Posted 4:30 PM (0) comments

Could you be me?

In response to my thoughts about his axioms of identity, Scott Lemon says nice things and then (gently) reminds me that DNA is not unique. Specifically, identical twins have identical DNA, or genotypes. They also have different phenotypes - things such as fingerprints. So it would appear that a two-factor ID (DNA + fingerprint) is needed to uniquely identify every person.

Lemon then goes on to say:

...the entire model and concept of DNA is again "given to me." Yes, I do have an interesting trait that some communities measure and discuss as "DNA", however there are a large number of places on earth, where there is no such concept. DNA is something that a certain community of people on earth say that I have. However outside of these circles, it means nothing.

But simply because a group doesn't understand DNA, it is still present, it is still unique, it is still you. There are communities who don't understand the concept of patronymic, of social security number or of any numbers higher than three. That doesn't negate these things - they still exist. They may not have applicability within a given context but they exist within that context. Scott's thought that identity doesn't exist until granted by something outside the person reminds me of nothing more than teenagers and sex: they seem to believe that sex didn't exist before they experienced puberty, and its certainly nothing their parents could understand! :)

Posted 8:22 AM (0) comments

Who DO you trust?

Scott Lemon, in commenting on Kim Cameron's second law of identity actually touches on one of the problems with the third law, which posits that only parties with a "necessary and justifiable place in a given identity relationship" should be parties to the transaction. Lemon mentions the alcoholic beverage scenario -

"When I walk into a bar, for example, the bartender is no longer as likely to 'take my word for it'. He or she instead wants me to provide some credentials from a mutually acceptable community that we both belong to. I could provide a drivers license, a passport, a military ID, or maybe even my little digital device, that refers the bartenders little digital device to contact some webservice that exists at a commonly known namespace."

Without a third party that both I and the bartender trust, the transaction (getting a drink) may not take place at all. Lemon rightly points out, though, that the only verified information that needs to pass to the bartender is that I am of "legal drinking age" in the jurisdiction of the bar. Still, at some point a dis-interested third party would need to actually validate my birthdate, then correlate that to the legal drinking age in the appropriate jurisdiction. This is not a trvial problem either technologically or in terms of privacy protection. There must be a third party involved and it must be one trusted by both parties to the transaction. So, who are you going to trust?

Posted 8:25 AM (0) comments

Is it time for the personal directory?

Kim Cameron has posted his Third Law of Identity, which states that:

"Technical identity systems MUST be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship."

He goes on to state that this is why Microsoft's Passport failed - neither vendors or consumers wanted a third party intermediating their transaction. As Craig Burton put it: "Think of the implications of this new law. If Microsoft is going to participate in providing infrastructure that meets the criteria of the three laws, it will have to be willing to allow infrastructure that can operate sans Windows."

What this says to me is that the personal directory which I've long advocated ought to now be gaining traction.

One possible technology to support this is SMBmeta, the brainchild of Dan Bricklin who helped foster the PC revolution in the late 1970s and early 1980s. He is the co-creator of VisiCalc as well as other tools and applications that bridged the gap between the pure potential of personal computing in 1980 to the worldwide phenomena it is today. I explored this in more depth in a 4-part series in the Identity Management newsletter last spring called "The universal, self-publishing, loosely-coupled personal directory" parts 1, 2, 3 and 4. Parts 1, 2 & 3 outline Bricklin's proposal, while part 4 goes into how it could be adapted to the personal directory paradigm.

The Burton Group's Jamie Lewis was also fascinated by the possibilities of SMBmeta, saying about it that: "In other words, SMBmeta is a self-organizing directory. In contrast with X.500 and its descendants, SMBmeta is very decentralized, pushing responsibility and data ownership all the way out to the edge. It makes data aggregation a loosely coupled operation that anyone can perform. Pretty cool." Take a look for yourself.

Posted 10:39 AM (0) comments

Insanity? No, it's one sign of ignorance

Carla Schroder is ranting ("Single-Sign on Insanity") over on the O'Reilly network about products such as Imprivata's OneSign, somehow equating it with Microsoft's failed Passport service. She also confuses consumer products with enterprise products and ends up suggesting that the best way to keep track of your dozens of passwords is to write them down on paper!

With an "understanding" of the problems of business computing such as this, it's no wonder Linux is making such slow progress replacing Windows in the enterprise.

Posted 8:25 AM (0) comments

Blame Canada? No, Blame the media

Dick Hardt, creator of Sxip Networks, in commenting on Kim Cameron's Second Law of Identity, shows his age when he says: "the negative, emotional response to universal IDs is a fear of unjustified or undesired discrimination through data correlation. Racism and sexism being the more evocative 'isms'. We can 'blame' the movie 1984 for surfacing this as a fear of the future."

It was a book (you know, dead trees and all) long before it was a movie, Dick. But the youngsters are so cute when they act all mature and grown up!

Posted 9:08 AM (0) comments

Axiomatic Identity

Scott Lemon, the mastermind behind the way-before-it's-time DigitalME project at Novell, has launched FreeID.Org which is intended for "Exploring Identity in the Internet Age".

He's begun to posit what he calles the Axioms of Identity. And right from the first one, I can see we're going to disagree.

Lemon states, "I posit that we humans do not have any inherent identity." His thesis is that of all identitifiers, "...none of these are inherent to you ... they are all given to you by outside entities." He mentions Social Security number, name, height weight, etc.

But he does overlook DNA.

While it's true that you could say that your DNA is 'given to you' by your parents, they do, in fact, have no choice in the matter (except the choice of picking a sexual partner). Your DNA is you. You are your DNA. It is not assigned to you nor can you change it. It is your identity. Everything else is simply a "handle", a shortcut or nickname for the identity that is you.

Kim Cameron is referencing Scott's axioms as he tries to define the "Laws of Identity", but appears to be hopelessly sidetracked by the question of how Bluetooth works.