Slashdot Mirror
The US DoD and the GSA Join the Liberty Project
An anonymous reader writes "The Liberty Alliance Project announced today that the U.S. General Services Administration (GSA) and the U.S. Department of Defense (DoD) have joined the Liberty Alliance in its pursuit to develop open and interoperable standards for electronically managing identity information."
U.S. General Services Administration (GSA) and the U.S. Department of Defense (DoD) have joined the Liberty Alliance
Great, that should really speed things up...
The government supporting privacy kinda sounds like silicone implants supporting healthy breasts.
The instant someone finds a security hole in this authentication system, everyone is vulnerable.
The opportunity for fraud in a universal system like this is just waiting to be exploited.
I have been pwned because my
I just watched the flash demo on their website. Their demo was all about being able to link up your data on various websites. Their example was linking your airlines account to a rental car account. This really just sounds like improved data mining couched in convenience to the consumer.
Now we can make sure the all of our information from the government's Total Information Awareness project are available in a compatible format to any corporation who pays enough. Okay, I'm half joking.
Who can't wait to signup? I'm filing this in league with the PATRIOT Act. Everyone needs federally regulated standards on network indentification. I'm envisioning a future where my permanant v6 ip address is on the back of my living/driving/working/eating license, and I can thank the LIBERTY Alliance for that!!! Ahh, I can taste the freedom.
I'm glad to see the US government supporting an industry consortimum instead of endoring the single vendor solution from Microsoft (Passport). I hope MS' stock gets knocked down on Monday.
about Liberty Alliance as something like it's some sort of individual tagging system? I thought it was some sort of alternative cross-site authentication system to challenge Microsoft's Passport technology?
Please correct me if I'm wrong.
Welley Corporation - SLM Scammers
I dream that I will be able to get health insurence, open bank accounts, go to college, get a job, and retire without using that *** ** **** social security number. I dream that we get rid of it and the ponzi retirement scheme that comes along with it.
I dream that my license will actually be linked to my prooven ability to drive safely, and not other issues like child support or failure to file state taxes, drinking a beer in the dorms, etc.... And that I won't be tracked and stored in massive centralized gov databases that have almost always prooven to be totally screwed up. (getting rid of frivolous tickets wile you're at it would be nice too)
I dream that I won't be harassed when I try to buy beer, ciggarates, and spray paint (one time I was even carded because I tried to buy a cigarette lighter).
I dream that my right to bear arms won't be nickled and dimed to death by people wanting to register me in govt databases like the Nazi's had before they confiscated all privately owned guns from its citizens.
I dream that my credit will only be checked when I want a loan from the bank, and not when I just want a debit card, not when a bank wants to send me a credit card offer that I half to shred before I throw out, and not when I try to get auto insurance.
Can you think of any others...
As Heinlein pointed out through Lazarus Long,
n g.html
"When a place gets crowded enough to require ID's, social collapse is not far away. It is time to go elsewhere. The best thing about spce travel is that it made it possible to go elsewhere."
Other useful quotes at http://www.musespace.com/musings/quotes/lazaruslo
You never know...
Think Kerberos cross realm authentication. If school x enters into a agreement with school y that students from each school will be able to use network resources on the other campus, the easiest way to manage that is to set the KDC to allow cross realm authen (using a shared secret) and then set up ACLs to allow any UID from the other school access to those resources that are to be shared.
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
To all the people who are freaking out about this "evil" technology, please keep in mind, the Liberty Alliance is developing an OPEN alternative to Microsoft's own "Passport" system. So, the gummit getting behind Liberty Alliance is a Good Thing(tm), relatively speaking. They could be getting behind Passport instead. And then, instead of just needing to have your Liberty Alliance ID tatooed on your forehead, you would have to have your MS-Passport ID tatooed on your forehead, and you would be legally forbidden to run anything but MS-Winders, since only MS-Winders would come with the proper drivers to scan and process the information tatooed on your forehead.
When Microsoft introduced Passport, everyone complained. When Government announced support for a system that is a credible alternative to Passport, everyone complains again.
Idiots.
Would you rather government mandated Microsoft Passport?
A system that allows you to login only once is desired in the market place. A standard is desired. This market demand will be fulfilled whether you like it or not. Which entity do you trust the most to implement this standard? Or are you naive enough to think that we won't have a federated identity on the net in the near future?
Because THEY will be the ones, the corporations, the government and the DOD, who control our indentities. Any digital identity should exist to empower the individual to become a better, more informed customer, not a manipulated consumer.
I highly recommend you read Doc Searles and David Wienbergers views on this to see why any implementation of DigID that is corporate centered rather than individual centered is PURE EVIL, and will be used for all sorts of nefarois things, from total erasure of shopping anonymonity, total profiling, and even BLACKLISTING. This is bad stuff, pure and simple.
Planet P Blog
www.enthea.org
Q: What is the Liberty Alliance Project?
A: The vision of the Liberty Alliance Project is to enable a networked world in which individuals and businesses can more easily conduct transactions while protecting the privacy and security of vital identity information. To accomplish its vision, the Liberty Alliance will establish an open standard for federated network identity through open technical specifications that will:
Support a broad range of identity-based products and services
Enable commercial and non-commercial organizations to realize new revenue and cost saving opportunities that economically leverage their relationships with customers, business partners, and employees
Provide consumers with choice of identity provider(s), the ability to link accounts through account federation, and the convenience of single sign-on, when using any network of connected services and devices
Increase ease-of-use for consumers to help stimulate e-commerce
Yeah, yeah. The gub'ment gonna undermine all those goals and blah blah conspiracy blah blah.
This is going to happen, and it's best it emerge as an open standard. Sane citizens of the 21st century want a secure and verifiable identity for e-commerce (which extends past the net, swiping your card for a bag of Doritos at the 7-11 really crosses into e-commerce)
I don't need no instructions to know how to rock!!!!
An example. Let's say you want to register yourself as a sole proprietor sales company. There's a myriad of organizations you will ultimately have to deal with, from OSHA to federal and state income and sales tax agencies to warranting that you're a drug-free employer or a nondiscriminatory one or whatever the latest law is. You'd like a one-stop shopping location, perhaps NewBusiness.gov, which acts a front-end to all these agencies at all levels and pulls it all together for you. Now that'd be nice, wouldn't it? Or how about one-stop location for handling all the stuff that deals with disasters? Or moving to Michigan? Or going to grad school, complete with Pell Grants and checks for available assistantships?
This is what the government wants to do. They know that they are fractured into little beaucracies beyond usefulness to the average citizen. So there is a major MAJOR initiative, fronted by the Bush White House, to make the government work together so it can be more responsive and helpful to you. National Science Foundation, GSA, a bunch of groups are working on this. They want to move the government into the twentieth century at least, much less the twenty-first!
Trouble is, how does the government know it's you who's applying for the Pell grant, as opposed to Joe Fraud who's stolen your identity? They need some kind of potent self-identification. But right now the government is scared spitless about using even cookies on its websites for fear that privacy spooks will start rumors that they're tracking your every move and a congressman will immediately put them out of work.
So the government is also trying to find ways to make it possible for you to manage, distribute in a protected fashion, verify, and guarantee your identity, or even act anonymously in a way you know they can't reasonably crack. Otherwise citizens will never ever use these services. They know this.
Commercial crap like MSN Passport just aint' gonna cut it. Passport has a dismal privacy record. Hence the interest in Liberty Alliance etc.
Yes, the Total Information Awareness project is scary (though anyone who's involved in the project can tell you it basically has no teeth at all -- it's a paper tiger). And various spook agencies are impressive at digging into your private live: well, at least the one in Maryland is anyway. But what's going on in this iniative is, in fact, totally benign. The government wants to really give you your bang for the tax buck, and are trying to figure out how they can do so without scarying you spitless on the privacy side.
There are in fact people in the government who are there because they want to help make the world better, you know! Not many. But they're there.
-- a researcher in the DC area...
The DoD is very interested in having easy identification for the 1.3 million military personnel in the United States. This means pay information, service records, ratings, training, specializations. Medical records. Retirement information.If it's tracked, they want to have it all referenced to a single identity, cross-referenced on different systems.
They were working for a while on smartcards for all military personnel, and that's actually gone pretty far along.
But they've probably learned that there's too much to stick on a smartcard, and you can't get good enough security to put confidential information on the smartcard that you give to 1.3 million people. Too many will lose them, and then you have problems.
So they want to have the records, and have them easily tied to individuals. And have them available in the different commands, on different servers scattered thoroughout the DoD command structure.
They are very interested in something like the Liberty Alliance, and making sure that they can use it for their purposes. Keeping this diverse array of information for 1.3 million people is just what this project is made for.
Seems good that the DoD became aware of it, and decided to participate. And I'm reassured that they didn't decide to just go with the Microsoft solution without considering the options. (Maybe they learned from the problems the Navy has been having with NMCI.)
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
In many provences, all citizens look somewhat alike (black hair, light build, similar facial feature). This has always been a problem to ID criminal elements and dealing with False Identity.
There is a huge market for this overseas, representing some 1 billion peoples.
I suggest you read Slashdot
An AC wrote:
..."
> The government needs to monitor the people to make
> sure they are obeying the law to prevent terrorism.
1) Monitoring an ordinary citizen's breaches of the law (downloading copyrighted media without permission/paying, speeding, and more serious crimes) is not going to prevent any terrorism, because most US citizens are not terrorists, but are rather the people you want to protect from terrorism.
2) Monitoring known terrorists (while meeting the requirements of the Fourth Amendment for those few who are US citizens) would help prevent terrorism. Pity the government, if it followed your advice, would not have the manpower to watch the terrorists if they were busy watching the citizens.
3) Most importantly, monitoring US citizens without warrants and such is against the Fourth Amendment, and therefore a crime. You don't want all those Revolutionary War heroes to have died in vain, do you?
> Of course this is all silly when they don't do the most
> common sense thing and ban the private ownership of
> guns.
Yeah, that would really help. Not only are guns not usually used in terrorism (they like bombs which private citizens do not own), but an armed citizen might be able to stop a terrorist before more people are hurt.
> The people have no legitimate need for guns but the
> various police agencies should be very well armed.
The people, not the police, are generally the ones present during a terrorist attack. All the arms of the police (who are very well armed, some in Florida with military hardware they have no training in how to use) are no good, if they are not present to stop an attack.
Anyway, the important thing is that the Second Amendment says that people have the right to bear arms.
You might want to read the Constitution and the Bill of Rights again. The USA you purpose bears no resemblance to the the one defined by those documents.
Databases (government or things like the Liberty Alliance), monitoring, disarming and stripping away the rights of US citizens are not going to solve the problem of terrorism. To stop terrorism for good, you have to look for its source: hatred and anger toward US foreign policy.
It's pretty simple. Pull the troops out of Saudi Arabia (and any other place in the Middle East where they are not wanted), and quit showing favoritism toward Israel (be chummy with Israel, but be just as chummy with everyone else), and you will have taken away Al Qaeda's main recruitment issues. Invade Iraq, and stir up a hornets' nest of angry terrorists.
Heck, being fair, impartial, and not sticking our troops where they aren't welcome would do wonders for our image worldwide. As for preemptive invasion, the last one to pull that was Hitler invading Poland. Boy did his foreign policy land him in a mess of trouble!
"Lola, kindness is not enough, look for the reason of hatred and anger.
When you find and understand that, love becomes the strongest power
Belabera, "Mothra 3: King Ghidora Attacks"
...ask what you can do for your government, to paraphrase a well known Fed. The US Government is not a monolithic block of Poindexters committed to stealing our personal liberties. Only a few want that and they are often just implimenting misguided legislation from the boneheads you and I elect. There are many more policy makers and technologists within Government who believe in the openess and freedom designed into the Internet. But if we don't find simple, effective ways to authenticate and secure our communications when they need to be secure, the open nature of the Internet is in jeopardy. That is because there are those in the Government (and a heck of a lot more in some of your corporations) who will point to the insecurity of their particular communications as an indictment of the Net in general. And from that point of view comes the increasing call for building structural controls into the fiber of the network - including the monitoring and oversight many of us dread.
The contingents from GSA and DoD participating in the Liberty ALliance are among the good guys. They believe in an open Internet and in open standards. They released their Certificate Arbitrator Module (CAM) under an open source license. They want to see the Internet work for everyone so it isn't hijacked for a few.