Slashdot Mirror
The Seven Laws of Identity
pHatidic writes "Something strange is a brewin' at Microsoft these days. Check out this video interview with Kim Cameron, Microsoft's Architect of Identity, about Kim's Laws of Identity." From the post: "We have undertaken a project to develop a formal understanding of the dynamics causing digital identity systems to succeed or fail in various contexts, expressed as the Laws of Identity. Taken together, these laws define a unifying identity metasystem that can offer the Internet the identity layer it so obviously requires. They also provide a way for people new to the identity discussion to understand its central issues. This lets them actively join in, rather than everyone having to restart the whole discussion from scratch."
It obviously requires an identity layer? News to me. As a card-carrying member of the tinfoil hat brigade, I prefer anonimity.
"It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
We all know that the only 2 rules are going to be:
1. Any corporation can find out whatever they want to about you for whatever reason, and use that information for any purpose they see fit.
2. Rule number 1 also applies to city/state/federal governments
I wish I was joking, but I'm not.
You're entitled to your tinfoil-wrapped opinion, of course, but as I always point out in these discussions, there would be a lot of advantages to having some form of confirmed identity connected with Internet-based activity, even if it's generally concealed or only anonymously verifiable except to suitable authorities.
If everything could ultimately be tracked back to you eventually, things like spamming, virus distribution, defamation, on-line fraud, and numerous other harmful behaviours would be dramatically reduced. You could improve a lot of people's lives here.
Of course, you also have to identify "suitable authorities" who should get the right to access this information. That might be relatively easy in the West -- we have court systems that most people would probably trust to issue such orders if and when necessary -- but the Internet is international and what's free speech to you might be illegal anti-government propaganda in certain other places.
Personally, I think most of the supposed advantages of anonymity on the Internet are illusory anyway. Does anyone really believe that all these people in China are happily speaking freely on the Internet as it stands today anyway?
Hence, on balance, a reliable identity system gets my conditional agreement, subject to the devil in the details of course.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Indeed. Passport should be proof enough that most Internet users are not interested in an identity layer.
On the other hand, the Internet is sorely lacking in appropriate identity verification measures for the sorts of e-commerce being done by people who don't grasp the concept of spyware (despite it having a firm grasp on them).
The problem in this case is, who gets to implement such a standard? The list of laws sounds good on paper, but once corporations or governments start trying to implement it, any concept of user privacy goes out the window. And as commercialized as the Internet has become, it's becoming incredibly difficult for benevolent users to set these standards and have them perpetuated without abuse or wanton modification.
Passport failed because it was shit, and everyone knows it... so what to do when you're playing worlddomination on the Internet and have just failed? You send the whole thing to marketing, which relabels it and adds stuff about openness and how everyone can join in, and then you just keep on doing what you did before...
perl -e'print$_{$_} for sort%_=`lynx -dump svanstrom.com/t`'
This isn't from Microsoft PR, it's from one of their research groups, who are generally very clever people looking at technologies that might be used some way into the future. This isn't the next MS Passport, or something they'll put as bullet point on Longhorn/Vista/whatever it's called today.
It's fascinating that the parent AC supports the law of their land, and wants Microsoft to be held liable for their "crappy software". At the same time, the parent AC obviously opposes these ideas, which might mean many people who abuse the Internet's anonymity to break those same laws could be held liable for their actions, or be denied the ability to perform those actions in the first place if they didn't wish to accept that liability. That position is logically inconsistent...
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
When I see things like: We need a unifying identity metasystem that can protect applications from the internal complexities of specific implementations and allow digital identity to become loosely coupled. This metasystem is in effect a system of systems that exposes a unified interface much like a device driver or network socket does.
I think, "why is it a metasystem?"
Isn't it just a "system"? If I compose some systems, I just have a bigger system, right? I thought a "metasystem" was something different -- e.g. a system of rules for analyzing or processing systems (like a metaprogram -- a program that processes programs).
When I see people using words like "metasystem", but without using some sort of formal definitions or formal notation (aka "math"), I get a bit nervous, because it starts to sound like a bunch of marketroid speak. Then I figure it is a pile of shit, being built by a bunch of shitheads (who want to sound important by using fancy made up words), and I don't pay any attention.
And maybe a few years later I read about its total failure.
http://www.thebricktestament.com/the_law/when_to_
Secondly, a lot of times people confuse privacy with power. For example, if my personally identifying information is leaked by a company then this is more of a power issue than a privacy one. Big companies are able to harass me, but I'm not able to harass them back proportionately. I actually publish all my personal info on my website, but when a company sells my information to another company I am still upset because of this power imbalance that it creates.
I'm not sure why anyone would be shocked. Many of the Liberty ideas were similar, as was Passport.
The issue is not that nobody has ever thought of these things. This is pretty much old hat. The thing is, big business keeps itching for a way to get people to store their data in a central location, then log in from application to application without re-authenticating.
This idea would be a boon to businesses, but in practical application, it only works on small networks. It's not the technology. It's that people don't want the technology.
People don't care to log into Yahoo! and then be logged into their bank account. It's this wall that people want between entities that makes this such a distasteful idea.
Most people are used to keeping things separated...like the doctor's office and their bank branch, which are in two distinct buildings, owned (hopefully) by two companies. Sure, sure, I know that what is suggested is that people would allow the bank and their doctor to talk, but they usually don't want that at all. Only the bank and the doctor want that. And there's the reason why any SSO/identity/passport system breaks down. People want the internet to have some of same semblance of anonymity as their lives, if not more so. As long as a bank customer never tells anyone at the bank ho their doctor is, then the bank has no reason to know.
What is so hard about this? I sign this email, you know it's from me. I sign X-Random piece of data, you know it's from me. You send me a challenge, I sign it, and you know I'm on the other end.
There are nice email frontends for PGP, and the web of trust makes damn good sense. It's flexible, and it makes sure that nobody's got you by the balls.
This sounds like MS trying to reinvent something that's already working just fine, and making it horribly complicated and broken.
Based on the Report, the *only* contribution Kim has succeeded in delineating are the assumptions behind Corporate suscription based frameworks.
There is nothing here that provides any layer of protection for the construction of an online identity. None of this contributes to the level of identity assurance to enable voting online.
I've worked with Novell's Identity Manager and DirXML for several years now, as well as their eDirectory and several other directories. They have a lot of good back-end identity technology that's tried and true. The product set is aimed at corporate customers, but the technology is in place and probably viable for much larger-scale implementations. With the next eDirectory release, you can have two trees and IDM drivers on the same server, so you can sync trees without ever hitting the network. Am I the only one that thinks Novell should be preparing to compete in the same space? Or is it not the back-end technology at issue but the human interface? Novell, are you paying attention here?
Show me one single case where the "suitable authorities" haven't abused their power? You can't, can you? Now go munch your fodder like a nice sheep; you aren't capable of independent thought.
"Does anyone really believe that all these people in China are happily speaking freely on the Internet as it stands today anyway?"
Under your proposed scheme, they wouldn't be able to at all. They at least can now, if they know what they are doing (which has been acknowledged by the "suitable authorities" in China).
Quit trying to use your brain. You are failing miserably.
The Eighth Law is that people have a right to know their own keys.
I want my key!
NO KEY, NO SALE!
If a computer comes with a boobytrapped self destructing chip that forbids you to know your own key and keeps secrets from you and restricts your ability to control your own computer then refuse to accept it.
The "seven laws of identity" are just a public relations gimmic to help sell the well documented Trusted Computing system. Microsoft's own website documents that the Security Support Component of their upcoming operating system release *is* the Trusted Computing Group's Trusted Platform Module, and the Trusted Computing Group's technical specifications cover the identity system in detail. I have read this documentation, hundreds of pages of technical specifications.
Step one is that the system only works if you have an approved and compliant TPM chip. The TPM chip contains a secret key that you are forbidden to know, and the chip is boobytrapped to nuke itself if you attempt to read out your key or alter the system. Step two is that the chip can then cryptocgraphically identify itself to other computers over the internet. Step three is that the chip can then tell other people exactly what software you are running, and that the system only works if you are running compliant and approved software. Step four is that people can then send encrypted data and keys to your chip, and you are prohibited from reading or altering the data or keys sent to you. The chip keeps the keys and data secret and secure against the owner. The chip can then send messages and attest to your "identity" and that it has control over the system and that you cannot do anything they do not want you to be able to do. That you cannot lie about your identity or your "capabilities" to read or alter your own data. Note that this is a really bizzare use of the word "capabilities". This is that you and your computer have the "capability" to deny you the ability to read or alter your own data.
If you try to run unapproved software, or if you attempt to alter your software or data in any way, then the chip denies you access to read or modify your own files, and the chip reveals in internet communications that you have an invalid identity and that the internet communication can be refused.
If we include the Eighth Law, that people have a right to know their own keys, then everything is fine and dandy. If you are allowed to know your own keys then your computer can keep no secrets against you and truely own and control your computer. So long as you are allowed to know your own key you cannot be locked in or locked out. So long as they refuse the Eighth Law, so long as this is just a front for Trusted Computing, then this is to be rejected in the strongest terms possible.
I want my key!
NO KEY, NO SALE!
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Two other posters prefer 1) an authorization rather than identification based approach, and 2) maintenance of walls between i.e. their bank and their doctor. Well credit card and insurance companies make this a bit messy but I digress.
It seems to me both posters are completely correct in capturing the general attitudes everyday people have about this sort of thing, or would have if it was translated into a verbal explanation of what somebody was offering to do for you ("I'll make it so you can just check a box and your bank and doctor will be able to talk to each other").
My first analysis of the rules was that it boiled down to an essential conflict between "Do as little evil as possible" and "We must do some evil".
This tension is artificial and derives from the author's treatment of an assertion (that globally verifiable identity between meatspace and cyberspace is necessary) as equivalent to a philosophical or religious law, or at least a position of unanimous agreement. This position is not only false, but also makes the author suspect of ulterior motives considering his employer, notwithstanding the list of authors provided (which is what kept me reading to a point).
However if one wishes to create a viable business system on the net that reflects the (putative) sovereign status of a human being over his or her own person, the architecture should work differently.
In particular, open standards, one-way only authorization hashes, and user-initiated transactions rather than corporate-initiated transactions, would seem to be more appropriate.
As an example consider that one's social security number is both very insecure and very important to an individual. Same for a credit card number. Having a database which obviously links an individual's real world identity to such a number, and making the database available through an imperfect system to a virtually unlimited number of agents with their own motives, means that as time goes on the probability of one's identity being publically divulged approaches 1.
On the other hand, if you personally create a data structure (say an xml file) using an open standard (say for insurance claims) and encrypt it in such a way that part is only readable by one person on a given insurance company's staff, and further encrypt it so that only your doctor and yourself can see the other bits, well that sounds like an authorization based approach and I would have far less to worry about that. It would certainly make the FBI's job a bit harder but they can always get a court order to make the insurance agent and doctor talk, if it's that important.
My point is that the author's strategy is fatally contaminated by his employment by Microsoft. There are other logical constructs one could make to guide system development, for example one could try to make the net more anonymous and more user-centric, and place stronger legal liability on the corporate entities that use, store and transmit the data. Individuals are empowered to use the system as a homeowner uses his telephone and the circuit created for a call.
It is not necessary to do evil at all. The only people who think so are those who have been trained to see people as objects instead of seeing them as the kings of inviolate kingdoms whom the system must serve with sincerity and humility.
The paper makes some good points but I submit that the general agreement that identity is needed online which the author suggests exists, does not in fact exist. People need to be able to trust companies they buy things from, and assurance that they are not "fly by night" operations, i.e. that you can call the better business bureau or the police on them, is what makes commerce possible. That, or just paying cash. I think the author needs to get back to the concrete reality of just how our economy currently works, so long as he is getting around to making suggestions about underlying infrastructure, and think about whether or not people really want this kind of thing.