Why would we not just call administrative identity exactly that? Why wouldn't we say trust framework for systems instead of the more evocative "trust framework?"We all know this stuff and also the implications of big data and surveillance etc. But still it feels to me that the language of identity has not sufficiently adapted to take all that into account.The question I had been asking myself is what is it about how technology evolved after 2005 that we didn't expect? Would the Laws have been written differently if we had known? Would we now write them differently? Or construct a different glossary? And what can we do to get the conversation back on track. Because those Laws are sound. All of them. My first reaction to Doc's intro is that this is what he is seeking. I guess it is what I am seeking.This is to respond to Doc's kick-off of this particular thread. I am not meaning to ignore the intervening exchanges. I just don't understand them deeply enough to comment. Indeed, the underlying point of my notes below is that I keep getting tangled in the language and meaning of identity, reputation, credentials, trust, and even trust frameworks.First, thanks for reminding us of the Laws of Identity. I had not read the document in full. It was useful, if poignant, on many levels. I also found the IIW notes from Kim's keynote in April.
In April, Kim said he under-estimated the asymmetries of power between identity and relying parties when the Laws were initially put down. So true. But also that the variety of kinds of online transactions, and networks, and applications grew along with types of business models, e.g., free service funded via ad revenues. Then came the recognition that there is incredible value in all the data generated in such a context which was just too tempting to ignore.Then we could define identity and trust and reputation and other similarly rich terms for something other than a system letting us log in. Try to not commingle the administrative parts with the relational parts??In this realm we get into matters such as what understanding I have based on the point of the engagement with this application. E.g., I am just here to get a latte and all you need to know is that the card I give you is good. That's like administrative identity isn't it? As compared to I am here to interact with you to a meaningful end be it getting approved for a loan or getting a diagnosis and solution that match my problem.As a final thought, I experience IIWs as a mix of all of the above. And it does confuse me at times. I love the concepts of trust frameworks and credentials for example. I see them as something we build over time in relationships. I think it's powerful to be able to conduct more and more of that online. But it feels to me like those terms have been co-opted (and diminished) as administrative identity-related.LaVonne--On Tue, Jul 19, 2016 at 2:48 AM, Adrian Gropper < " target="_blank"> > wrote:Kevin,I know you say that we can have agreements with each supplier but that is not about technology. It's about law and I just can't believe we can enforce those kinds of agreements at intermet scale. Look at HIPAA. Here's a sector of the economy where we try to enforce privacy and security through non-technical means. Is this what you are calling for?HIPAA and an approach based on "agreements" leads to deep asymmetry in technology between institutions and individuals. If, as Lessig said, "Code is law.", then leads us directly to The Borg where all of technology down to your neural implants is controlled by institutions and none is controlled by self-sovereign beings.Adrian
On Tuesday, July 19, 2016, Kevin Cox < " target="_blank"> > wrote:Adrian,
You say"I can't imagine scaling the internet unless we hold all of our suppliers to this principle of identity minimization."This is a good principle but we have seen we cannot hold suppliers to it with laws and regulations and permissions on data. We need another approach.Instead of permissions on data let us have permissions on applications.We can have agreements with each supplier for each application that they will promise to only request the information they need for the application and only use it for that application. We can give them ways so they are confident we are telling the truth. We can make it easy for suppliers to keep their promises and we can find ways of finding out if they break their promises. We still can't stop them using our information in ways other than agreed but as a community, we can make their lives uncomfortable. We can provide them with systems that are lower cost than what they are doing at the moment - provided they keep their promises.KevinOn Tue, Jul 19, 2016 at 12:19 PM, Adrian Gropper < > wrote:Maybe I've been crippled by a decade of working on identity and protocols but I honestly don't understand almost any of this.Here's what I do think I understand:
- Most of my online relationships can be completely anonymous as long as folks respect the spirit of "do not track". This has nothing to do with identity. Anonymity would be further enhanced if I could tip anonymously with "cash" so I could pay those services for not tracking me and for APIs that don't suck my attention or force my bots to scrape them.
- Many of my online relationships can default to a FIDO-style pseudonym. I would like to pay those, in "cash" as above for doing FIDO. This also has nothing to do with identity.
- A precious few of my online relationships depend on my reputation. Social media, banks with KYC, pharmacies serving controlled substance prescriptions among them. As T.Rob point out, many of these just need an attribute associated with my reputation.
Any particular service relationship is going to be either 1, 2, or 3. Fair Information Practice and common sense says we should always work at the identity level of least privilege. Never use a Class 2 FIDO pseudonym when Class 1 will do. Never use Class 3 unless you have no choice due to monopoly and treat the need for Class 3 as a risk and a cost to your privacy.
I can't imagine scaling the internet unless we hold all of our suppliers to this principle of identity minimization.
Adrian
On Mon, Jul 18, 2016 at 3:23 PM, Kevin Cox < > wrote:Thanks Doc for explaining it so well.One critique and fear about the "downgrading" of ownership is that everything becomes community property. Community property is still ownership so it does not solve the problem; just makes it worse. A better way to think about it is custodianship. We become custodians, not owners. As custodians, we have a responsibility to the thing over which we have custody and in turn, it may "promise" to provide us with something in return. So as shareholders in a Company we make a promise to the Company to make sure it is governed well and in return, it provides a return on our investment. Companies work because the Company makes promises and while ever enough of the shareholders and other parties in the company collectively follow through on their promises others can deal with the Company as though it is a stable single entity. Thinking of things this way does not diminish the benefits of buying shares; in fact, it makes the shareholder promises more likely to be kept.With electronic identities (which are administrative identities) we promise to look after and protect our electronic identities. When we make a connection with another identity the other identity makes a promise to look after itself. We mutually agree that it is in our best interests for both of us to protect the connection and the identity of the other. This means the building blocks of administrative identities can be the connections we make with other individual identities. We have greater trust in an identity that has many other active connections. If we now think of a connection as being to a thing, we now have even more connections we can use to confirm our identity. For example, our devices, our houses, our fridges. (I like the idea that you prove your identity by getting people to ask your fridge:).Why this has a lower cost is explained by Burgess in his book "In Search of Certainty: The Science of our Infrastructure". Trying to protect an individual electronic identity proves to be expensive. It is lower cost (effort) to protect a pair of identities because a mutual promise has to be broken. We can only promise that the pair as a single unit is protected because we have no control over the other party. However, our building block of a connection is more likely than not to hold. This enables us to scale identity because it is lower cost (effort) to protect pairs than to protect single identities.Kevin--On Tue, Jul 19, 2016 at 1:36 AM, Doc Searls < > wrote:I’m breaking this off to a new thread, because what Kevin is trying to get at in the last thread is important stuff we’re still not talking about. Here’s his gist:
> Electronic Identity is a Commons. It does not exist until entities mutually recognise other entities. Our electronic identities are made up of sets of peer to peer mutual identifications. This is a Commons. We can manage the Identity Commons cooperatively without resorting to restrictions caused by ownership of our electronic identities.
>
> What applies to Identity applies to all other transmitted data. Ownership of data is expensive to enforce. Ownership allows the owner to restrict access. But, as soon as we transmit data, ownership enforcement costs a lot. Instead of restricting access through ownership what we can do is to restrict access through agreement. We can do this through principles we have worked out for regulating other commons.
This is a deep and essential challenge to assumptions on which we build both our concepts of identity, and our identity systems, whether we are “providers” or individuals trying to operate as sovereign entities. It also points toward solutions. But those solutions lie outside the conceptual frameworks in which we remain trapped.
Just as nearly all of us can easily see the commons as tragic when it doesn’t have to be (a topic in the prior thread), we also easily see identity as both personal and owned. In fact we can’t help it, because we think and speak of identities with possessive pronouns: “their,” “theirs,” “our,” “ours,” “my” and “mine.”
Think about it: possession isn’t “nine tenths of the law,” it’s ten tenths of the three-year-old. She can yell “It’s mine!” because she has opposable thumbs, and because she thinks and talks metaphorically, as do we all.
Hands provide us with essential metaphors. We grasp ideas, throw them around, and catch their drifts. We hold on to beliefs, or throw them away. We say lives are “full,” “empty,” “hollow” or “overflowing.” We get “into” and “out of” situations. We are “captured” by beliefs, and “escape” them as well. None of those may be true in a purely physical sense, but we are physical beings with bodies operating in the physical world, and that’s where we get our concepts, metaphors and languages.
Note that in the last sentence I used the verb “get,” which means to obtain. <http://www.merriam-webster.com/dictionary/get>. Try to separate that one from possession.
Prepositions locate the subjects and objects of the sentences we put together. They require that we think, believe, act and describe in terms of locations — and types of locations, such as containers and conduits <http://www.reddyworks.com/reddy-writes/the-conduit-metaphor/133-evidence-for-the-conduit-metaphor?showall=&start=1>.
There are only a few dozen prepositions in English. Here’s the Wikipedia list: <https://en.wikipedia.org/wiki/List_of_English_prepositions>. All require that we locate.
Lots of words also require prepositions. Here are some of those: <http://ontariotraining.net/wp-content/uploads/2014/12/Tip-Sheet-Prepositions.png>.
My point here is that we can’t help thinking and talking in terms of possession and ownership. So, naturally, we think, talk, and feel about our identities as things we own and control.
And yet it should help us to realize as well that we use our identities, and our identifiers, in contexts — and that the contexts we use may have no location, no container, no conduit. Such is the case with the Internet.
The other day I participated in a Skype session that involved people in Canada, Australia, Scotland and the U.S. Though we were “on” the “call,” it had no location. Though we saw each other and talked “through” or “over” the Net, by design the Net eliminates the need to conceive what happens there in terms of locations, containers or conduits, even though at a technical level all three are involved. (This is why we have “pipes” through which “packets” of data are “sent,” “routed” and “received,” as if all of it were a container cargo system, which in a way it is.) Yet we can’t help thinking there is a “there” there.
In the physical world it is easy to constrain contexts. Sound and light fades over distance. No two things can be in the same place at the same time. The networked world, however, challenges nearly all prepositions and possessive pronouns.
But we can meet that challenge.
Here is one way we can make full sense of what Kevin says, in both the physical world we know too well and the virtual world we’ve barely begun to understand (even though we’ve already made it): we tend to deal with each other on a need-to-know basis. Let’s call it NTK.
Think about walking down a busy sidewalk. Or sitting in a crowded bus. Or standing in a crowded store. There is no need in any of those places for any one of our names to be known to anyone else, except when that name is required. And even then it can be a pseudonym. The name you give a barista at a coffee shop doesn’t need to be yours. It just needs to be the name they call when your drink is ready. NTK is the social protocol that applies in all those ases.
Identifiers are social tokens that comply with the NTK protocol. And, in most cases, those tokens only need to be shared with one other party. And, if that party is a system instead of a human being, it can obey Kim Cameron’s Laws of Identity <http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf>. Here are the first three of those, which I believe are also the most important:
1) User control and consent
2) Minimal disclosure for a constrained use
3) Justifiable parties
On the Internet, all three of those are wantonly disregarded and violated by countless parties we depend on, including the largest “identity providers.” (Note: they don’t provide identities, but rather administrative identifiers.) The sovereign and private nature of individual human beings inconveniences those systems, to say the least. Even Apple, which is breaking from the pack with its approach to privacy<http://apple.com/privacy>, remains a royally f’d up provider of administrative identities: <https://duckduckgo.com/?q=apple+IDs+are+fucked+up>.
As the status quo stands today, we can no more depend on Google, Facebook and Apple to change what they do with identity than we can ask the Moon to move to Mars. Asking governments to solve our identity problems will inevitably require them to think, argue, legislate and regulate within the conceptual frameworks that produced those problems in the first place.
Our identity problems can only be solved at the most local scale: with (and by) each of us, interacting with each other, on a need-to-know basis. That’s what Kevin proposes here.
I submit that what he proposes is (or could be) consistent with what Devon and others say about sovereign source identity and what Adrian says about personal authorization servers. All employ NTK principles that are well understood already in the physical world.
Creating identity solutions that start with each of us is also what IIW <http://iiworkshop.org> has always been about, and why, if you want to work on those solutions, IIW is still the best (un)conference for doing exactly that.
Finally, if we do solve those problems, VRM becomes a lot easier to make happen.
DocContact 0413961090--Contact 0413961090
Archive powered by MHonArc 2.6.19.