Day: March 29, 2005

I received an “i-names” email from Aldo Castaneda who is doing his legal thesis on what he calls “Open Legal Writing”. I guess, in effect, he is “blogging his thesis”… If you visit his site, you'll see he is editing it in real time in response to input – same sort of thing I'm trying to do here but in a different realm. (Oh yeah… A further difference is that I don't get another degree at the end of this… although I do get… the Identity Big Bang…)

The subject is the relation between intellectual property rights and identity management system open standards. All in all this looks like it is shaping up to be a discussion which well help us share ideas and thinking across silos. I am really glad to see the governance discussions converging with the technical ones in an intellectually probing manner:

Good legal scholarship should make (1) a claim that is (2) novel, (3) nonobvious, (4) useful, (5) sound, and (6) seen by the reader to be novel, nonobvious, useful and sound.[1]

(1) a claim:

Few if any of the Intellectual Property Rights (IPR) policies of Open Standards[2] organizations are consistent with Open Principles[3]. Therefore contributors and implementers of Identity Management System Open Standards must understand the strengths and weaknesses of each of the current IPR approaches to select the IPR policies best suited to their strategic objectives.[4]

Notes : At present [2005-3-22 at 9:35:55 AM], the Open Standards organizations to be considered include: OASIS , XDI.org, The Liberty Alliance, W3C, WS-Federation and The Trusted Computing Group (not necessarily in that order).

(2) that is novel: To date no published work presents a comparative analysis of the strengths and weaknesses of “Open Standards” relative to Identity Management standards contributors and implementers.

(3) Nonobvious: This analysis requires that 1) Open Standards be precisely defined, providing 2) a benchmark against which current Identity Mangement Systems standards can be compared and constrasted.

(4) Useful: This analysis will potentially be useful because it will provide 1) a comprehensive analysis of the strengths and weaknesses of current Identity Management System Open Standards and 2) a practical analytical model for use by Identity Management System Open Standards contributors and implementers.

(5) Sound: To ensure that my analysis is sound I will employ a test suite[1] to check my analysis for consequences I might not otherwise considered. This test suite[1] will based upon a definition of an IPR policy that would conform entirely to Open Principles. I will likely use that definition as a benchmark against which the various current IPR policies will be compared and contrasted.

(6) Seen by the reader to be novel, non0bvious, useful and sound. (Part of the purpose of drafting online is to expose my work scrutiny early and often. Ideally, through this process element #6 will be satisfied)

[1] Academic Legal Writing: Law Review Articles, Student Notes, Seminar Papers, and Getting on Law Review by Eugene Volokh Professor of Law UCLA School of Law, Second Edition

[2] “Open Standards” is an ambiguous concept, therefore for the purposes of this paper I will need to define “Open Standards” precisely so that I can use that definition as a benchmark against which to compare and contrast current Identity Management IPR policies. (Scott Blackmer commented: “Bruce Perens of the Open Source Initiative offers one thoughtful definition (http://www.perens.com/OpenStandards/Definition.html), amplified recently by Lawrence Rosen (http://www.openstandardsalliance.org/dowloads/LRosen.pdf)”)

[3] Open Source Licensing, Software Freedom and Intellectual Property Law by Lawrence Rosen.

[4] I am indebted to Scott Blackmer for his guidance in arriving at this claim.

Looks like the DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service coming up on April 14 will be more than interesting. Check out the program.

Caspar Bowden has advised me that the book Malicious Cryptography: Exposing Cryptovirology is a “hair-raising read”. Here is the description from Amazon:

“The authors of this book explain these issues and how to fight against them.” (Computer Law & Security Report, 1st September 2004)

Product Description:
Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you’re up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker—as much an addict as the vacant-eyed denizen of the crackhouse—so you can feel the rush and recognize your opponent’s power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

• Understand the mechanics of computationally secure information stealing
• Learn how non-zero sum Game Theory is used to develop survivable malware
• Discover how hackers use public key cryptography to mount extortion attacks
• Recognize and combat the danger of kleptographic attacks on smart-card devices
• Build a strong arsenal against a cryptovirology attack

The hacker motivated by pure thrills is perhaps being eclipsed by a new breed of professional, but this doesn't make the concepts explored here less relevant!

Buy cheap cheap buy online levitra downloadable.

Buy cheap buy cheap super online l viagra downloadable.

Buy cheap buy free online levitra viagra downloadable.

Buy cheap buy very cheap online levitra viagra now downloadable.

Luke Razzell of weaverluke has posted an entry on digital identity to the Wikipedia. He begins:

Digital identity is the representation of identity in terms of digital information.

A digital identity can be understood as the set of digital information that is attributable to any given entity. This entity may be human (an individual or a community), a physical object, or even digital information itself.

Luke continues on to discuss how identity is the product of relationships, how it is used in authentication, how it relates to ontology – all in all an ambitious and thoughtful piece of work that people should look at.

I have to admit that I like the way he starts out, but prefer to separate the “evaluation of claims” (what Luke calls “attribution” based on “trust”) from the concept of digital identity itself. Otherwise things get way too complex.

I think it gets us much further in a practical sense to stick with the idea that a digital identity is simply a set of claims (assertions that are in doubt) made by one digital subject about another digital subject.

I argue that what an observer “makes” of such a set of claims is just another set of “claims”, this time made by the observer (they may or may not be conveyed further).

I hope all lovers of recursion will catch my drift.

You end up with a simple transform of what you started with – a set of claims made by one digital subject about another. Thus the matters of trust and attribution are at a higher level of abstraction than the mechanism for expressing identity.

This also makes it easier to build a system that works across boundaries but leaves the social issues of trust open to many possibile differentiated implementations.