Digital Identities Now Available

Largecranium writes, "I-names, the only globally unique, resolvable namespace in parallel to the DNS system and compatible with OpenID, are being introduced during Digital ID World in Santa Clara. I-Names are only as useful as the services they enable; the services that are available today are interesting but not life-changing. The ones that are coming in the next 6-12 months could change the way people interact online. I-names and their value (today and tomorrow) are casually explained at iwantmynamenow.com." I-names are the lineal descendant of the technology that began as XNS and continues evolving today as XDI.

excellent!

[macadamia_harold]

Digital Identities Now Available

Excellent! Because, you know, regular identity theft was just becoming boring.

Big words make BadAnalogyGuy crosseyed

[BadAnalogyGuy]

Let's reduce this project to something simpler and more easily understood than the gibberish in the writeup.

Pay $5 to use the internet.

or

Passport.NET for money.

Either way you slice it, it's unnecessary and dumb when the alternative is free and already exists. What is the alternative? Your email address and password. On top of that, you can get virtually any email address you'd like from any number of free online webmail sites like GMale and Hotmail.

What's the point?

Re:Big words make BadAnalogyGuy crosseyed

[jimstapleton]

GMale? That doesn't sound like a place to get email addresses. I'm not even gonna tray that on my browser, I can easily guess what it'll bring up...

Sorry, I just found the typo amusing.

Re:Big words make BadAnalogyGuy crosseyed

[Shaper_pmp]

I dunno - it seems like a potentially interesting idea.

It would be useful to have a single point of contact which doesn't ever have to change. For example, for one reason or another, most people I know seem to change their e-mails or mobile numbers at least once every few years. (PEDANTS: Yes, yes, I know, you've had yours for the last three centuries. Sit down - I said "most people". I'm not talking to you.)

If you could have a system that makes that unnecessary (or at least, painless for all concerned), surely that's a good thing?

If you want to change your identity, you simply register a new i-name and let the previous one lapse.

If you want to (for example) change your e-mail address or move house you just update your info in one single place, safe in the knowledge that people can still contact you. No more phoning around banks, credit card companies, utility companies, phone/broadband companies, loyalty card companies, friends, relatives, etc, etc, etc, etc, etc.

If you want to avoid someone you simply revoke their privileges to read your contact info. If they happen to remember your info even so then simply change it (see above). Even better, once the infrastructure's in place you set your e-mail client/phone/whatever to check your i-name privileges before allowing the e-mail/call through each time.

The only bit that made me really itchy was the associated idea of i-numbers which are "registered to a person... and never reassigned" - why no facility to change them (eg, if they're compromised)?

However, this is only even mentioned on a third-party site, and there's no indication at all that it's a necessary or even optionally included part of what iwantmyname is doing.

Sure, if you're an uber-geek you can presently hack together a system that allows you to dump out info from a central resource (eg, a website), you can require people to log in with a unique username and password before they can see your contact info, you can present different info to different people and selectively killfile people, and you can hack together something that'll make some mail readers automatically check this resource and filter your mail accordingly, but that doesn't mean:

• It'll work well
• It'll always work (start a new corporate job which mandates using Outlook Express, and try getting that to killfile based on your hacked-up solution)
• It's within the reach of 99% of the population
• It's remotely standardised
• Anyone will be bothered to jump through the hoops you've set up to bother contacting you in the first place

I mean, even though it's possible, and even though it would save a lot of hassle when moving house/job/e-mail/phone #/whatever... how many of you have actually bothered to do it?

Sure, if they're conning $5 out of you essentially for snake-oil then by all means all throw your toys out of your prams. However, (less some important caveats) it sounds to me like an interesting proposal, which could improve life on-line immensely if you have enough control, it's secure and it becomes widespread.

Re:Big words make BadAnalogyGuy crosseyed

[lavaface]

I think it's a little more than that. I first came across XDI when I was researching open alternatives to Myspace. I signed up for friendster several years ago but never really used it much. When I finally got a myspace account, I had to fill out the same info yet again (interests, etc). On top of that, I found the myspace interface annoying. What would be great, I thought, would be a basic profile that could be shared across different sites. Kind of like a vCard on steroids. Something that would preserve your relationships with other people. XDI makes this possible.

I found the following article on XDI a good introduction: The Social Web: Creating An Open Social Network with XDI I encourage anyone interested in trust networks and reputation systems to read it.

I suppose mentioning Myspace is no way to ingratiate myself with the Slashdot mods but I think that the underlying model paves the way towards The Net in Osrson Scot Card's novel Ender's Game. For those unaware, The Net is a global forum of governance. Different "salons" debate policy issues and are voted upon. It's distributed democracy.

To just wrap up my short post (it's too early still), these issues are rather abstract, but will become more important as our world becomes increasingly interconnected. Another essay on the general subject is by Shawn Murphy, the man behind Nooron. He explains the idea behind nooron in How to Build a Global Brain I've submitted links on nooron and XDI to slashdot before, only to have them rejected in favor of the latest iPod "killer." So it's good to see something finally published . . .

I'll post more later after breakfast and coffee . . .

Re:Big words make BadAnalogyGuy crosseyed

[bogado]

Where is the preview button when you need it... Those are :

& aacute ; = á
& eacute ; = é
& iacute ; = í
& oacute ; = ó
& uacute ; = ú

Without the space, obviously. :-)

Re:Big words make BadAnalogyGuy crosseyed

[Denial93]

> a single point of contact which doesn't ever have to change

Ever as in: as long as you pay $20 every year?

It doesn't make sense in any way, for customers. For people who seek to collect all data about you and are forever after a unique ID (see SSN) to organize their victi^H^H^H^H^Hcustomer database more effectively, it must seem like something really worth looking into. I reckon we are seeing a particularly blatant grab for investors money. More power to the guys who do it: stupid investors need to be burned every once in a while.

Re:Big words make BadAnalogyGuy crosseyed

[swillden]

Ever as in: as long as you pay $20 every year?

Just like I pay $35 per year for my domain name. If this becomes widespread (which it probably won't), prices will come down. Plus, these i-names can be hierarchical, like domain names, so you can, for example, register = and then give i-names to all of your family members, and they won't have to pay a thing.

The part of the idea that I'm most skeptical of (well, other than the idea that it will actually be used) is the notion that you can "withdraw" access to your information. I think people and organizations would just snag all of the information you allow them to have, and then store it. Sure it might eventually get out of date, but if you used the i-name mechanism to provide long-lived data like your address or phone number, it will be good for quite a while. Even with a system like this in place, if you want to control access to information about yourself, your only real option is not to ever give it out.

There's also the issue that the i-name servers would become nice repositories of information that identity thieves would love to get their hands on, but it's not like there aren't plenty of those around already.

Re:Big words make BadAnalogyGuy crosseyed

[Zeinfeld]

There is one name system for the Internet: the DNS.

Establishing critical mass for a directory scheme requires a huge amount of work. Establishing critical mass for a proprietary scheme which is intended to displace a large, deployed and reasonably open scheme is doomed from the start.

The XDI scheme is controlled through a series of patents which have been vested in a 'non-profit' entity controlled by the original owners which in turn re-licensed them back to the original owners. This series of moves is alleged to make it an 'open standard'.

I think that we will end up using a range of URI identifiers with OpenID in different contexts. In the end though the email identifier is the simplest one for people to use and is the least cluttered. People understand username@example.com.

I don't think that the spam issue is a problem. I can use an identifier without accepting email from everyone who uses it. People want to provide a contact address, they just don't want it to be abused. Anyone could post annoynmous, contactless posts to USENET, people used Wizvax and Julf's annoynmous services because they could receive replies.

So one way for identity providers to compete would be by offering better, more effective means of filtering of contacts. Some identity providers would not accept any email at all, others would relay everything unfiltered. Most people would use (pay even) for services that provide filtering of contact requests.

Trust / No Trust

[Sub+Zero+992]

They say:

You can store your personal data (like your shipping address or your email address) at a trusted source and give access to it.

But they don't explain anything which might make me consider them to be trustworthy.
This is a skethcy sketch, methinks.

Re:Trust / No Trust

[elFarto+the+2nd]

I was looking at OpenID the other day, and if you really want, you can run an OpenID server (there's one written in PHP) on your own webserver.

Regards
elFarto

YATBFARIADS

[spectrokid]

And for those who didn't get the subject line: Yet Another Twenty Bucks For A Record In A Database Scam

Re:YATBFARIADS

[Pacifist+Brawler]

When all of the cool kids are in the database, won't it be worth your twenty dollars to join?

Re:YATBFARIADS

[CRiMSON]

24823?! Pssshhh

Re:YATBFARIADS

[defile]

Still here and still living in mom's basement.

New.Net?

[erig]

Why does this remind me of new.net's custom TLD registrations, that only worked if you used them as a root nameserver? (or had spyware that added that). Same thing here apparently, you register and get an "i-Name" that only works for providers that offer authentication based on it.

I'll keep my analog identity

Ive always prefered the warm feeling of my analog identity, just like i prefer the sounds of vinyl and tubes.

A permanent online identity?

[Dekortage]

The Wikipedia article on i-names says this: "One problem XRIs are designed to solve is persistent addressing -- how to maintain an address that does not need to change no matter how often the contact data for a person or organization changes."

Uhhh... I don't want persistent addressing. I like the idea that if I really wanted to, I could change my e-mail accounts or shut down my web site I have several e-mail accounts for use with different kinds of contacts: some for shopping, some for friends, some for business. I don't mix them. I don't want to mix them.

This also sounds like what Social Security Numbers have become in the U.S.: a catch-all identification number that you are asked for by every bank, employer, insurance company, hospital, car dealership, etc. I don't want to give them all my SSN. It's private, meant for government/tax purposes, but now everyone claims they need it. If I-names become popular, will something similar happen with them? (not trying to sound alarmist, just thinking out loud)

Re:A permanent online identity?

[kfg]

I don't want to give them all my SSN. It's private, meant for government/tax purposes, but now everyone claims they need it.

This is what happens when the government sees itself as an interested party in all financial transactions.

KFG

Golgolfrincham calling...

[Burz]

...we were wondering what happened to the surviving middlemen from the B-Ark.

What's that you say? They work for "i-names" now?

"Internet sanitizers" you say? Well.... we're so delighted their safely with you.

(And not us!)

Re:Could somebody explain it?

[artson]

As it says a little later in the discussion, it's another twenty bucks to register yourself in someone's database.
Supposedly it gives you a permanent internet identity that could be useful for ID and shipping purposes.
See the article in Wikipedia, it has a good explanation and lots of useful links.

They've been trying to get a successful launch of this for some time now and it has so far failed miserably. I'd say it's because many folks on the internet like being anonymous or hiding behind a nym.

Re:Could somebody explain it?

[kfg]

Could somebody explain wtf this is . . .

They want your money.

. . .reveal what a privacy nightmare it's going to be?

Big. Really big. Huuuuuge.

KFG

Bad Idea - Reawakens old problems and solves none

[CFD339]

So, now you have another place for "name prospectors" to hunt down all the best names and try to make money by owning the ones that have marketing value. The site's home page even says:

"these names are unique, so those who are paying attention can get the name or names that they want."

That was enough for me to write it off.

This doesn't go as far toward an actual unique and secure identity as an x.509 certificate, isn't as flexible at handling people who have the same name, has no track record for trust or security, and is controlled by a single organization.

This looks to me like someone's way to make money fast on the interweb by having a signup race for cool names at $5 (then $20) per year each.

We know how well regulated, fair, and efficient the DNS system has been.

Re:Could somebody explain it?

[artson]

Sorry, that was not clear at all, was it?

I used the term nym as shorthand for pseudonym, which is defined here .

Somebody famous once said that small towns were wonderful: show up at school with a runny nose and be called sniffy for the rest of your life, fart at a picnic and be known as stinky until death. It's true.

There are a great many reasons to want to keep our names secret on the internet and most of them are logical and non-criminal. People insist on privacy as a defence against spammers, other marketers, scammers, phishers and psychopaths. People sometimes dirty their internet persona to such an extent that they'd like to start over with a new name and a fresh history. The internet is a frontier society like the old west or Australia or many parts of Africa or South America. People often left everything behind and popped up with a fresh slate.

soapbox off.

You can call me Ray, or you can call me Jay or you can call me Ray_Jay or ....

Authentication? Verification?

[rlp]

It sounds like a single-sign-on system like Microsoft Passport (only w/o Microsoft). I didn't see any discussion of authentication. Microsoft used a central Microsoft controlled database. Companies were reluctant to allow Microsoft to be an intermediary between them and their customers. (And were more reluctant to pay another Microsoft tax). Consumers were wary of a central database of ID's controlled by Microsoft. I saw no discussion of how authentication is supposed to work with this system, or more importantly who maintains the database(s) of credentials. For that matter, I saw no discussion of verification - I register 'George.Smith' and associate it with some contact meta-data. Do they verify any of that? Can I register 'George.W.Bush' or 'Bill.Gates'? So far the site seems mostly to tout the low price. Great, it's cheap. What do I get? And why would I want it?

Advert

[kylegordon]

Slashdot already has adverts around the sides of the stories. We don't need the stories to be adverts as well.

reasonable idea, just horrible execution

[nfarrell]

I like the idea of being able to give organisations revokable pointers to my details. As long as the organisation which kept the details was transparent and accountable, I'd be fairly happy about using it. Get credit card companies to use it to reduce fraud (somehow) and maybe you've even found a way to finance it: greater online security might encourage more online purchases...

The biggest flaw in the proposed scheme (if I understand it correctly) is that the reference you give each organisation is the same. Even if you can restrict access to personal information, companies can share information and put together your profile, just like a cookie only worse.

Wouldn't a better idea to use a secret key system, and each organisation can generate a request for your details which, if approved, gets signed by your secret key and returned to them. They never get your ID, so they can't profile you more than you want to be profiled. If you like, you can "delete your cookies" every 12 months.

Ideally all correspondence would also go through a level of indirection, meaning they'd never have ANY of your personal details - they'd be given a unique email alias, and a meta-address for snail mail that the postal service would recognise and treat correctly.

normally, the price is about $20 per year

[bumblefoo]

you mean like the other i-name sites that have all charged 20 dollars a year?

Evidently you guys don't have a clue about XRI

[Teilo]

To all you who call this nothing but a database scam, ala the darknet DNS registries, you're dead wrong. i-Names is the popular name for XRI, which is an OASIS standard. Those who sell i-Names are not fly-by-nighters just trying to make a money grab. They authorized by the XRI governing body to do so, and are the exact equiavalent of a DNS registry. There are a dozen or so i-Names brokers. The entire system interoperates. Many of the i-Name brokers are also DNS registries, such as Neustar.

XRI is an open standard, and the only such standard that there is. Saying that an "open source" free alternative will soon present itself is absolute nonsense. That's like saying, "Soon a free alternative to DNS will be available". Almost every post I have seen here is treating i-Names like some company. It's not. Stop arguing with me. You don't know what you are talking about.

I think you guys should stop shooting from the hip, and actually (I know this is asking a lot on /.) do a little research. Yes, centralized authentication is one part of this. But there's a whole bunch more. In XRI, services are user-centric, not server-centric. i-Names have i-Numbers in a similar manner to which DNS records have IP's. iNumbers map to a particular broker's server which obey's the iName's contact restrictions, and allows a person to provide services associated with themselves as a person. These services may, for instance, be include a basic web page, and in that way would be similar to a URL. But the service might just as well be email, a VOIP address, heck a dating service even (who want's a piece of me?). The services do not replace things like email and VOIP. They abstract them. They provide a layer where you control who communicates with you and how.

The key point here is that while the services may have backward compatibility bridges in place to allow interaction with the non-XRI world, they are particularly designed for comunication between two different identities, which communication is arbitrated by the rules which both parties establish. It's a new way of thinking about services on the net, and as such it's going to take you all a while to wrap your minds around it.

Don't let the similarities to MS passport scare you. Yes, there are some common ideas, but XRI goes much further, for it provides a generic framework for a wide variety of open source services, vs. a closed system which is little more than a single-sign-on.

I can see the EBAY add now!

[RingDev]

WTS /. User account, excellent karma, 4 digit ID. No journal entries, friends list of pro-linux advocates, many fans, no freaks.

Starting bid of $500.

-Rick