g. feelings) of the reliability of the entity the identity represents. Trust is at least partially transitive (as in the case of notaries).
If you agree with my definition, it should start to be clear why trust is not a good term to use in a technical discussion. You can have all the technical reasons why there should be trust (e.g. cryptography, assertions, legal agreements, etc.) and still not have trust because the evaluator simply does not have good vibes about the entity in question.

However, trust is still an appropriate term to use in the bigger context of our business and social requirements of digital systems because, ultimately, trust has to be there for business and social interaction to occur.

I'm looking forward to Jamie's Part II.

Update (May 4 & 5, 2005):
o Instead of Part II, Jamie Lewis posted Thinking Out Loud About Trust, Part Ia.
o Dave Kearns responded to Jamie's Part Ia: A trisk-et (a trasket?).
o Jack Kobielus wrote fyi A thread you should follow.
o Eric Nolin wrote Not all of us......
o Peter Davis added Misplaced Trust in the verb "Trust".
o Xageroth Sekarius chimed in with 4 babbled points about human trust.

Update (May 6, 2005):
o Part II is out: Thinking Out Loud About Trust, Part II.
o Dave Kearns has already responded with Precognition?.

Monday, May 02, 2005, 9:49 AM

Four More Laws

Noted. In Four More Laws of Identity, Fen Labalme would add four more laws to Kim Cameron's initial seven laws of identity.
8. Freedom
The entity (often a person) using an online digital identity system must be in total control of their information. This implies that not only the data but also the access protocols and authorization mechanisms must not be encumbered by someone else's (IP) rights, unless such restrictions were previously - and explicitly - agreed to.
9. Decentralization
An identity system should be decentralized.
10. Portability
Bridges must exist - or be straightforward to create - between identity systems so that users are not locked into a single provider.
11. Transparency
There should be a clear and (if desired) visible cause and effect relationship in all identity related transactions.
Fen's conclusion is similar to what Dave Kearns has been highlighting (in Is it time for the personal directory? and The need for a personal directory) -- that some form of personal directories or SuperProfiles are the way to go.