Boys scrap over Facebook

 Jason Calacanis, CEO of Weblogs  and Master of New Media, took the lid off a noisy can of worms this week when he declared Facebook Bankruptcy, exhausted by his facebook chores of responding to endless invitations, requests and guilt trips.  In sum, he says, “Folks have just opted in to another out of control inbox…. I'm opting out.”

This was all too much for Scoble,  whose river of crocodile tears led to “Calacanis can't keep up with Facebook“.  Scoble apparently manages more than 4,000 Facebook friends (including me – I'm down here somewhere) compared to Jason's mere 395, saying, “More of the best names in tech are on Facebook than any other social network I’m on.” and “Facebook is the new business card”.  He sees Facebook as new age marketing.  (Is this why half my homepage consists of Scoble videos? Just kidding…) 

Nestled between the extremes is a piece by Rex Hammock, who I think gets it right when he says, “Facebook is a sandbox I’m playing in — but it has a long way to go before it can hope to be the world I live in.”  Continue reading Boys scrap over Facebook

Time: no one knows you're a CEO

 Lev Grossman's The Price of Anonymity in this week's Time Magazine is interesting partly because of his unforgettable portrait of John Mackey as Marie Antoinette.  But it veers to a draconian conclusion:

As far back as the 1980s, the Internet has been an electronic masked ball, a place where people can play with new identities and get off on the frisson of being somebody else. MIT sociologist Sherry Turkle has argued that this kind of identity-play even has therapeutic value. You certainly can't ascribe a plausible financial motive to Mackey–rahodeb's postings weren't moving stock prices around. This was about just being naughty: picture Mackey chortling as he played the regular rube, like Marie Antoinette dressing up as a peasant and milking cows on the fake farm she built near Versailles. (Mackey was even in drag, sort of–rahodeb is an anagram of his wife's name, Deborah.) Continue reading Time: no one knows you're a CEO

Paper argues biometric templates can be “reversed”

Every time biometrics techology is sold to a school we get assurances that the real fingerprint or other biometric is never stored and can't be retrieved.  Supposedly the system just uses a template, a mere string of zeros and ones (as if, in the digital world, there is much more than that…)  

It turns out a Canadian researcher has shown that in the case of face recognition templates a fairly high quality image of a person can be automatically regenerated from templates.  The images calculated using the procedure are of sufficient quality to  give a good visual impression of the person's characteristics.  This work reinforces the conclusions drawn earlier by an Australian researcher, who was able to construct fingerprint images from fingerprint templates.  Continue reading Paper argues biometric templates can be “reversed”

Guess what? Rabodeb is not his “real” name

A rivetting “natural” story of pseudonymity has risen to prime time in America's financial press – partly because government prosecutors have entered the fray. We're not talking here about a teenager, novelist, or garret inhabitant. This involves a corporate executive – John P. Mackey, co-founder of Whole Foods Market, who we have just found out goes by the name of “Rahodeb“. Continue reading Guess what? Rabodeb is not his “real” name


This blog is about building a multi-centered system of digital identity that its users control.  All kinds of things pass themselves off as “digital identity”, so I want to start by pruning enough trees that we can see a forest.

Basic ideas

In these pages, I'll make it clear that digital identity can't be confused with “a unique identifier” like an SSN or a biometric like DNA.  In fact, digital identity can often just convey that you are a member of some group, or possess some characteristic (for example, your profession, employer, citizenship, role or age).  Similarly, it can indicate that you are the same person who visited a site previously – without conveying any personally identifying information.

In other words, digital identity has a complex relationship with flesh-and-blood identity, which I'll call natural identity.  Sometimes we want digital identity to correspond to natural identity, and sometimes we want the two to be isolated, or the knowledge of the connection to be highly controlled.  This has become necessary because the digital world has its own “physics” that is quite different from that of the natural world.  Here space becomes more or less irrelavent and isolation very difficult to achieve, while “now” extends through great slices of time.  The result is not only that our friends and loved ones are closer:  so is every actor, good and bad, and every monitoring device in the world.

This leads us to conclude that digital identity must embrace both being public and being private.  It must provide both anonymity and pseudonymity.  It must embrace being public and being private.  It always exists in a context, and we expect the context to have the same degree of separation we are used to in the natural world, even though space and time no longer serve as insulation.

I'm interested in history and philosophy, and realize philosophers have had much to say about identity, but don't discuss these issues on this blog.  I stick to matters of technology, with the express goal of creating a digital world in which none of the richness of our natural world is lost, so that everything that can be expressed there can be expressed digitally.

A matter of urgency

The Internet was built without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to growing dangers. If we do nothing, we will face rapidly proliferating episodes of theft and deception that will cumulatively erode public trust in the Internet.

As a result, I have undertaken a project to develop a formal understanding of the dynamics causing digital identity systems to succeed or fail in various contexts, expressed as the Laws of Identity. Taken together, these laws define a unifying identity metasystem that can offer the Internet the identity layer it so obviously requires.  They also provide a way for people new to the identity discussion to understand its central issues.  This lets them actively join in, rather than everyone having to restart the whole discussion from scratch.

Those of us who work on or with identity systems need to obey the Laws of Identity.  Otherwise, we create a wake of reinforcing side-effects that eventually undermine all resulting technology.  The result is similar to what would happen if civil engineers were to flaunt the law of gravity. By following them we can build a unifying identity metasystem that is widely accepted and enduring.

Reading these Laws will give you the introduction you need to understand the rest of this site.  They are available in five formats:

Browser versionPrintable PDF.  WordDIDW powerpoint

If you can't read the paper, you can look at  the laws in point form – as long as you promise to remember that you won't understand what I'm saying without returning to the paper when you have time.

DigitalMe for Mac passed the Interoperathon

Bandit's contribution to the emerging identity metasystem is exceptional – we're talking about the DigitalMe Identity Selector for Mac and Linux , as well as relying party components.  I will post a download link as soon as one becomes available.  Novell's Dale Olds wrote about the Catalyst Conference and OSIS Interopathon here Continue reading DigitalMe for Mac passed the Interoperathon

The CardSpace dimensions

Axel Nennker from T-Systems in Germany now has a blog called ignisvulpis (OK, no translation found in search engines – I had to crack open my latin dictionary to be reminded that ignis means ‘fire’ and vulpes means ‘fox’…   Yikes, Axel!)  Axel is a contributor to the openinfocard project started by Chuck Mortimore and Ian Brown.

In a bizarre case of Information Card Fever sweeping through Germany, he writes:

Yesterday I learned that the team of the new java CardSpace project jinformationcard works in the same building as I do. As I am a contributor to the openinfocard project we now have two independent java CardSpace projects “in the house”. 

That's amazing.

Anyway, I heard Axel speak at a meeting a while ago and was fascinated by the way he conceptualized his “information card dimensions”.   Now I can share it with you because he posted it to his blog:

While thinking about how Windows CardSpace could be used and extended I came up with this graphic.

Thus the dimensions of Windows CardSpace are:

  1. Cardstore: Where is the cardstore?
    Service Providers store the information cards and facilitate the use through different devices.
  2. CredentialStore: Where are the credentials?
    Storage of credentials and engine for cryptographic operations.
  3. UI Generation: Where is the UI generated?
    The UI could be generated on a server but be displayed on one of the user’s devices.
  4. Identity Selector (UI): Where is the UI displayed and where is the Information Card selected?
  5. STS: Where is the STS?
  6. STS Authentication: Authentication Technology
  7. Browser: On which device is the authentication needed?

Now imagine all the combinations of the coordinates which span “use case space”.  My colleague Jochen Klaffer designed and implemented a tool which helped us a lot to find relevant use cases in our “CardSpace for Telcos” project which we are doing for Deutsche Telekom Laboratories’ Jörg Heuer.

This is of course only a selection of possible dimensions.  Others were excluded for simplicity and because there are strong indications that they will never be relevant.  Kim Cameron said e.g. about using different protocols instead of WS-*: “This will not happen”.

So the “Trust Protocol” dimension is not shown in this graphic.

Other dimensions missing are new transport protocols like SIP instead of HTTP to transport the RST/RSTR. So the “Transport Protocol” dimension is not shown in this graphic.

You will probably notice that there are points on the axis that are not part of CardSpace version 1.0…

Let us look at CardSpace 1.0.

  1. Cardstore: local (secure desktop).
  2. CredentialStore: local (secure desktop).
  3. UI Generation: local (secure desktop).
  4. Identity Selector (UI): local (secure desktop)
  5. STS: local or network
  6. STS Authentication: fixed set of four technologies
  7. Browser: PC

So this the current state, but the universe is expanding, right?

Interpretation of the axes and the new points the axes is left to the reader 😉

I think this is really brilliant and have been amazed at the methodologies being used.  I hope Axel will also report on the work by Jochen Klaffer to which he refers.

One small correction – we already support a simple RESTful http post of a token to a relying party – in other words, no need for WS.  So there is a protocol dimension.  In terms of the highly trusted connection between identity selector and identity provider, I would much rather avoid introducing alternate protocols that would drastically increase our attack surface and test matrix.

Ensuring Privacy and Consent

I think many will benefit from Marco Casassa Mont's Research on Identity Management blog.  He discusses business-driven identity management – and its foibles.

A recent post invites us to an upcoming Kable conference that I would attend if I possibly could:

An interesting conference is going to take place on July, 9th in London, UK on “Ensuring Privacy and Consent in Identity Management Infrastructures”. It is supported by DTI and free to attend to the private sector and academics. The conference program and online registration form are available here.

“The Department of Trade and Industry (DTI), through the Technology Strategy Board's Network Security Innovation Platform, is working with the Identity and Passport Service (IPS), the Home Office, the Economic and Social Research Council (ESRC) and the Engineering and Physical Sciences Research Council (EPSRC) to develop a work package that will sponsor a £10m, 3-year, research and development programme into how to balance the potentially intrusive nature of identity services and network security with users’ expectations of privacy and consent. This research will be cross-disciplinary, combining social science with technological innovation. …

The aim of this initial workshop on 9 July is to discuss and refine the areas of importance for research, as well as identifying where the research is needed and where the UK has potential to develop world-leading commercial services. The findings of the workshop will lead to the development of projects and proposals using the EPSRC's sand-pit concept at a further workshop to be held in early October.”

You might want to consider attending if you work in the areas of identity and privacy management …

Paul Madsen leaks internal photo

Despite my repeated requests not to go there, Paul Madsen of ConnectID has published a leaked, top secret, internal Microsoft Identity and Access photo.  His post reads as follows:

An un-named source in Redmond sent me this never before seen picture of the first ever infocards assembly line.

In the front you can see a worker inserting secret keys obtained from the bins below (the punch-card calculating machines on which those keys were generated are in another room). Other workers further down the line can be seen inserting attributes before securing the top of the cards with wrenches.

My source tells me that another line is planned.

Luckily, the IP revealed by this photo is part of the Open Specification Promise (OSP).  I checked with our operations people to see if the items in the bin  really are the secret keys, but apparently they are silver bullets.