Great discussion on identity theft and authentication

Everyone needs to go here to read this interchange between Bob Blakely and Carl Ellison on authentication, authorization and identity theft.

Bob Blakely is Chief Scientist at IBM Tivoli in the security area and a stellar presence.  And Carl Ellison has long been a powerful and original force in the “speaks for” theory that now shapes the claims-based world – a key inventor of SDSI and SPKI.

NetworkWorldFusion from the Kearns Laboratory

NetworkWorldFusion&#39s piece on the laws of identity really sent me for a loop since it started with:

If Kim Cameron, Microsoft&#39s architect of directory services, had been a physicist, there might be one or two fewer buildings in Redmond today, and more holes in the ground – or maybe the world would be a lot better off.

I had to meditate to get past this paragraph.

Whoa… that must be Dave Kearns… and the man really does know how to write – with a sardonic wit that I enjoy. Let&#39s just say that his virtual quill has a point on it.

He startled me again with the idea that I want to be the Asimov of Identity, bequeathing laws similar to the Laws of Robotics. I had been thinking of myself as more of a Newton action figure. It sure would be nice if going forward, when someone proposes some goofy invasive scenario, we could just say, “Uh uh uh… Don&#39t even bother because it violates Identity Law Number 4. Here&#39s the URL so you can figure it out yourself next time.”

Dave says the laws “seem like simple truths that any application or service which purports to handle identity management should follow.” And I agree. Too bad so few have done so to date.

The only bad news here is that we have seven laws rather than three. But they&#39re very small laws. So they should take no more space in the brain than three large laws. Anyway, maybe by the time they get through Craig&#39s Crockpot we can “reduce them”.

Dave characterizes me as “organizationally challenged” in terms of my blog, and warns how hard it has been to follow the laws on my site. I have added the “recap of the laws” to the right so people can drop in and out as time permits. I&#39m really a server geek and don&#39t know much about html, so I hope people will be gentle with me as I figure this stuff out.

On blogging

I got a gentle mocking from Eric Norlin today:
so it seems your blog made both the digital id world and network world email newsletters in the same week….which, as far as i know, has never happened before and probably qualifies you for some sort of superstar blog status 😉
ps: i like the 4th law.

Imagine unsuspecting readers who fall upon this site. I mean, it has to qualify as one of the more esoteric blogs going. Or maybe not. I don&#39t know any more. The experience of blogging makes you challenge a lot of assumptions. Which reminds me…

I really want to express my gratitude to the people who invented this whole blog thing, I know Dave Winer was a key guy. I want to find out more about what went on in the first blog days.

Funny thing is, although I really liked Dave Winer when Doc introduced me, it turns out I didn&#39t have a clue about what he had really done. It was sort of like meeting Bob Dylan at dinner but never having heard him sing. “Oh, you&#39re a singer – how interesting.”

I say that because I now realize you have to blog to understand blogging and I hadn&#39t. In my case, at least, reading blogs was interesting enough and increased my level of information – but I saw nothing “revolutionizing” about it.

Yet writing a blog is profoundly affecting my thinking – and I&#39ve only done it for a few weeks. I get a lot of feedback and input. And it&#39s input of diverse kinds. Technologies that transform and help us evolve our thinking are truly precious and rare. Blogging is also transforming my relationships with people. I am awed by what its inventors have accomplished. This in turn underlines one more time how superficial and stupid insipid comments about “the end of innovation” really are.

I followed a link recently to a piece on “Alpha Bloggers”. I guess I shouldn&#39t be surprised that blogging is presented as a means to fame and glamour rather than “a means of consciousness”. Too bad.

I&#39ve been working on identity matters since the 1980’s. And I&#39ve thought of myself as a member of a community of thinkers that extended across many different companies and institutions since the early days of electronic mail. I&#39ve grown with that community – learning, sometimes leading, and occasionally being thrown into bizarre opportunities to change what&#39s up. My friends have often been my competitors, and I&#39ve been happy and grateful every time they have made an innovation. As competitors we create each others’ opportunities as whole new technologies become more highly valued.

In the past the community I am referring to has been an abstract thing. But I can see now that a person&#39s blog is written for their community – and, to a certain extent, at least in terms of subject matter, by its members. It is a reification (in the sense of making something abstract into a ‘thing’) of the ‘other’ with whom you communicate.


Relational identity

A picture named image002.gif

Model and terminology

Carl Ellison’s use of a notation to capture the relativistic aspects of identity reminded me of a paper I wrote a couple of years ago that went very much along the same lines.

I presented it to my friend David Vaskevitch, who is a CTO at Microsoft. He liked and understood the ideas, but made a great number of quite funny jokes at my expense about my introduction of greek symbols into the conversation.

A few months later we had a meeting with Bill Gates where Bill, as is typical of him, began to drill deeply into our technology proposals. Within minutes he was posing questions which were related precisely to the problem of identity and “relativity”. Someone piped up that we needed Kim’s greek equations. I said that David had made me throw them out. Bill said, “Why did he do that – I love equations.” And so on we forged!

I think Carl’s use of English language characters may be a big step forward. But here is how I put it at the time:


The problem of representing people digitally is sufficiently complicated that we require a model and terminology in order to describe and solve it. The model in Figure 1 decomposes the problem into three components of representation.

·Alpha (the first in a series) is the object’s representation of itself – for example, a person’s representation of himself.

·Theta ( somewhere in the middle of a series) is the representation of the object by a third party, derived at least in part from an alpha, but not conclusive.

·Omega (the last in a series) is the representation selected by an observer. This is based on zero or more alphas and zero or more thetas, and may be persisted as a new theta that can be consumed in constructing other omegas


The model can be expressed symbolically as Omega = Phi (Alpha, Theta), where Phi () is some function of alpha and theta where either alpha or theta can be null. A given phi is one of a set of many possible functions, most of which have conventionally been performed manually using organizational policies.

For the masochistically inclined, I have posted some more of this document here (link lost – Kim)  – with greek characters that actually work.

Good news from Carl

Meanwhile, Carl’s response to yesterday’s posting means we are converging some more:


You’re right, Kim. I was talking about O’s view of P rather than P’s view of P (which is as close as I can get to P’s real identity). I hadn’t been thinking of a person who selects different views of him- or her-self to disclose to different people or in different situations. That’s something some people do  (I know – almost everybody) so we had better pay attention to it and its effects.


Carl Ellison Blogging

Carl Ellison, who is a really interesting person from security space, has started to blog. I&#39ve already done some identity interviews with him, and I&#39ll be posting those when I get to the laws to which they pertain. For years Carl worked at Intel. Amongst many other contributions, he was one of the inventors of SPKI (Simple Public Key Infrastructure) – a technology we&#39ll be looking at going forward. Carl now works at Microsoft.

Carl&#39s first comment on the Laws was that the First Law is really a law of privacy, not identity. I disagree – here&#39s why.

To think about identity, you have to think about a system of identity. There really can be no identity outside of the system through which it is defined. The Laws of Identity are – in my view – the laws that make a sustainable system possible. And the Law of Control defines the most fundamental of those requirements. It is true that the effect of the Law of Control is to allow the parties to an identity relationship to achieve privacy. But it is a law of identity just the same.

In a recent post Carl attempts a rigorous definition of identity that is in line with the thinking of SPKI:

I define the identity of person P as being a function not I(P) but rather I(P,O,t) – the identity of P from the point of view of observer O at time t.

This relies on one of the definitions of identity: “The quality or condition of being the same as something else.”

In particular, in this case, the two things that are to be established as the same are:

1. characteristics C about P that O observes at time t


2. O&#39s memories M at time t of P (built over a period of time)

These two sets of information are not matched exactly. O may remember P at an earlier time before P&#39s hair turned white and that characteristic is not to be observed again.

Rather, those two sets of information are compared to find matches and non-matches. As long as the matches constitute enough entropy to rule out all other P’ in the world, then O can conclude that s/he knows the identity of P — assuming the non-matches do not rule out P.

So, if set-intersect(C,M) has enough entropy to specify P uniquely over the entire universe and set-intersect(C,anti(M)) is empty (or can be discounted), then identity has been established. [I&#39m not completely comfortable with the handling of anti(M) and welcome refinements, while I keep thinking about how to fix this formulation.]

This is great thinking. I really like his understanding of the role of memory, the use of a notation for viewpoint and the concept of an intersection set. But there is a flaw – which I hope is just terminology. I(P,O,t) is not the Identity of P, but rather O&#39s view of the identity of P. P emits an identity (and is capable of releasing more than one), and O views it, evaluates it, remembers it We need to separate the perception of something from the thing itself. The finger pointing at the moon is not the moon.

Carl has spent a long time trying to show people what to him is obvious: that O&#39s view of P is what matters to O (as opposed to the assertions of traditional PKI). But let&#39s not dismiss the role of the subject in selecting her identity and choosing what to reveal – which is equally important to the system as a whole. You cannot deal with half of this question. Oh yeah: I call the set-intersect (C,M) “recognition”.

All the news that's fit to print…

Scott Mace has posted his interview with Owen Davis, President of Identity Commons.

I found a new page that lists all of Scott Mace&#39s interviews in the “Opening Move” series – including those done at the 2004 Digital ID World Conference. Speaking of which, IT Conversations is supposed to be posting all the presentations from the Digital ID World Conference – but only one session seems to be up so far.

James Governor wins “most passionate feedback” award with this endorsement (I think it&#39s an endorsement) of the Second Law:

rogue elements? the bloody Corporations are rogue elements. they have to start taking responsibility for their identity bulemia. they swallow all this information and then go puke it out afterwards. the fraud happens in the toilet bowl. if they didnt stuff themselves with information they have no *right* to ask for, and certainly not to insist on, then fraud and identity theft would be way harder. rogue elements? rogue elephants more like.

Jamie Lewis is coming back on the air real soon now. That will be fun. Unfortunately his day job has been getting to him.

Interview with Mike Foley on Bluetooth

To help me frame the Laws of Identity in a practical way, I took on a scenario presented to me by Eric Norlin and began to drill into it to expose the technology issues it presented in terms of identity. Part of this scenario involved using a bluetooth connection between a Polycomm and a Bluetooth phone.

I knew virtually nothing about Bluetooth at that point, and so had to learn. I studied the Bluetooth web site, and then approached Noel Anderson, a Program Manager in Networking at Microsoft. He was kind enough to give me an introductory tutorial about Bluetooth identity issues which I recorded as an Identity Interview with Noel Anderson. I found Noel fascinating, and Craig Burton thought our discussion was interesting enough to transcribe some of it: In particular, I thought Noel&#39s example of an “identity bomb” taught us a lot about the underlying technology issues:

When we were writing the paper we wanted to catch attention so we came up with the idea of the Bluetooth bomb. Every Bluetooth device has a 48—bit unique ID number, which is possible to either query for directly or in a broadcast mode. So we came up with the concept of a low power Bluetooth device which was attached to a weapon that was querying for a particular device ID so that when the target cell phone or PDA or another Bluetooth device came into range it would activate the [bomb] device.

Noel told me that things were being done to fix the protocols. But I was initially more interested in Bluetooth as an example of how privacy issues affect identity, and didn&#39t immediately tune into the details of the fixes.

Then Mike Foley, who is the organizer of the special interest group that is fixing these problems, contacted me. I offered to interview him so everyone could learn about what his organization was doing. As he began to tell me about the work that is going on to fix the identity problems, I was not only relieved, but amazed at how the fixes themselves demonstrated the dynamics of the Laws of Identity hard at work. Bluetooth having been out of conformance with the Laws, concerns about the marketplace motivated its technologists to fix the technology.

When Mike talks about the water that has flowed under the bridge of privacy since Bluetooth was first envisaged in the late 1990s, you really get a feeling for how there are objective factors shaping the emergence of identity technology. And his discussion of how identifiers work (in conjunction with what we learned from Noel) teaches us a lot about the relationship between identifiers and privacy.

So here&#39s the Identity Interview with Mike Foley as an mp3 (22 minutes). It&#39s really fun when we are talking about the Fourth Law of Identity… Mike also invites those of us who are serious about identity to join the SIG.

By the way, I plan to publish a series of Identity Interviews to accompany the blog, so this will become a regular feature.

Organizations get the IT they deserve…

Phil Windley (who dares to venture forth with the brave slogan “Organizations get the IT they deserve...”) has done an interesting posting on the first three laws plus a law of symmetry. I was heartened that he really got what I was trying to say about objective dynamics and the requirements of the universal identity system.

I&#39m going to leave the great questions he poses for later in this discussion for fear of running off madly in all directions at once.

Soon come: Interview with Mike Foey

I got together recently with Mike Foley of the Bluetooth Special Interest Group to talk about changes currently being proposed to the core Bluetooth protocol – changes which will enhance it in terms of privacy. Mike also told me about the process for making further enhancements over the next few years.

I recorded the discussion so others could share what I was learning. I was fascinated to hear Mike talk concretely about how the understanding of privacy requirements has changed since the early days of Bluetooth. I really believe Bluetooth is a crucible for the industry in this sense – we are seing the same evolution in many other areas, minus – perhaps – the urgency. We also discuss the Fourth Law of Identity and Mike is not only interested but I think understands it deeply because of the wide experience of his consortium.

I should have all this ready to post tomorrow – and hope everyone (including a certain DK) will take a listen. I found the whole thing very energizing.