The Law of Directed Identity
A universal identity system MUST support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
Technical identity is always asserted with respect to some other identity or set of identities. To make an analogy with the physical world, we can say identity is a vector, not a scalar. One special “set of identities” is that of all other identities. Other important sets exist (for example, the identies in an enterprise, some arbitrary domain, or in a peer group).
Entities that are public can have identitifiers that are invariant and well-known. These identifiers can be thought of as beacons, emitting identity to anyone who shows up – and thus being in essence “omnidirectional” (they are willing to reveal their existence to the set of all other identities).
A corporate web site with a well-known URL and public key certificate is a good example of such a public entity. There is no advantage – and in fact a great disadvantage – in changing such a public URL. It is fine for any visitor to the site to examine the public key certificate. It is similarly acceptable that everyone knows the site is there: its existence is public.
A second example of such a public entity is the “polycomm” which looms large in the scenario we chose as a backdrop to the present discussion. The polycomm sits in a conference room in an enterprise. Visitors to the conference room can see the polycomm and it offers digital services by advertising itself to those who come near it. In the thinking outlined here, it has an omni-directional identity.
On the other hand, a consumer visiting a corporate web site is able to use the identity beacon of that site to decide whether she wants to establish a relationship with it. Her system can then set up a “unidirectional” identity relation with the site by selecting a key for use with that site and no other. A unidirectional identity relation with a different site would involve fabricating a completely unrelated key. Because of this there is no handle emitted by conformant identity system technology that can be shared between sites to track or profile her activities and preferences.
Similarly, when entering a conference room furnished with a polycomm, the omnidirectional identity beacon of that polycomm can be used by the owner of a cell phone to decide whether she wants to interact with it. If she does, a short-lived “unidirectional” identity relation can be created between the cell phone and the polycomm – and used to disclose a single music preference without associating that preference with any long-lived identity whatsoever.
It is immediately evident that Bluetooth and other wireless technologies have not so far been conformant with the fourth law. This explains the privacy issues innovators in these areas are currently wrestling with. And it will be obvious to some that public key certificates have been extremely successful to the extent they were used in conformance with the fourth law (public applications). By the same token, they were dismal failures in areas where they were not conformant. We will return to these issues in more detail.