Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Kim Cameron - Identity Laws

Download

Right click “Save as…”

Kim Cameron has caused quite a stir with his Identity Blog. He came out with a whitepaper called "the Laws of Identity" which has caused quite a bit of conversation.

So, we went over and talked about, what else, identity online. It's important for developers (and companies) to think about.

Tags:

Follow the Discussion

  • Hey Robert - Could you interview someone at MS working on code to make this stuff happen?

    Thanks for the tip on the phone!  Is that the fourth time you've had it on camera?
  • CharlesCharles Welcome Change
    It was fun talking with Vim. Reliable Identity. Now that's u hard problem!
  • MauritsMaurits AKA Matthew van Eerde
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ah... identity confirmed...

    -----BEGIN PGP SIGNATURE-----
    Comment: pub key http://matthew.vaneerde.com/pgp-public-key.asc

    iD8DBQFCzLbfUQQr0VWaglwRAssXAKCtMLQ2XEioQzbG1ihRiZbJx/qwgACg3GTf
    tlWlW5dfc3/QiduD3jyaLH0=
    =N3cQ
    -----END PGP SIGNATURE-----

  • Passport isn't used outside of Microsoft because it was too expensive, and difficult to develop with.

    I really wanted to use it, but these two problems stopped me.

  • rasxrasx Emperor of String.Empty
    Here's a comment for the old school sages in the audience and I mean old school---and I mean sage: The ideals of Kim Cameron will never be acheived as long as egocentric, imperial consciousness is regarded as a 'legitimate' form of human expression. The Kafka thang is irresistible to the imperial mind. It is not about the neo-(I need to watch my language) thing (that is just a homicidal work of art). It is about the neo-stasi thing... For you "normal," "regular" people in the audience. This whole post is silly. You guys keep it real... But I will try anyway: when you call yourself a "regular" person that means you are a regulated and predictable person---you are civilized instead of heroic. This is exactly what any mass market company wants. To easily predict earnings for shareholders, you need to predict the behavior of your customers. Such power of prediction is irresistible. So ya'll keep it real.
  • alexbarnalexbarn alexbarn_on​_right
    I really enjoyed this.

    rasx - I have absolutely no idea what you are talking about.
  • moofishmoofish Living in Scotland, UK
    I liked this guy, even though he seemed to be some kind of indipendent thinker within a company that makes over $100m a day. We all know how MS does that too, so how far can this guy really get with the ethos that the user really is in control.

    If markets at present can be bent to the will of say Wallmart and their RF-ID stratergy then won't the old ideas of 'well get you along with everyone else' prevail anyway?

    I see that this guy is preparred to go for at least 10 years into the project, and only to get the stone rolling. Well I hope something materialises before then, but what? And how will this ID concept compare to what is going to be in Longhorn?
  • John Melville-- MDJohn Melville-- MD Equality Through Technology
    Just a question on a point on the video:

    You said I can eventually "be the same person" on my
    Xp box, my phone, my linux box, my electronic underwear, etc.

    Computer identity at its core has to do with posessing a secret.  I have a key that nobody else has.  The details are just in what do I have to do to prove to you that I actually have the key, and who knows that its my key, and how do they know.

    In order to be "me" on two devices I either have to have the same secret key on two devices or I have to convince you that two separate keys are really the same person.  so you have two choices 1) Have some protocool to transfer my identity to another, arbitrary device, or 2 have some way to say that the same me has two keys.  (I don't thank that manually entering a 512 bit identity key is something my grandma could do.)

    It seems like either of these two possibilities is just rife with social engineering potential if not technical attacks.

    I know a lot of people have thought about this a lot more than me.  Are there easy answers?  what is the current best ideas?
  • MauritsMaurits AKA Matthew van Eerde
    John Melville, MD wrote:
    some way to say that the same me has two keys.


    Write the sentence "I am John Melville, MD" and sign it with both keys.  Extensible to n keys.  Post all signatories on your blog or other public presence point.
  • John Melville-- MDJohn Melville-- MD Equality Through Technology
    Maurits wrote:
    Write the sentence "I am John Melville, MD" and sign it with both keys.  Extensible to n keys.  Post all signatories on your blog or other public presence point.


    Two problems:
       1) Most people don't have a "public presence point," and would not know if a fabricated "public presence" had been made it their name.  This is easily solved by making the "public presence point" a respected keyserver with a good identify verification mechanisim.

         2) The second problem is the point of the post.
    If I let people link 2 keys to the same identity, then a trivial pfishing attack becomes "to avoid loosing your pay-pal account validate the following as your public key."  or "a worm that exploits a hole in windows to validate another key in your name."  If there is only one private key there are relatively cheep (hardware) ways to make it impossible for even a worm to discover it.  (Although I worm could use your key, it couldn't steal it by registering another identity in your name.)

    So if I let one identity have multiple keys then I open up a huge attack surface to both social and technological attacks.  Furthermore a vulnerability in any one client, which may not be the best designed, can compromise the trust in the whole system.  Is this a vulnerability that we want built into the identity system?

      Maybe my bank should decide if they want to believe that John's Computer and John's Cellphone are the same person?  I bet Channel9 doesn't care how many people John Melville really is.  I bet my bank does.
  • TheWrongGuyTheWrongGuy The Evil Rubber Chicken Rocks

    Great video,Smiley
    Everyone agrees that this needs to be addressed but nobody wants to agree to any single soultion. And who do you want to trust your ID with. ( Or a device, IE: smartcard or Cell Phone ) And how can a person keep control over thier ID.

    Im just staying with just a basic cell phone, for the reasons of security and privacy, No bluetooth for me, it isnt secure enough. And I dont want my cell phone to be hacked into.

  • Wouldn't this just end up: a; being restrictive and b; giving governments the idea that they can force people to use their real identity on the internet?

    Like most people I try to use as little personally identifiable information on the internet as possible. What has credit cards got to do with identity? When I use a credit card on the net it is a secure communication between myself and the credit card company. What you guys should be working on is making sure the fields I type the numbers into don't autocomplete from last time!!!!

    People have the right to refuse to use their real identities on the net. My "real" net identity has no personally identifiable information. How are you going to secure that, and make sure others don't steal it, while making sure the governments dont prevent me from using it?


  • Perhaps these ideas have already been discussed somewhere, but I think there are some things beyond the basic laws mentioned that could further protect anonymity:
    • Information given directly the other party must not be permanently associated with the user.
    • Identity issuers must not retain permanent records of uses of information permanently associated with the user.
    For example, my address is personal information and tells where I physically reside. This information should be distributed only minimally. For example, someone needs to know it to deliver packages to my residence, but the other party to the transaction doesn't need to know this. Instead, a temporary delivery location token colud be assigned by an identity issuer, and the identity issuer could tell the deliverer what the physical location is.

    There would be nothing technologically preventing the delivery company from retaining these records (linking tokens with addresses, for example). I don't know if there's any good solution to that.
     
    Temporary email addresses would be much more easily achievable with current technology than temporary addresses. Keeping the physical address private would take much more effort, but it also seems to have a bigger payoff in that this information is more sensitive.

    This is just a start on how (permanent) identifiying information can be limited in its distribution. I'm sure much more could be said here.
  • From comments here so far, I think a lot of folks are still confusing concerns about identity (who is it 'really') with concerns about credentials (was there a valid credential entered that i am willing to trust at my site).  Regarding identity, most sites today do not really care.  The user can enter any name and address they want as long as item is shipped to correct address.   So issues about sharing identity items and whether they are 'real' are both technically and logically separates issues from credentials, and are often site-specific (and frankly they should often be for privacy reasons).  

    So I think infocard is a super implementation of globally reusable credentials (not Microsoft specific, other than as a potentially trusted provider).  This is true regardless of what kind of identity claims are tied to any given credential.  Infocard enables but does not require use as a simpler way to type identity info like a ship-to address, and that can work regardless of whether it's always the same or not.

    However, I do strongly agree with concerns about scope and timeframe of valid reuse fo both credentials and identity claims.  I'd very much like to see standard capability to easily checkmark and timestamp user-authorized valid reuse of both credentials and claims information for use at a given site.  Sites cooperating in their own self-interest with this mechanism will automatically recognize their local copy of claim info is marked as invalid due to expiration stamp and ask via standard infocard prompts whether you want to recertify or update the site's copy of previously authorized info, based on your currently chosen infocard claims data.  Haven't seen anything on this yet, if not there please get it into next release cycle.
  • forthenovaforthenova

    Reasonable opinions, it is quite necessary to consider this kind of issues.
    <a href="http://www.freerpgsite.com/">free rpg games</a>

  • forthenovaforthenova

    Reasonable opinions, it is quite necessary to consider this kind of issues.
    [url=http://www.freerpgsite.com/]free rpg games[/url]

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.