From identity to identifiers – Law of Control

I am really fascinated by work Drummond Reed has started on his blog in which he uses the laws of identity to structure a discussion on identifiers. I look forward to seeing where this goes, since Drummond has thought incredibly deeply about identifiers (he is the technical chair of the OASIS Extensible Resource Identifier – XRI – Technical Committee; not to mention his work on XDI…). I know from conversations with my friends at NAC (the Network Applications Consortium) that identifiers are becoming a super-hot pragmatic issue.

Drummond explains what he's doing this way:

When Kim published his Fourth Law (the Law of Directed Identity), it was the first (and only) law that touched directly on identifiers. I knew his Laws had gained quite a following when I quickly received several email messages asking if XRIs (Extensible Resource Identifiers), the new OASIS specifications for abstract identifiers, conformed to the 4th Law.

In discussing this with other members of the XRI TC, as well as with Kim, we realized that each of his “Laws of Identity” has a “Corollary For Identifiers”. In particular, these corollaries would apply to any universal identifier metasystem that aspired to be the addressing scheme for the “mega momma backplane” (as Kim, Marc Canter, and Craig Burton put it.)

That, of course, is precisely the goal of the OASIS XRI effort dating back to 2003 (and previously to the XNS work dating back to 1999.) Given that the XRI 2.0 specifications are currently in public review in advance of a full OASIS vote, now seems like a good time to follow Kim’s lead and publish “The Seven Corollaries of Identifiers”.

The idea that each of the laws has its own ‘identifier corollary’ makes perfect sense. And I'm struck by the way in which the laws provide a conceptual handle through which the issues of identification can be understood by an audience wider than those who wake up, have a coffee, and think about identifiers all day long.

So let's look at the first corollory:

1. The Law of Control

Technical identity systems MUST only reveal information identifying a user with the user’s consent.

1a. The Corollary of Identifier Control.

The identifiers in a universal identifier metasystem MUST only reveal information identifying a user with the user’s consent.

Funny how intuitive it seems when you put it this way. A user’s online identifier should not force the user to reveal any more information than they wish. And yet one of the online identifiers most frequently requested from users squarely violates this principle: an email address. Websites who require an email address to register – and many have no choice because it is often the only easy, universal way to perform basic user authentication – force individuals into revealing information that in many cases they would rather not.

So half the Web breaks this corollary before we’re even out of the starting gate. But it gets worse. Look at one of the current bulwarks of online identification: DNS. A standard requirement for most DNS name registries is accurate, current contact data for the registrant that is published publicly as “Whois” data. Although many registrars now offer proxy registration services to preserve registrant privacy and prevent spam, there’s no escaping that a major component of our current Internet identifier infrastructure breaks the First Corollary squarely in two.

So can XRIs fix this problem? Yes. The first principle of XRI architecture is that XRIs are abstract – the association between an XRI and the real-world resource it represents is entirely under the control of its XRI authority (the person or organization registering the XRI, at any level of delegation). So nothing in an XRI need reveal anything about the authority’s identity or messaging address.

So how can the identifier be authenticated, i.e., what’s the XRI equivalent of the simple email address verification test that websites use every day? The ISSO (I-Name Single Sign-On) protocol, which combines XRI 2.0 resolution with SAML 2.0 authentication assertion exchange. It’s easier, faster, and much more secure than email authentication – and still does not require revealing any other information identifying the user.

So that fixes the first problem. What about the second – the DNS “Whois” problem? What registrant data is required when registering an XRI? Here I can only speak for the XRI global registry services to be offered by XDI.ORG. Based on its Global Services Specifications (GSS) that have been in public review since December, the answer is: none. Following XDI.ORG’s Minimum Information Policy, a cornerstone of its Data Protection Policies, the XDI.ORG global registries will store only registered XRIs, resolution values, and authentication credentials. There is no public (or private) “Whois” service. (There is a Public Trustee Service that provides an alternate means of authenticating a registrant to XDI.ORG if they lose their registration credential, but that data is entirely private.)

So what provides accountability for global registrations? Dispute Notification Service. Every global XRI registrar is required to provide a means of forwarding authenticated dispute notifications to a registrant. This accomplishes the same goal as DNS Whois service but without revealing registrant identifying data or exposing registrants to spam.

This really helps me understand what XRI is all about. And we're just at law 1.

Published by

Kim Cameron

Work on identity.