The virtualization of crime

I love this piece by Scott Adams:

Imagine.  The Internet has no way of knowing who you are dealing with.  What environment could be more convenient for the criminally inclined?

Since starting to work on the Identity Metasystem I've learned more and more about the hoists being pulled off in the context of virtual reality.  Over time, we have seen the attacks become more professionalized, and ultimately linked to well organized international syndicates.  Part of the basic equation is that the international nature of virtual reality makes it especially hard to deal with the type of organization that is emerging at the boundary of its interface with the brick and mortar world.

But recently, we've seen more highly focused attacks that are essentially artisinal.  It seems to be a case of “think globally, act locally.”  Some of the schemes put in place depend on intimate knowledge of the workings of specific sites, and even specific communities and indvidiuals.  This is no longer generic targeting.  It's highly individualized, the work of community professionals of a special kind, who may draw upon internationally organized resources as necessary.

And of course this all makes sense.  Computerization has progressively worked its way through the various professions and industry sectors and nooks and crannies of our society, and we've reached the point that a growing number of criminals are no more likely to function without computers than are accountants (not to cast judgement on whether some accountants are or are not ciminals…)

As the level of familiarity with technology grows and increasingly wider swaths of the population become aware of the opportunities that await us in virtual reality, it is obvious that more and more criminals will find their place there. 

I walked into my local Office Depot a few days ago and amazingly, almost all the stationary goods and high class pens and filing contraptions and things that have always made such places interesting, had basically disappeared into a distant corner, while the whole center of the store consisted of computers, printers, electronic cash registers and cameras.  A further indication of the growing virtualization of which cyber criminalization is just a natural a part.

But to keep any balance at all, we really do need to fix the fundamental architectural problem of the internet: having a way that we can, when we want to, be sure who we are connecting with.

In other words, we need to put in place an Identity Metasystem.

Protect yourself from your credit cards

Via a cool Digg, a pointer to a holding action that uses brute force to apply the Fourth Law of Identity:

The Emvelope® Wallet Insert is an innovative, patent-pending product that provides a simple, convenient, and easy way to contain the wireless signals being emitted by RFID chips. Simply place the insert into the bill area of your wallet and press firmly around the edges. Close the wallet and you'll have a Faraday Cage small enough to slip in your pocket. Don't let the size and simplicity fool you. Emvelope® inserts will block RF frequencies up to 2.4Ghz. More than enough to insure your safety.

Now if you travel, don't stop with your wallet. The handy passport accessory shown here will protect you from your passport.

Rumor has it the company is working on an insert for hats as well.   

Aggregation through a single identifier

Through the miracle of pingbacks I just came across Terrell Russell's blog, This Old Network.   Poking around, I was led to his cool proposal for MicroIDs, which I like and will discuss later.  I also found many interesting pieces, including today's interesting reflection related to issues addressed in my fourth law of identity:

First, our friend the search engine…

Search data recently released from AOL allows anyone with some intrepid follow-up skills and some social engineering to quickly narrow in on unique individuals – individuals who never considered their independent searches were being aggregated by their ISP. A recent flurry of activity designed to protect us from the search engines signals a slumbering uneasiness with this situation. Something dark has been uncovered and in the short term there is much handwaving and interest. However, as time passes, we’ll fall back into our ‘normal’ ways and continue to put our most personal information-seeking into that gloriously simple bare single box. “It’s just too convenient”, you say. “They’ve done nothing wrong.”

And here’s where the discussion changes. It’s not about Google. Or MSN. Or Yahoo. It’s about one person. Or one subpeona. The fact that it’s all being aggregated is the problem. The fact that there’s a potential for negligence, court-order or simple employee curiosity has profound implications for a great number of people. That is what makes this discussion so important.

Note that the reason employees could inappropriately access sensitive information was because it was sitting in databases they could get to – not because it was present on a card in someone’s wallet. 

Centralized databases worry me way more than any other aspect of this technology.

– Kim Cameron

We need to understand that our daily breadcrumbs – our attention – our personal interests in where we’re going and what we’re looking for and what we’re buying, are all being sucked up and stored with a unique identifier. We need to realize we’re broadcasting our attention and that it has great value to those who would suck it up. Inform yourself and make a conscious decision about where you spend your time and what you look for. You’re not alone while you surf. AOL has shown us the light.

And onto IM…

Most users think they’re anonymous behind their instant messenger accounts. They think their words aren’t being recorded. You think your friend on the other end of the IM doesn’t have her auto-logging turned on? And that it’s not fully searchable later? Severe paranoia and tin-foil hats notwithstanding, you’re being very naive.

And that’s just your friends. How about when the person on the other end reports you?

Earlier this week the UK government-funded Child Exploitation & Online Protection Centre announced a partnership with Microsoft Messenger. Messenger will be putting a button on the toolbar to allow any user to ‘report abuse’ to the authorities. This is a dangerous precedent. How is this any different than the Terrorist Information and Prevention System (TIPS) program proposed by the US back in 2002?

How much money will be tied up in the next 12 months because of this trigger being too easy to pull? How many prank reports will eat through the government funding? How will danah boyd react to the feeding frenzy this will create once the first one is ‘caught’?

Be aware of what you project. Be aware that this is a global medium. Be aware that it’s being broadcast and recorded. This Internet thing will be around for a while.

This should give those who think that maybe we should just back off identity issues and let things take “their natural course”, reason for pause.  I certainly hope that the “panic button” referred to above is limited to use within communities whose members consent to it.


Dave Kearns takes on anonymity

 Dave Kearns of The Virtual Quill (and many other venues) has joined the anonymity scrum (even though he was already in it) :

“Anonymity as default,” which I mentioned in the previous post, is taking on a life of it's own. Now Tom Maddox has posted in his Opinity weblog, commenting on Ben Laurie's commentary about Kim Cameron's mention of Eric Norlin's post concerning David Weinberger's original thought that “Anonymity should be the default.”

(I'll just sit here and whistle for a moment while you follow that set of links)

The point I wanted to mention was Maddox’ statement:

We need to begin with anonymity/pseudonymity as the default, Laurie's ‘substrate choice’. Otherwise, whatever identity system we employ, we'll always be trying to get the cat back in the bag (or the scrambled egg back in the shell)

The fallacy here is that he seems to believe that there can be an “identity system” in which anonymity is a choice! And not only a choice, but the default choice. But without a unique identifier for each object in the system, there is no identity system. And with a unique identifier there is no anonymity within the system. Rather, the default should be PRIVACY for all objects, with any dispersal or publishing of identity attributes only done with the consent of the entity if it's sentient, and the entity's controller if it isn't.

Maddox is correct that once the data is published you can't unpublish it completely. That argument shouldn't be overlooked. But it's equally as important to realize that the “anonymity bandwagon” is out of control and headed for the cliff. Privacy is the key, and privacy should be the issue.

I have trouble with Dave's use of the phrase, “within the system”.  What is “the system” in a multi-centered world with an interpenetrating mesh of domains?  Put another way, just because an object has a unique identifier, do entities dealing with the object have to know that?

Things may have unique identifiers that are known to some identity authority / domain (even infinitesimilly small ones) but these authorities don't have to release them when identifying things to other parties. 

Would an example help? 

Suppose some company – let's call it – runs Active Directory as its local identity infrastructure.  Active Directory identifies all of the machines and people in Contoso's “domain” with a Security IDentifier (SID) – basically a unique id/domain pair.  But when I am dealing with someone from, I probably don't give a darn about their SID, no matter how useful it may be to their local AD system.  Dave, do you care about my SID? Knowing you and loving you, I think you've got better things to worry about!

In the world of web services, which will be a vast mesh where identity reaches beyond domain boundaries, the definition of what is “within the system” becomes very ambiguous. 

The SID makes sense “within the system” thought of a narrow domain manager.  It normally doesn't make sense “within the system” thought of as a connecting mesh of entities that happen to interact with many domains. 

In this bigger world, I may be interested in the fact that someone is an employee of Contoso, byt totally uninterested in anything that uniquely identifiers them as an employee – even if such unique identification is necessary for some other purpose.

For example, if I call 411, I speak with a representative of the phone company.  I don't know her or his name, or number, or location, or anything else.  I just know the person I'm talking with works on behalf of Verizon – and that is all I really want to know.

Yet knowing they are an official employee is still a matter of identity! 

Is this anonymous?  I would say so.  It “has an unknown or unacknowledged name”, as my pathetic online dictionary puts it (I'm travelling).  So it is anonymous, but it is identity.

This is all part of the notion that an authority can make claims about a subject – and that this is done through a set of assertions.  Given this, we need a name for the “empty set” of assertions. 

So far, we call it anonymity.  We believe this will ring a bell in more peoples’ heads than “empty set of assertions”.

If we now combine this thinking with the second law (minimal disclosure) – we come to the notion that if more is not needed, the identity set should be the empty set.  This is what I think people are talking about when they say the default should be anonymous.

Anonymity is the substrate

Ben Laurie at Links, contemplating the “identity as a default” debate, argues “Anonymity is the substrate“:

Kim Cameron’s blog draws my attention to a couple of articles on anonymity. The first argues for anonymity to be the default. The second misses the point and claims that wanting anonymity to be the default makes it a binary thing, whereas identity is a spectrum.

But the point is this: unless you have anonymity as your default state, you don’t get to choose where on that spectrum you lie.

Eric Norlin says

Further, every “user-centric” system I know of doesn’t seek to make “identity” a default, so much as it seeks to make “choice” (including the choice of anonymity) a default.

as if identity management systems were the only way you are identified and tracked on the ‘net. But that’s the problem: the choices we make for identity management don’t control what information is gathered about us unless we are completely anonymous apart from what we choose to reveal.

Unless anonymity is the substrate choice in identity management gets us nowhere. This is why I am not happy with any existing identity management proposal – none of them even attempt to give you anonymity as the substrate.

Ben has a valid point in terms of the network substrate.  There are a number of hard issues intertwined here.  But from a practical point of view, here is how I approach it:

  1. You can't solve every problem everywhere simultaneously.  Solving one problem may leave others to be dealt with.  But with one problem gone, the others are easier to tackle.
  2. There are interesting technologies like onion routing and tor that could be combined with the evolving identity framework to offer a more secure overall solution (Ben is better versed in these matters than I am).
  3. If society mandates storage of network addresses under certain circumstances, as it seems to be doing, a much more secure approach to this storage could and should be adopted.  Any legislation that calls for auditing should also require that the audit trail be encrypted under keys available only to vetted authorities and then only through well-defined legal procedures with public notification and in an off-line setting.  This would have a huge impact in preventing the ravages of Norlin's Maxim.

Network issues aside, in keeping with the second law of identity (minimal disclosure), users should by default release NO identifying information at all. 

You can call this anonymity, or you can call this “not needlessly blabbing everything about yourself”. 

Sites should only ask for identifying information when there is some valid and defensible reason to do so.  They should always ask for the minimum possible.  They should keep it for the shortest possible time.  They should encrypt it so it is only available to systems that must access it.  They should ensure as few parties as possible have access to such systems.  And if possible, they should only allow it to be decrypted on systems not connected to the internet.  Finally, they should audit their conformance with these best practices.

Once you accept that release of identifying information should be proportionate to well-defined needs – and that such needs vary according to context – it follows that identity must “be a spectrum”.


Norlin's Maxim

I'm a big fan of Eric Norlin – it was one of his posts that got me started on the Laws of Identity.  But I think this ZDNet piece is especially good – and love Norlin's Maxim:

In the very near wake of a foiled terrorist plot, I find myself waking up, planning to write about the topic of anonymity and identity. The original impetus for my post is a recent article by David Weinberger. In that article, David argues for anonymity as a “default” in the online world by saying: “personal anonymity is the default in the real world — if you live in a large town, not only don't you know everyone you see, but you're not allowed randomly to demand ID from them — and it ought to be the default on line.”

Its not so much that I disagree with David, as I think he's framing the problem incorrectly. Framing the “online anonymity” issue in the context of being a default makes it a binary issue — a simple on/off switch; either anonymity is the default, or something else (from pseudonymity up to strongly authenticated identity) is the default. But online identity is *not* a binary issue. Identity (be it authentication, access, authorization, federation or any other component) operates on a spectrum. Further, every “user-centric” system I know of doesn't seek to make “identity” a default, so much as it seeks to make “choice” (including the choice of anonymity) a default. Whether the system is SXIP, CardSpace, or OpenID, they all begin by having the user choose how they will present themselves.

In the context of choice being the identity default, we're finding that the bulk of online users are choosing to place huge chunks of their identity online. My evidence: MySpace, YouTube, Facebook, etc. The heaviest generational component of the online community (the kids) rushes to identity themselves online. They flock to it so fast and so easily that its making federal lawmakers (and many parents) uneasy. Do these kids think that anonymity is or should be the online default? Apparently not.

My semi-joking explanation of this lies in “Norlin's Maxim.” I first posited “norlin's maxim” as a joke, but I've since found it to actually be at least partially true — thus its semi-joking nature. Norlin's maxim is simple: The internet inexorably pulls information from the private domain into the public domain. The proof: Google your name today and google it again in 90 days (more will be known about you over time).

So, rather than arguing about whether or not anonymity is the default in the “real-world” (its not), I would simply assert that while location may have been a proxy for identity in the original architecture of the internet, the nature of the network itself *forces* identity information from the private to the public domains. That forcing function leaves users open to losing control over their own personal information, and *that* problem demands a digital identity network infrastructure.

It's so true.  One of the main keys to understanding my work is to understand Norlin's Maxim.  And the maxim also explains why so many comparisons between the brick and mortar and the digitial worlds fail to grasp the central issues.

New British report on identity card technologies

There is a new report by the British House of Commons Science and Technology Committee entitled, “Identity Card Technologies: Scientific Advice, Risk and Evidence“.

For those new to this blog, the ongoing discussion of a British Identity Card interests me not only because of what it means for Britain's future, but because it is a crucible in which to watch the Laws of Identity play themselves out. The initial proposal broke a number of them – with, so far, the predicted results.

Here is the summary from the multi-party Committee's report:

This Report is the final of three case studies considering the Government’s treatment of scientific advice, risk and evidence. It focuses upon the Home Office’s identity cards scheme, which uses various technologies including biometrics, information and communication technology (ICT) and smart cards. We considered this scheme in order to explore the ways in which scientific advice, risk and evidence could be managed in relation to technologies that are continually developing.

This inquiry has found several areas in which the Home Office’s treatment of scientific advice and evidence appears to be following good practice: the establishment of advisory committees, the use of Office of Government Commerce (OGC) Gateway Reviews and the development of risk management strategies are examples. We welcome the Home Office’s commitment to implementing the scheme gradually rather than using a “big bang” approach, which could jeopardise the success of the programme.

We have also identified weaknesses in the use of scientific advice and evidence. We are disappointed with the lack of transparency surrounding the incorporation of scientific advice, the procurement process and the ICT system.

Potential suppliers are confused about the extent to which the scheme will be prescriptive and when technical specifications will be released. Whilst the Home Office has attempted to consult the wider community, stakeholders have complained that consultations have been unduly limited in scope and their objectives have been unclear.

As a result, the wider community does not have the level of confidence in the scheme that could reasonably be expected at this stage. Whilst the Home Office has determined some aspects of the scheme such as the biometrics, it has left other aspects such as the structure of the database undetermined. Its decisions demonstrate an inconsistent approach to scientific evidence and we are concerned that choices regarding biometric technology have preceded trials. Given that extensive trialling is still to take place, we are sceptical about the validity of costs produced at this stage. We note the danger of cost ceilings driving the choice of technology and call for the Home Office to publish a breakdown of the technology costs following the procurement process.

The identity cards scheme has at least another two years before identity cards begin to be introduced and the scheme has not yet entered its procurement phase. There is still time for the Home Office to make alterations to its processes. We encourage the Home Office to seek advice on ICT from senior and experienced professionals and to establish an ICT assurance committee.

Whilst biometric technology is an important part of the scheme, it must not detract from other aspects of the programme, in particular ICT. It is crucial that the Home Office increases clarity and transparency across the programme, not only in problem areas. We also emphasise that if evidence emerges that contradicts existing assumptions, changes must be made to the programme even if the timescale or cost of the project is extended in consequence.

Will industry rescue the identity card?

IT Week recently ran a story quoting Simon Davies, director of Privacy International, that has raised an eyebrow or two in the blogosphere.

Industry may need to lead the way if the UK is ever to get a national identity card scheme that can deliver significant security and efficiency benefits.

That is the view of Simon Davies, one of the academics behind the London School of Economics’ controversial report last year on the cost and viability of the government’s ID card scheme. Davies told IT Week that now leaked emails from Whitehall officials have revealed their doubts about the viability of the scheme, the private sector may have to step in to save the project.

“I’ve believed for some months that a ‘white knight’ consortium from industry is needed,” Davies said. “Companies that can see the benefits of the ID card idea should approach the government about effectively taking over the project.”

The Home Office has long argued that the introduction of ID cards will deliver many business benefits, such as more efficient identity verification processes, less fraud, and more secure e-business transactions, and has maintained that it has been working closely with business leaders about how the technology should be used.

Speaking in her office at the newly formed Identity and Passport Service (IPS) earlier this year, Katherine Courtney, director of business development for the government’s ID card scheme, argued that while much of the coverage of ID cards has focused on the ability to tackle fraud and terrorism, it will also deliver such significant business benefits that “we will all be asking ourselves in 10 years’ time how we ever got along without them”.

Courtney added, “Because of the mobility of society and the development of the digital economy, people are leading more complicated lives and want to be able to conduct their personal administration more easily and out of office hours. These changing social trends mean that the capability to prove your identity is vital and this scheme will deliver the enabling technology [to do that].”

The Home Office is talking to public-sector bodies, such as the police and the NHS, and private firms, including banks, retailers, e-businesses and other large employers, about how they could use ID cards. The theory is that if everyone has a national identity card that can be checked against a central register containing biometric and personal details, tapping in a personal PIN code or undergoing a biometric scan will quickly replace the need to photocopy utility bills or show a passport for tasks such as enrolling for a doctor or applying for a loan.

Perhaps unsurprisingly, firms have broadly welcomed plans that the Home Office estimates will save the private sector £425m a year through streamlined identity verification processes and reduced exposure to fraud. In fact, these benefits could prove so significant that organisations will offer incentives for customers to have cards, according to Ed Schaffner, director of enterprise security at IT supplier Unisys – one of the companies likely to bid for part of the Home Office contract…

“The cost of identity fraud is built into the cost of any service,” Schaffner said. “So businesses and banks can say that if you use this card to verify your ID you can have a discount.”

A spokesman for one bank also said identity cards could make it easier it to serve disenfranchised sections of society, such as migratory workers and students, who are less likely to have currently accepted forms of identity proof such as utility bills and passports.

Another way the Home Office hopes the cards will deliver significant benefits for businesses and consumers is by enhancing the security of online transactions. The Home Office argues that asking customers for an ID card number and PIN code that can verify identity against a national register would give organisations a more secure means of identifying online users.

It is a technique already used in Belgium, where 2.5 million people currently hold electronic ID cards and government agencies and banks are using information on the cards to authorise online access to their services. Chatrooms have also started to use ID card checks to ensure age limits are enforced.

In future, attaching card readers and fingerprint scanners, such as those already found on some laptops, to PCs could further strengthen security. If the technology proves as secure as the Home Office promises, retailers and banks would be able to authorise far larger online transactions than at present.

Like many observers, Jeremy Beale, head of e-business at the CBI, has concerns about the technical challenges the scheme will face, but he also argues that a working system could bring huge benefits. “ID cards are not so much a disruptive technology as a stabilising one,” he said. “Firms have been saying for years that they want a single secure standard for online identity verification, and if the government manages to deliver it there could be huge benefits for online commerce.”

But Davies added that despite these potential benefits the government has not been doing enough to form a partnership with industry and technology suppliers to develop a workable ID card system, and it is therefore time for business leaders to take a more proactive role. He argued that management of the scheme should be taken from the Home Office and handed to the Treasury and the Department of Trade and Industry (DTI). “Industry has been left high and dry [by the government’s failure to make its plans clear], and the DTI should be able to rebuild trust with industry,” he said.

Alan Rodger of analyst firm Butler Group said there is a growing belief among some identity management experts that the government should leave the scheme to the private sector. “There is a feeling from some that we should let the market sort it out,” he said. “It would allow the problem [of securing individuals’ identities] to be tackled without the need for huge public investment.”

Separately, Davies argued that now some senior civil servants have expressed fears that the project is likely to fail, the government ought to publish all its reports on the feasibility of the scheme. “It is now all about trust,” Davies added. “The government has to restore some faith in the project.”

Simon, who has been a relentless and towering force in the privacy movement, responded to his critics as follows:

It’s important to recognise that context can be lost in any media report. In this case the quotes are accurate, though of course not complete. I’ve made similar remarks to conferences over the past six months, and for good reason. While it would have been nice to have seen the full conversation published, we all know that’s not the way media does its business.

I doubt that anyone who has followed the UK ID card debate, or indeed the debates in other countries, would have any doubt about where I stand on identity. My views are well known, mainly because government has made a point of repeatedly expressing them in public. I don’t resile from anything I’ve everr done or said on the subject.

As for these particular remarks, I will clarify the position.

1. You will know through the recent leaked emails that it is government, rather than Privacy International, that has lost the plot over the ID card. The Home Office is in disarray and Treasury wants it scrapped or severely limited;

2. You’ll also know from the leaked Market Soundings report that industry no longer supports the goverrnment’s scheme. I’ve know that for more than a year. Industry wants a manageable project that has a light structure and that carries public trust;

3. Into this context comes the idea that industry wanting to pursue the “right” approach (no compulsion, no central register etc) now have the opportunity to do so. Companies like EDS will always support the government line. Others are moving quickly to establish an alternative position.

4. The idea of the “White Knight Consortium” has been around since mid 2005, when it was first discussed at an industry-wide meeting of the Enterprise Privacy Group. I supported the idea then because it seemed the best way to derail the government approach.

I don’t see any need to defend myself, other than to observe how odd it feels to be hailed one day as the master strategist behind the ill-fortunes of the scheme, and the next to be condemned as a guy who lost the plot.

The “plot” is something I have well and truly in mind, and maybe you just need to reflect a little more on what I’m supporting and why I’m supporting it, rather than lashing out. Strategy and tactics on an issue like this are long term game-plans.

I've met Simon – in fact he's a privacy mentor for me.  It's true he's put a few noses out of joint over the last couple of decades.  No wonder – he was so far ahead of the rest of us in his thinking.  Talk to him for two minutes and you can see that he has worked with these issues for a long time, and understands them in a many-sided way.

Incredibly, in 1994, when people like me didn't yet have a clue we might encounter privacy issues with digital technology, he had already written Touching Big Brother – How biometric technology will fuse flesh and machine.   I don't throw out the word visionary lightly, but read this article and wonder.

Through his work at the London School of Economics he has spent a lot of time talking with cryptographers and computer scientists to understand what can actually be done to replace current systems with ones which really are privacy enhancing.  After all, does anyone think the current situation represents a Nirvanna?  Not me – I've seen too many of the existing systems.

It's true that through unlikely initiatives such as the proposed UK Identity Card system, replete with panopticon observation post and massive centralized database, the handling of our personal information and threat to our privacy could actually get worse than it currently is.  But I don't think this type of initiative will succeed – it's like building a sixty-foot man.

So, surely, it is just as possible that we can take advantage of the increased awareness around these issues – and the amazing new technological possibilities that have emerged in the last few years – to allow government and business to become more secure and more privacy enhancing than they currently are.

Given the proper adult supervision by privacy advocates and policy experts, industry could, as Simon says, bring to life alternatives to the Dr. No blueprints that have emerged so far. 

It may still be hard to imagine a national (or international) conversation that includes notions like “directional identity”, but I think it will come.  Governments will inevitably see that the way to best strengthen their own security is to build strong social consensus by protecting the privacy of citizens at the same time they look after the interests of the state.

As always, the key here is “User Control and Consent”.  Citizens have to want to use the system.  Close behind are “Minimal Disclosure” and “Directed Identifiers” and all the other Laws of Identity.  Any successful ID card will have to be more attractive than the status quo – proving it is a step forward, not backward, and winning support.


Kim Cameron too prolific a blogger?

Ted Howard, who also works at Microsoft, wrote about me recently – I'm tucked in between posts on how much he hates Southwest Airlines, how much he hates Spokane, and how much he hates presidential signing statements.  I hope there's no pattern here.

Kim Cameron is way, way too prolific of a blogger. I don't see how he can possibly find the time to read all the blogs he reads, write all the posts he posts, and still do his job as an architect.

I wonder if he just has a technology assistance team like BillG that is posting to his blog. Maybe if I had confidence about the identity of the real-world entity publishing entries on his blog, then I would know.

If you want to be overloaded with highbrow thoughts and debates on identity, head over to Kim's blog.

That's pretty funny.  Truth is, I have a bunch of friends who send me links to posts I should read, and I make time to read them.  When I've finished, I have a pretty good handle on what's happening.   

So my “technology assistance team” comes from across the industry, which has really expanded my thinking. 

But I'd prefer to call them a blogging community.  And I try to channel this back to this community.

I'd put Ted's question about how I find time to blog and do my job as an architect somewhat differently than he does.  There are all kinds of architects, who contribute in all kinds of ways.  But to me the most important thing an architect can do is see very clearly what needs to be built.  It's not that hard to come up with an idea that could be built.  But I'm talking about something different:  what needs to be built depends on understanding the objective factors that allow you to tap into some kind of historical inevitability.  That's a high bar, but when you are talking about hundreds or thousands of person years, you need a high bar.

I don't think you reach this bar by cutting yourself off and meditating – as healthy as meditation may be.  Nor do I think you do it by working on technical minutae from morning to night – even if I might find that more relaxing. 

You have to “get out” and see what's happening.  You have to put your ear to the ground.  You have to feel the pulse of the world. 

For me the blogosphere is “essence of pulse”.  It makes me question everything.  What I've done right;  what I've done wrong.  What I've just assumed was true, or assumed that others thought. 

If you look at Cardspace and Information Cards, my work on the laws of identity was effectively architectural work on the principles of the design, even though it was done in the blogosphere. 

Identity represents a central problem of computer science – a complex problem which doesn't have a simple “algorithmic” solution.  To understand it deeply, you need to understand every side of it.  You need to “integrate the tangents”.  What better way than to share your thinking widely and have others help you figure out what is wrong and missing – both from your theory or your presentation.

So there you go – more highbrow thoughts, I fear.  Of course, let me point out one more time that I'm happy for this blog to be “the hair on the end of the long tail”.  I couldn't help thinking it was a clerical error when CNET named it one of the top 100 technology blogs.  Identityblog is super specialized.  So one man's highbrow might be another's Iggy Pop.  To me they're the same thing, and furthermore, I don't really care.  I just do my thing.


Yes or No?

Ben Laurie of Google writes that something important was left unsaid in the recent discussion of federation and large Internet properties:

The end result of the blog deathmatch between me, Kim, Eric and Dick was a deathly silence on what I consider to be the core issue.

OK, its nice that Microsoft are developing identity management software that might not suck (but remember, it still doesn’t satisfy my Laws of Identity) but the question that’s being posed about Google applies equally to Microsoft, and, indeed, anyone else with an identity silo.

So, here’s the question: is Microsoft going to accept third party authentication for access to Microsoft properties?

How about it, Kim?

OK.  The answer to your question is “yes”.  Windows Live ID is going to accept third party authentication for access to Microsoft properties.

Let me quote from the Windows Live ID Whitepaper.  It seems like I gave the wrong link before, so I've checked that this one works.  I've also copied the paper onto my blog as I always do so my links will be permanent.  The original appears here.  The quote below is one of several places where these issues are discussed in the paper, so it's probably worth checking out the whole paper (about 8 pages).

How Does Windows Live ID Participate in the Identity Metasystem and Work with “InfoCard”?

Microsoft is working with others in the industry to create an identity metasystem that brings existing and future identity providers into a connected identity ecosystem and empowers end users to control the use of their identities. The Windows Live ID service will participate in the identity metasystem as one identity provider among many, able to accept claims from other identity providers and transform them so they can be used within Microsoft online services. This participation will include acceptance of self-issued and managed “InfoCards.” It will thus provide full support for the “InfoCard” identity model.

Roles of the Windows Live ID Service in the Identity Metasystem

Microsoft has published its vision of a universal identity solution that is inclusive of a plurality of identity operators and technologies—the identity metasystem. In such a metasystem, identity providers, relying parties, and subjects can select, request, transfer, transform, and consume identities through a suite of well-defined and open Web Services (WS-*) protocols. Microsoft is working to implement components of the identity metasystem, as are many other companies in the industry. As a result, various building blocks for the metasystem are being developed. Some of these components will be delivered to end users in the form of software installed and running locally on their computers and devices, while others will be online services.

The design philosophy of the identity metasystem is not to replace the existing identity systems in use today, but instead to bring these existing systems together by enabling interoperation among subjects, relying parties, and identity providers through industry standard protocols. The Windows Live ID service will participate in the identity metasystem as a “managed” identity provider already at Internet scale. Windows Live ID will bring a large base of end users and relying parties to the metasystem, taking us one step closer to Internet-wide identity federation and doing our part to help the industry move beyond the “walled garden” paradigm.

The Windows Live ID service will play several essential roles that are strategic for Microsoft. The service:

  • Is an Internet-scale identity provider intended primarily for users of Microsoft online services, which are all relying parties of the Windows Live ID service.
  • Is open and issues claims in a form that can be consumed by any relying party, any device, and any other trusted identity authority.
  • Serves Microsoft online services as a “claims transformer,” allowing those services to accept identities issued by third-parties. Third-party identity providers include other Internet service providers and managed-identity providers, such as the planned Active Directory Security Token Service (STS).
  • Will be the identity provider and federating authority for third party services and software built on top of the Microsoft online services platform

So now some other questions remain.  Who can federate with Windows Live ID and what are the conditions?  What will the business model be?  What services will people want to use that cause them to seek to federate? 

So don't take me as sounding glib.  There are lots of important issues that the Windows Live ID folks are still thinking about.

Meanwhile your comment that “its nice that Microsoft are developing identity management software that might not suck” is one of the nicest things anyone has ever said to me, and I'll treasure it.