Posted 11:08 AM (1) comments

Welcome to the virtual world

Welcome to the blogosphere the ranting identity gang from Trusted Network Computing. "Know Identity" will feature the wisdom (and rants) of Tamyra Hyatt, Rob Ciampa and Doug Walker (and anyone else they can drag into the discussion). It promises to be a lively place...

Posted 3:56 PM (0) comments

The Identity Habit?

Kim Cameron points us to a new blog (at least for me) by Don Parks with a reference to the posting Identity as a Verb.

Parks leads off by saying:

To me, identity is not something one has, like InfoCard or a key, but something one does, a verb if you will. Identity is like the equal sign of an equation.

Certainly, Math does have the concept of "identity" (x 0 = x [addition identity] or X * 1 = X [multiplication identity] which involves an equals sign. We might consider "identity" to be equivalent to an entity if we consider "identity" to be the unique attribute associated in a "one and only one" relationship with that entity. And I'll agree with Parks that Identity is not something one has (which might be a token, or some other symbolic representation of an authentication or even of an identity). But it also isn't something you do. "Identity" is something you are. Something any entity is. It's the something that makes one entity able to be differentiated from another entity. The entity's identity remains forever, whether or not that identity is made known to any other entity. The attributes associated with that identity can grow and shrink, the roles filled by the entity as well as the personnae manifested by the entity can change. But the identity remains forever.

Posted 11:20 AM (0) comments

Identify without Identity?

Shelley Powers, at Burningbird, has jumped into the InfoCard discussion (see "You Want We Should What?"). She points to Johannes Ernst's description and also includes references to Julian Bond's rant and Kim Cameron's follow-up. But ends up dismissing the bulk of the argument to state that what seems to be overlooked is:

the surprising fact that in all of this discussion, there seems to be an assumption that the average person is willing to input sensitive information, [pointer to types of ID info], into a digital identity–a digital identity which will then be stored on in their internet-enabled personal computer, bits of which to be passed around from site to site

Powers seems to feel that storing any identity information on a PC is simply begging the hackers to attack you. But that's an observation right up there with "don't leave your laptop sitting on the seat in an empty car," or "be sure to lock the door when you go out," or "keep your wallet in an inside pocket."

If you have a PC that's connected to the internet and it isn't protected, then don't put sensitive data on it. Conversely, if you have sensitive data on it, then protect it!

I think she also overstates the security concerns of the "average person," who has been shown on more than one occasion - in both the US and the UK - to be willing to give up their password to a stranger for a candy bar!

Still Powers (and Bond) provided sort of a service by voicing straw-man arguments that others will bring forward as the technology begins to spread. But for a more balanced view of InfoCard, I'd suggest reading Doc Searls' postings which, while encouraging Microsoft do indicate the real problems that might arise.

Posted 4:11 PM (0) comments

Why Digital Identity Matters

Johannes Ernst (you know, the LID guy) has asked us to consider Why Digital Identity Matters. He lists five "application areas" for digital ID:

Digital Identity as a security tool.
Digital Identity as a compliance enforcement tool.
Digital Identity as a big-government tool.
Digital Identity as a convenience or cost-saving tool.
Digital Identity as a tool to empower the individual and/or groups of individuals.

He claims that the discussion these days centers on the first four to the detriment of number five, yet then points to at least three people carrying on dialogs about the fifth area.

The way I see what he's presenting is that people in many different facets of technology and social organization are seeing digital identity as being useful to their discipline, and adapting it accordingly.

Digital Identity matters for the same reason any identity matters - to enable conversation among rational human beings, but it adds the secondary purpose of conversation between humans and machines as well as among machines in the absence of humans.

Just as our primitive ancestors needed to establish the concept of "identity" so that they could refer to each other (whether present or not) so too do we need digital identity to carry on a conversation in virtual space - whether or not that conversation involves a transaction, an authentication, an audit or what have you. Identity is needed as a reference and can then be use as a tool to empower conversations.