Wednesday, August 30, 2006, 1:50 AM

Anonymity - A Binary Switch?

There's been a slew of postings on the topic of anonymity, so I thought I'd jott down a few of my thoughts too... and collect the links here.

Key Points:
  1. Norlin’s Maxim: Your personal data is shifting from private to public.
  2. What becomes public stays public.
  3. If the default for digital identities is anonymity, it will give the user more control.
  4. The default in most systems is not anonymity.
  5. Anonymity and strong identity should be orthorgonal issues, and can be technically.
  6. Anonymity is not typically supported in most systems, so the stronger your identity, the less anonymous it is.

Binary Switch? Eric Norlin critics Dave Weinberger in that Eric believes that there is a spectrum of choices from anonymous, through a range of pseudonymity, to unanonymous identities. Eric asserts that "... online identity is *not* a binary issue." I wonder. If you believe in "Norlin’s Maxim", then so long as there is some small piece of information that links a pseudonym to the user, sooner or later, a pseudonym identity becomes an unanonymous identity. I believe that anonymity is a binary decision. If your digital identity is not fully anonymous, then it is (or soon will be) unanonymous.

  1. Ben Laurie, Anonymity is the Substrate ( August 24, 2006.
  2. Akma Adam, Plus Ça Change ( August 20, 2006.
  3. David Weinberger, Anonymity as the default, and why digital ID should be a solution, not a platform ( August 16, 2006.
  4. Dave Kearns, Yet more on anonymity ( August 15, 2006.
  5. Eric Norlin, Should the online world reflect the "real" world? ( August 15, 2006.
  6. Bavo De Ridder, Do you really think you are anonymous? ( August 15, 2006.
  7. Kim Cameron, Dave Kearns takes on anonymity ( August 14, 2006.
  8. Dave Kearns, More on Privacy vs Anonymity ( August 14, 2006.
  9. Tom Maddox, Ben Laurie on Anonymity ( August 14, 2006.
  10. Dave Kearns, Anonymity, identity - and privacy ( August 14, 2006.
  11. Kim Cameron, Norlin’s Maxim ( August 12, 2006.
  12. Willliam Beem, Security by Obscurity ( August 10, 2006.
  13. Eric Norlin, Anonymity and identity ( August 10, 2006.
  14. David Weinberger, Transparency and Shadows ( August 8, 2006.
  15. P.T. Ong, Strong Identities Can Be Anonymous ( March 11, 2005.
  16. P.T. Ong, Support for Anonymity ( January 30, 2005.

Monday, August 28, 2006, 10:11 PM

OpenSSO Available

Noted. I was browsing through Pat Patterson's blog and noticed his posting on the release of OpenSSO. OpenSSO source code, released on August 17, 2006, is now available at

The cost of deploying backend-based SSO systems has traditionally not been in the cost of the software itself. Netegrity (now CA) and Oblix (now Oracle) both had technology similar to OpenSSO. The biggest challenge in rolling out these systems is that you had to integrate it to the backend servers, resulting in very slow deployment projects. It also meant that most companies couldn't really achieve Single Sign-On. Hence, the term Reduced Sign-On (RSO) was born.

I'm unclear as to how OpenSSO will affect the industry. What do you think?

Friday, August 04, 2006, 1:46 AM

Recent Articles of Interest

Noted. Haven't had much time to write my own thoughts ... so here are a few of the more interesting articles I've read over the last few months:

The identity silo paradox. Eric Norlin points out the reality that the organizations that have the large identity silos of internet users have very little business incentive to share that information -- i.e. to be identity providers. Bavo De Ridder responds in Is there an identity silo paradox?.

The Long View of Identity. Andy Oram gives a good overview of the major issues surrounding the issue of identity -- I tried to point out the key issues in a mushier way in Painting the Future: Panopticons and Choice.

Top 5 Identity Fallacies [#1] [#2] [#3] [#4] [#5]. Phil Becker writes eloquently about the misunderstandings of options we have when we build digital systems.

Credit Bureau as Identity Provider? Pete Rowley talks about credit bureaus as future identity providers. Similar to my thoughts about how credit card companies could server a similar role.