Domain: 2idi.com
Stories and comments across the archive that link to 2idi.com.
Comments · 11
-
Microsoft *could* do the right thing; will they?
As an interested party in the online identity world and very aware of Microsoft's role in it, I have met with Kim Cameron several times with respect to his Seven Laws and Microsoft's imminent InfoCard identity system that he is sheparding. Kim is a great guy - very sincere - but is but one tornado in a company of a thousand tornados. So I wrote an addendum, Four More "Laws of Identity" that addresses some of my concerns. (Kim said he enjoyed reading them and would comment after Digital ID World, but as yet I suppose he hasn't found the time.)
Some of my concerns stem from a basic distrust of Microsoft as well as the fact that some of the InfoCard technology - though supposed to be open standards - is still bases on WS-Trust, which itself is based on the WS-Security Suite, which as yet is RAND but not RANDz.
I also feel a bit of personal responsibility, as Passport came from Firefly which is partially descended from my 1980 MIT (Media Lab) thesis on a personalized newspaper - NewsPeek - so named as while it provided a "peek at the news", it was also clear even then that centralization of such resources could lead to a Big Brother state (and New Speak). Now Microsoft's InfoCard is not an identity system - it is a trust system - and actually a very noble and good goal. I just worry - as with many Microsoft systems - about how they may seek to "embrace and extend" in the trust arena, perhaps with disastrous consequences. On the other hand, if they manage to free all the necessary standards and really push an open standards/source identity/trust "metasystem", I think it could be excellent not only for Microsoft (sporting an extremely well-integrated UI) but also for the wider community - including all us F/OSS friendlies.
I'll end with two plugs: one for a host of free identity systems that exist (such as the one I worked on for the last couple years until we ran out of angel funding, 2idi; and one for a promising "open standard" InfoCard-like system that could easily be built as a Firefox plugin (alas, in PDF form) that could help in the battle against phishing. -
Re:Other way aroundNow you've got a single point of failure, which is one of the big dangers of a system like this.
Actually, that was just an example. In reality we will more likely have identity brokers that we trust with our information, and we will tell them who gets to see what. For example, see 2idi. Also, it is important to remember that we won't have just one identity but MANY identities which will each be used in their appropriate contexts. For example a financial identity, a personal identity, a business identity, etc. Each of these will have different information associated with it, and different people will be able to see different portions of the information on different identities. The key here is that it is completely in the users control.
So actually, it is possible to do what I said in a decentralized way, albeit I admit that it would be a huge burden for the government.
-
Re:nope
Windows Longhorn will have an identity system in it, currently code-named InfoCard. But from what I hear, they are actually looking for open standards on which to base their identity infrastructure, and this would make a *lot* of sense. If they promoted a system that was 100% decentralized (as opposed to the 100% centralized Passport), free and open source, and integrated it sweetly into their OS, they would have an identity system that would be peerless and increase their market share (or at the least, not drive people away so fast).
The only system I know of that fits the bill is the nascent Identity Commons system that is just starting to come online. (Disclaimer: I am 2idi's CTO) -
Not Passport (words from 2idi)
People often ask: what is the difference between your technology and Microsoft Passport?
As I like to say, the only thing good about Passport is at least you know their database won't get bought by Microsoft (because they already own it!).
In functionality - such as automatic data sharing, form filling and single sign-on - we share much with Microsoft Passport. (In fact, Passport grew out of Firefly, which is descended from my 1981 thesis on a personalized newspaper - NewsPeek - at what became soon after the M.I.T. Media Lab. I named the systems "NewsPeek" for two reasons: it provided a "peek at the news," and it was a warning that if centralized control over personal profiles existed, the future depicted in George Orwell's 1984 - where the official language was "NewSpeak" - could come true.)
But all that aside, where we differ is where it gets interesting. For one, we are decentralized. There is no single i-broker or data store that you must use. While it is true that there is only one sanctioned global registry for '=' (personal) and '@' (organizational) names, many other forms of community and peer-to-peer i-name registries can exist. It's also important to note that your data is not necessarily stored in any one place. For ease of use reasons you may choose to use a single i-broker to negotiate access to you data, but each item of your profile could conceivably be stored in a different data hosting service. (Note that current service providers that store information about you are acting as a data hosting service already.)
Another point is that, through our architecture and FOSS (free and open source software) availability of our code, we don't lock you in. Rather, you are free to move around between the i-brokers of your choosing - and even to run an i-broker yourself! We (at 2idi) are committed not only to providing you this choice, but also to providing such a compelling suite of services that i-name holders choose to have their i-names hosted at 2idi. -
Answer 50 years. BTW, THIS IS TRUSTED COMPUTING!
I haven't found in the FAQs or anywhere on the site what that EGS period is
From the FAQ: In this program, individuals may purchase a 50-year global personal i-name What isn't in the FAQ is that you are only reserving the name for 50 years and getting 2 years of free "managment services". After that management fees are around $10 a year.
Now that I have answered your question and justified leeching off of the first high rated post (chuckle) I have an important message:
IT IS A FRONT FOR TRUSTED COMPUTING AND DRM!!
IT IS A FRONT FOR TRUSTED COMPUTING AND DRM!!
IT IS A FRONT FOR TRUSTED COMPUTING AND DRM!!
The organisations involved, OASIS (oasis-open.org), XDI.ORG and the others, they are all TRUSTED COMPUTING groups creating "open standards" for ENFORCING DRIGITAL RIGHTS MANAGAMENT systems.
One of OASIS's primary projects is:
Extensible Rights Markup Language (XrML): 'The Digital Rights Language for Trusted Content and Services'.
XDI.org's FAQ
What does XDI.ORG do ...vision of an accountable, trustworthy layer on the Internet
This "Identity Commons" wants you to sign up and created a "Trusted Identity" (which is conviently tied to the CREDIT CARD you used to register!), and in the future DRM files will be locked to that identity, and software installations will be locked to that identity, and access to websites will be locked to that identity (single sign-on oh joy) and on and on. And they are offering you an opportunity to sign up and reserve your name before the system is fully deployed, gee thanks.
The system will not be fully operational unless you are running Microsoft's Palladium operating system, or if you are running a Palladiumized version of Linux or other operating system. Palladiumized TrustedLinux is already under construction. And these new operating systems will only work on the new TrustedHardware. IBM and HP and others are already shipping PCs with this new Trust chip. Intel has already embedded a version of the Trust chip inside the Intell Prescott, although it is in an inactive form. The expectation is that the Trust chip will soon be standard on all motherboards, and then move into the CPU itself. Intel, AMD, ARM, Transmeta, and the rest, all of the CPU makers are on board.
The Trust chip spys on your hardware and what software you are running and reports it to other people (remote attestation), the Trust chip makes it impossible to read your own files except with the approval and under the restrictions imposed by the software you were given (sealed storage), it prevents you from modifying the software on your own machine (code identity and sealed storage), the Trust chip even DEFEATS THE GPL! Having the source code and being able to modify and compile it is USELESS when that recompiled code DOES NOT WORK. The Trust chip forbids the recompiled code from access to the required encryption keys. The recompiled code will "run", but it will not WORK because it cannot read it's encrypted files and it cannot interoperate.
I know this sounds like a tinfoil hat conspiracy theory, but IBM is already shipping ThinkCenter, ThinkVantage andNetvista desktops, and Thinkpad laptops with this chip embedded. HP/Compaq are already shipping dc7100 and D530 Desktops and nc6000,nc8000,nw8000, nc4010 notebooks with these chips embedded. Acer Veriton 3600GT/7600GT. Toshiba Tecra M2 Series. Fujitsu Lifebook S7010 and E8000 series and the T4000 Tablet PCs. Samsung all X model laptops. And more every day. As I said, the expectation is that is will soon be standard hardware on ALL motherboards.
EFF on Trusted Computing
GNU.org on Trusted Computing
Wikipedia on Trusted Computing
- -
misconceptions: not centralized nor passport
One of the primary misconceptions about i-names is that they're centralized. They're not.
Another is that 2idi is just another passport controlling your information. It isn't.
It's clear that Identity Commons and 2idi have to work on their messaging... -
I think we've got a different kind of agent here
First Read:
http://xns.org/i-names-explained.html
http://xns.org/xri-and-xdi-explained.html
http://www.xdi.org/
The premise is that you pay for a pseudo-permanent identity in cyberspace.
What else have you got? If you don't have your own domain somewhere, that can often times be taken down by your ISP "just because", what else do you have? Your email address. That's pseudo-permanant, right. Is it 50 years permanant? Maybe.
So you tell everyone your email address for a pseudo-permanant identity - great! .... wait. You've got spam! What if you have to change it?
Will that email address cost you more than $25 over 50 years? 9 times out of 10 people will spend significantly more than that to maintain an email address with any kind of permanancy. And they'll get spammed all the while because the identifier is directly tied to the delivery method. You can't tell someone who you are without giving them a direct line.
XNS is a global public database that people can go to if they want to find you, just like DNS resolves mabu.com into the IP address your server is at. Not a global public database that contains all the juicy bits, just who's got the goods. Can you imagine being tied to the same IP address for the life of your domain name???? We all want to be able to move but nobody wants the trouble of keeping every single contact you've ever had informed of your new location.
This system makes it like this: If you want to find me ask my broker. He'll get in touch with me and make sure I still want to talk with you, then either I'll tell him "sure - let him know where I'm at." OR "Thanks for trying to get in touch with me. I'll call you."
You can give your broker a whitelist. All these people (your brother, parents, some old school friends) - tell them whatever they want to know. An offwhite list (you can keep a list of individuals, any from *@alumni.school.edu, how "connected" they are or based on reputation) - feel free to give these people my email but I don't want them knowing where I live. A blacklist tells your broker never to give out any information to (=these, =people, =and.weird, =relatives, =and.old, =girlfirends) And on and on.
The global part points anybody in the world to the place where the goods are at, just like how the root DNS servers point to the "authoritative" DNS box you run on your own net. You can change things there and when people come looking you feed them whatever you want - YOU STAY IN CONTROL.
The whole broker thing... You choose a broker you can trust. Right now there is only one, 2idi.com. Not to say you couldn't start up your own. Granted you'd have to get people to trust you if you didn't want your service to fall flat on it's face, but you could do it. Maybe run one for your family or business. Thawte could do it. CACert could do it. Your bank could be your broker. Whoever you trust to handle your personal information, THEY would be your broker.
Sending $25 and your credit card and your email address to 2idi.com is not a requirement to use XNS. At this point they're the only game in town so if you want a particular =i.name, it's pretty much a race. They stick for 50 years.
More (from 2idi.com)...
Basic Terms of Use for your I-Name
* Once registered, you can use your community personal i-name as long as you adhere to this agreement and any applicable laws.
* You can keep your i-name for as long as your community maintains a relationship with an i-broker. You can also add other community or global i-names to your account that can act as synonyms for your community i-name.
* The community i-name registry is public. It does NOT contain any of y -
Related Links
More The Internet stories
Your comment has too few characters per line (currently 8.4). Your comment has too few characters per line (currently 8.4).
-
Re:Well..
I believe that's what an i-broker is...
-
What about XNS names?
The i-name you have requested is an XNS "reserved" name. If you are the orginal XNS name registrant, you can reclaim it and convert it to a new global i-name here. If the original registrant of that i-name doesn't claim it during the EGS period, the i-name will become available again for registration on a first come first serve basis.
I haven't found in the FAQs or anywhere on the site what that EGS period is... anyone out there have an idea of when I can register myself? -
Re:Identity Commons
SourceID is open source, but not free. Identity Commons software is FOSS (BSD/GPL) and even more distributed - literally anyone can become an identity broker. It's also based on open, OASIS standards XRI, XDI and SAML. Cool stuff. It's not complete yet, but you can get an i-name now.