The Life and Limb Problem

I had earlier written about the three problems with using biometrics as authenticators:
  • The Technology Problem
  • The Social Acceptability Problem
  • The Clonability Problem
I'm adding one more:
  • The Life and Limb Problem
This problem with biometrics became clear to me with a report by Jonathan Kent, Malaysia car thieves steal finger, on the BBC News. The problem with some (not all) biometric metrics is that we are measuring some aspect of a body part that is not (painlessly) detachable from the rest of the body. When identity theft is to be commited on systems with biometric locks, physical violence is a very real and possibly easiest option for the criminals.

The Life and Limb Problem

I had earlier written about the three problems with using biometrics as authenticators:
  • The Technology Problem
  • The Social Acceptability Problem
  • The Clonability Problem
I'm adding one more:
  • The Life and Limb Problem
This problem with biometrics became clear to me with a report by Jonathan Kent, Malaysia car thieves steal finger, on the BBC News. The problem with some (not all) biometric metrics is that we are measuring some aspect of a body part that is not (painlessly) detachable from the rest of the body. When identity theft is to be commited on systems with biometric locks, physical violence is a very real and possibly easiest option for the criminals.

Why I’m Passionate About Digital Identity

I drafted this piece a while ago in response to Johannes Ernst’s post Where have all the visionaries gone?. Initially, I thought it was a bit over-the-top for this blog; but upon reflection, touchy-feely might be just what we need...

The future I see is a world of real choices. Every possible “thing” can be connected to every other “thing”. Things organize to help us live more simply, if we choose. Or we can choose to observe the full complexities of a fully wireless, connected world that we can barely imaging today. Just like the forest – we can see it as an elegant entity, or a very complex ecosystem.

But yet we maintain a level of privacy greater than most of us know today. (None of these blunt identity devices like RFID’s in passports.)

The descendants of AI agents (that we used to tinker with in grad schools) help us to manage just about every aspect of our lives from our calendars, to our groceries, to our health, to our social lives... if we choose. And these are our agents, if we choose – or perhaps Google might provide them to us in exchange for being able to study our habits – and again, it is our choice.

Things that are potentially criminal cannot be carried out with anonymous identity, so crime is low. Things that are harmless to others can be carried out with full anonymity. (Yes, I realize the interesting debates, as always, will be around what should be criminal.)

My ideal future fuses the utopia of security, privacy, and choice. As a society, the trade-offs we make between security and freedom are real ones, not Hobson’s choices; and as individuals, we have the freedom to choose which society we want to live in.

The required work week is tending towards zero (because machines keep improving productivity), but we soldier on because we have hopes that go beyond survival and our current state of existence.

(And, oh yes, no hunger, wars, plagues.)

But, today, we don’t yet have the constructs to support this connected world. Our identity systems today are grossly inadequate. And identity systems need to be at the core of this future world. So, we think, we design, we build, we write. Hopefully, some of the efforts of our digital identity community ends up in the foundation of that future society. I fully expect so. Call me a dreamer.

Why I’m Passionate About Digital Identity

I drafted this piece a while ago in response to Johannes Ernst’s post Where have all the visionaries gone?. Initially, I thought it was a bit over-the-top for this blog; but upon reflection, touchy-feely might be just what we need...

The future I see is a world of real choices. Every possible “thing” can be connected to every other “thing”. Things organize to help us live more simply, if we choose. Or we can choose to observe the full complexities of a fully wireless, connected world that we can barely imaging today. Just like the forest – we can see it as an elegant entity, or a very complex ecosystem.

But yet we maintain a level of privacy greater than most of us know today. (None of these blunt identity devices like RFID’s in passports.)

The descendants of AI agents (that we used to tinker with in grad schools) help us to manage just about every aspect of our lives from our calendars, to our groceries, to our health, to our social lives... if we choose. And these are our agents, if we choose – or perhaps Google might provide them to us in exchange for being able to study our habits – and again, it is our choice.

Things that are potentially criminal cannot be carried out with anonymous identity, so crime is low. Things that are harmless to others can be carried out with full anonymity. (Yes, I realize the interesting debates, as always, will be around what should be criminal.)

My ideal future fuses the utopia of security, privacy, and choice. As a society, the trade-offs we make between security and freedom are real ones, not Hobson’s choices; and as individuals, we have the freedom to choose which society we want to live in.

The required work week is tending towards zero (because machines keep improving productivity), but we soldier on because we have hopes that go beyond survival and our current state of existence.

(And, oh yes, no hunger, wars, plagues.)

But, today, we don’t yet have the constructs to support this connected world. Our identity systems today are grossly inadequate. And identity systems need to be at the core of this future world. So, we think, we design, we build, we write. Hopefully, some of the efforts of our digital identity community ends up in the foundation of that future society. I fully expect so. Call me a dreamer.

DIDW 2005 Links

Noted. There are a number of people who have written events at Digital Identity World 2005 last week. I thought it would be useful to collect them in one place:
Phil BeckerChange Waves and the Digital ID World 2005 Conference
http://www.digitalidworld.com/print.php?sid=272
Don BowenMy famous friend, Pat!
http://blogs.sun.com/roller/page/wizidm/20050513/#my_famous_friend_pat
Kim CameronJamie on the Asphalt metaphor
http://www.identityblog.com/2005/05/17.html#a230
Chris CeppiDIDW Notes
http://ceppi.blogs.com/arbitrage/2005/05/didw_notes.html
Johannes ErnstWhat is Microsoft InfoCard?
http://netmesh.info/jernst/Digital_Identity/what-is-msft-infocard.html
Dan FarberMicrosoft's enlightened identity metasystem
http://blogs.zdnet.com/BTL/?p=1377
Dan FarberDigital identity with a capital 'I'
http://blogs.zdnet.com/BTL/?p=1363
Dan FarberConverging federation standards?
http://blogs.zdnet.com/BTL/?p=1371
Steve GillmorSomething in the Air
http://blogs.zdnet.com/Gillmor/index.php?p=95
Timothy GraysonFare thee well DIDW
http://timothygrayson.com/blog/archives/000664.html
Kaliya HamlinIdentity Commons and Persistent Digital Identity
http://identitywoman.kaliyasblogs.net/archives/2005/05/identity_common.htm
Kaliya HamlinDoc's Possy - Identity Gang On Stage
http://identitywoman.kaliyasblogs.net/archives/2005/05/docs_possy_iden.htm
Kaliya HamlinMicrosoft's Presentation @ DIDW
http://identitywoman.kaliyasblogs.net/archives/2005/05/microsofts_pres.htm
Kaliya HamlinDick on Identity 2.0
http://identitywoman.kaliyasblogs.net/archives/2005/05/dick_on_identit.htm
Kaliya HamlinIdentity Gang Meeting - links and last 1/2 summary
http://identitywoman.kaliyasblogs.net/archives/2005/05/identity_gang_m.htm
Chris JablonskiJamie Lewis on the future of identity management
http://blogs.zdnet.com/BTL/?p=1370
Scott MaceDIDW 2005: Kim Cameron's 7 laws of identity
http://scottsrawnotes.blogspot.com/2005/05/didw-2005-kim-camerons-7-laws-of.html
Drummond ReedKey talks at DIDW 2005
http://www.equalsdrummond.name/index.php?p=32
Tom SandersMicrosoft calls for online identity overhaul
http://www.vnunet.com/news/1162956
Doc SearlsDIDW retrospectives
http://garage.docsearls.com/node/596 (MORE LINKS HERE!)
Silicon Valley SleuthMicrosoft: your new best friend for online identities
http://www.siliconvalleysleuth.com/2005/05/microsoft_your_.html
James van KesselClosing Session - Summing It Up, Doc Searls (Linux Journal)
http://spaces.msn.com/members/wandering-mind/Blog/cns!1pqEVRpKSYYbjvBgwmt75xIg!132.entry
Mark WahlDigital ID World 2005, day 1
http://www.ldap.com/1/commentary/wahl/20050511_01.shtml
Mark WahlDigital ID World 2005, day 2
http://www.ldap.com/1/commentary/wahl/20050512_01.shtml
There is also a collection of the presentations at http://conference.digitalidworld.com/2005/attendees/downloads.php.

DIDW 2005 Links

Noted. There are a number of people who have written events at Digital Identity World 2005 last week. I thought it would be useful to collect them in one place:
Phil BeckerChange Waves and the Digital ID World 2005 Conference
http://www.digitalidworld.com/print.php?sid=272
Don BowenMy famous friend, Pat!
http://blogs.sun.com/roller/page/wizidm/20050513/#my_famous_friend_pat
Kim CameronJamie on the Asphalt metaphor
http://www.identityblog.com/2005/05/17.html#a230
Chris CeppiDIDW Notes
http://ceppi.blogs.com/arbitrage/2005/05/didw_notes.html
Johannes ErnstWhat is Microsoft InfoCard?
http://netmesh.info/jernst/Digital_Identity/what-is-msft-infocard.html
Dan FarberMicrosoft's enlightened identity metasystem
http://blogs.zdnet.com/BTL/?p=1377
Dan FarberDigital identity with a capital 'I'
http://blogs.zdnet.com/BTL/?p=1363
Dan FarberConverging federation standards?
http://blogs.zdnet.com/BTL/?p=1371
Steve GillmorSomething in the Air
http://blogs.zdnet.com/Gillmor/index.php?p=95
Timothy GraysonFare thee well DIDW
http://timothygrayson.com/blog/archives/000664.html
Kaliya HamlinIdentity Commons and Persistent Digital Identity
http://identitywoman.kaliyasblogs.net/archives/2005/05/identity_common.htm
Kaliya HamlinDoc's Possy - Identity Gang On Stage
http://identitywoman.kaliyasblogs.net/archives/2005/05/docs_possy_iden.htm
Kaliya HamlinMicrosoft's Presentation @ DIDW
http://identitywoman.kaliyasblogs.net/archives/2005/05/microsofts_pres.htm
Kaliya HamlinDick on Identity 2.0
http://identitywoman.kaliyasblogs.net/archives/2005/05/dick_on_identit.htm
Kaliya HamlinIdentity Gang Meeting - links and last 1/2 summary
http://identitywoman.kaliyasblogs.net/archives/2005/05/identity_gang_m.htm
Chris JablonskiJamie Lewis on the future of identity management
http://blogs.zdnet.com/BTL/?p=1370
Scott MaceDIDW 2005: Kim Cameron's 7 laws of identity
http://scottsrawnotes.blogspot.com/2005/05/didw-2005-kim-camerons-7-laws-of.html
Drummond ReedKey talks at DIDW 2005
http://www.equalsdrummond.name/index.php?p=32
Tom SandersMicrosoft calls for online identity overhaul
http://www.vnunet.com/news/1162956
Doc SearlsDIDW retrospectives
http://garage.docsearls.com/node/596 (MORE LINKS HERE!)
Silicon Valley SleuthMicrosoft: your new best friend for online identities
http://www.siliconvalleysleuth.com/2005/05/microsoft_your_.html
James van KesselClosing Session - Summing It Up, Doc Searls (Linux Journal)
http://spaces.msn.com/members/wandering-mind/Blog/cns!1pqEVRpKSYYbjvBgwmt75xIg!132.entry
Mark WahlDigital ID World 2005, day 1
http://www.ldap.com/1/commentary/wahl/20050511_01.shtml
Mark WahlDigital ID World 2005, day 2
http://www.ldap.com/1/commentary/wahl/20050512_01.shtml
There is also a collection of the presentations at http://conference.digitalidworld.com/2005/attendees/downloads.php.

More on InfoCards

Noted. Last week, Digital Identity World was a hot place for revelations on Microsoft's/Kim's InfoCard. Here are a few links to articles and postings:

Phil BeckerMicrosoft Leaks Identity - Is Info Cards a Good Thing?
http://www.digitalidworld.com/print.php?sid=274
Kim CameronSteve Gillmore; John Fontana on the Identity Metasystem; 'Enlightened' Identity Metasystem
http://www.identityblog.com/2005/05/14.html
Kim CameronFast Forward to InfoCards
http://www.identityblog.com/2005/05/18.html#a232
Mark G. DixonPutting Rubber on the Identity Management Road
http://blogs.sun.com/roller/page/identity/Weblog/putting_rubber_on_the_road
Johannes ErnstWhat is Microsoft InfoCard?
http://netmesh.info/jernst/Digital_Identity/what-is-msft-infocard.html
Joris EversMicrosoft to flash Windows ID cards
http://news.com.com/Microsoft+to+flash+Windows+ID+cards/2100-1029_3-5711126.html
Dan FarberMicrosoft's enlightened identity metasystem
http://blogs.zdnet.com/BTL/?p=1377
John FontanaMicrosoft sells ID mgmt. plan
http://www.networkworld.com/news/2005/051605-microsoft-identity.html
Steve GillmoreSomething in the Air
http://blogs.zdnet.com/Gillmor/index.php?p=95
Dave KearnsInfoCard Info
http://vquill.com/2005/05/infocard-info.html
Hubert Le Van GongMicrosoft's InfoCard
http://blogs.sun.com/roller/page/hubertsblog/Weblog/div_class_text_microsoft_recently
MicrosoftMicrosoft's Vision for an Identity Metasystem
http://msdn.microsoft.com/webservices/understanding/advancedwebservices/default.aspx?pull=/library/en-us/dnwebsrv/html/identitymetasystem.asp
Mike RowehlInfoCard
http://www.bitsplitter.net/blog/?p=501

And here's an old post of mine: http://blog.onghome.com/2005/02/infocards.htm.

More on InfoCards

Noted. Last week, Digital Identity World was a hot place for revelations on Microsoft's/Kim's InfoCard. Here are a few links to articles and postings:

Phil BeckerMicrosoft Leaks Identity - Is Info Cards a Good Thing?
http://www.digitalidworld.com/print.php?sid=274
Kim CameronSteve Gillmore; John Fontana on the Identity Metasystem; 'Enlightened' Identity Metasystem
http://www.identityblog.com/2005/05/14.html
Kim CameronFast Forward to InfoCards
http://www.identityblog.com/2005/05/18.html#a232
Mark G. DixonPutting Rubber on the Identity Management Road
http://blogs.sun.com/roller/page/identity/Weblog/putting_rubber_on_the_road
Johannes ErnstWhat is Microsoft InfoCard?
http://netmesh.info/jernst/Digital_Identity/what-is-msft-infocard.html
Joris EversMicrosoft to flash Windows ID cards
http://news.com.com/Microsoft+to+flash+Windows+ID+cards/2100-1029_3-5711126.html
Dan FarberMicrosoft's enlightened identity metasystem
http://blogs.zdnet.com/BTL/?p=1377
John FontanaMicrosoft sells ID mgmt. plan
http://www.networkworld.com/news/2005/051605-microsoft-identity.html
Steve GillmoreSomething in the Air
http://blogs.zdnet.com/Gillmor/index.php?p=95
Dave KearnsInfoCard Info
http://vquill.com/2005/05/infocard-info.html
Hubert Le Van GongMicrosoft's InfoCard
http://blogs.sun.com/roller/page/hubertsblog/Weblog/div_class_text_microsoft_recently
MicrosoftMicrosoft's Vision for an Identity Metasystem
http://msdn.microsoft.com/webservices/understanding/advancedwebservices/default.aspx?pull=/library/en-us/dnwebsrv/html/identitymetasystem.asp
Mike RowehlInfoCard
http://www.bitsplitter.net/blog/?p=501

And here's an old post of mine: http://blog.onghome.com/2005/02/infocards.htm.

More on InfoCards

Noted. Last week, Digital Identity World was a hot place for revelations on Microsoft's/Kim's InfoCard. Here are a few links to articles and postings:

Phil BeckerMicrosoft Leaks Identity - Is Info Cards a Good Thing?
http://www.digitalidworld.com/print.php?sid=274
Kim CameronSteve Gillmore; John Fontana on the Identity Metasystem; 'Enlightened' Identity Metasystem
http://www.identityblog.com/2005/05/14.html
Kim CameronFast Forward to InfoCards
http://www.identityblog.com/2005/05/18.html#a232
Mark G. DixonPutting Rubber on the Identity Management Road
http://blogs.sun.com/roller/page/identity/Weblog/putting_rubber_on_the_road
Johannes ErnstWhat is Microsoft InfoCard?
http://netmesh.info/jernst/Digital_Identity/what-is-msft-infocard.html
Joris EversMicrosoft to flash Windows ID cards
http://news.com.com/Microsoft+to+flash+Windows+ID+cards/2100-1029_3-5711126.html
Dan FarberMicrosoft's enlightened identity metasystem
http://blogs.zdnet.com/BTL/?p=1377
John FontanaMicrosoft sells ID mgmt. plan
http://www.networkworld.com/news/2005/051605-microsoft-identity.html
Steve GillmoreSomething in the Air
http://blogs.zdnet.com/Gillmor/index.php?p=95
Dave KearnsInfoCard Info
http://vquill.com/2005/05/infocard-info.html
Hubert Le Van GongMicrosoft's InfoCard
http://blogs.sun.com/roller/page/hubertsblog/Weblog/div_class_text_microsoft_recently
MicrosoftMicrosoft's Vision for an Identity Metasystem
http://msdn.microsoft.com/webservices/understanding/advancedwebservices/default.aspx?pull=/library/en-us/dnwebsrv/html/identitymetasystem.asp
Mike RowehlInfoCard
http://www.bitsplitter.net/blog/?p=501

And here's an old post of mine: http://blog.onghome.com/2005/02/infocards.htm.

Grayson’s Observations on Themes in Identity

Noted. Tim Grayson continues to make good observations on digital identity. In Themes in Identity (or at least at Digital Identity World), Tim observes that the following themes:
o Long Tail -- the fact that there are lots of products that have low sales volume, but it could be profitable to target these segments.
o Emergence -- properties that evolve out of complex adaptive systems.
o Identity Vetting -- binding of identities to entities (typically a human).
o Loosely Coupled Systems -- as in David Weinberger's Small Pieces Loosely Joined.
were highlighted at DIDW. I would add the following ideas:
o Distributed Systems -- implied by Loosely coupled systems.
o End-Point Security -- how there is a realization in the market that every device needs to be locked down with strong identity. (See Evolution to Self-Secured Nodes.)
o Bottoms-Up -- building up global directories from pieces at the end-user or subdirectories.
o Metasystems -- a system that will give a global view of any significant set of identities will be a metasystem.
o Tipping point -- centers around the discussion of what it'll take for the next generation of digital identity to become the dominant system.
Update (May 12, 2005):
Tim had more to say in DIDW theme update:
o Liability -- i.e. people are starting to realize the that federation is not just a technology issue. See Federation Won't Mean World Peace.
o Enterprise vs Social Identity -- realization that businesses and social circles need very different privacy needs. I wrote about this in Information Dogma.
o Rising Out of the Weeds -- convergence on understanding on scope of the problem.

Grayson’s Observations on Themes in Identity

Noted. Tim Grayson continues to make good observations on digital identity. In Themes in Identity (or at least at Digital Identity World), Tim observes that the following themes:
o Long Tail -- the fact that there are lots of products that have low sales volume, but it could be profitable to target these segments.
o Emergence -- properties that evolve out of complex adaptive systems.
o Identity Vetting -- binding of identities to entities (typically a human).
o Loosely Coupled Systems -- as in David Weinberger's Small Pieces Loosely Joined.
were highlighted at DIDW. I would add the following ideas:
o Distributed Systems -- implied by Loosely coupled systems.
o End-Point Security -- how there is a realization in the market that every device needs to be locked down with strong identity. (See Evolution to Self-Secured Nodes.)
o Bottoms-Up -- building up global directories from pieces at the end-user or subdirectories.
o Metasystems -- a system that will give a global view of any significant set of identities will be a metasystem.
o Tipping point -- centers around the discussion of what it'll take for the next generation of digital identity to become the dominant system.
Update (May 12, 2005):
Tim had more to say in DIDW theme update:
o Liability -- i.e. people are starting to realize the that federation is not just a technology issue. See Federation Won't Mean World Peace.
o Enterprise vs Social Identity -- realization that businesses and social circles need very different privacy needs. I wrote about this in Information Dogma.
o Rising Out of the Weeds -- convergence on understanding on scope of the problem.

The Identity Gang

Managed to squeeze in some time to be at the Hyatt Regency in San Francisco to join the Identity Gang in a pre-Digital Identity World Conference get-together. Glad I did. It was a four hour gathering that drifted from Kim's work on claims-based universal identity metasystems, to privacy issues, to usability, to policy presentation, to whether we should start a conference of sorts for the Identity Gang. (The list of attendees is in http://wiki.idcommons.net/moin.cgi/DigitalIdWorld.)

I'm glad I went because I got to meet a number of people who I only know via blogs I've read.

But, more importantly, I discovered that I'm in good company in thinking that, at least technologically, this digital identity endeavor is one of the biggest thing that is not just going to affect many of our future digital systems, and will also be the basis of many of our future social constructs. It is important to get it as close to right as possible because so much (our privacy, our relationship with our government, even our security) will depend on it.

See Also:
o Berkman Center, Identity Gang Meeting Agenda.
o Kim Cameron, Bottoms up identity discussion at DIDW.
o Marc Cantor, ID Gang. (I'm in the picture.)
o Johannes Ernst, Identity Gang Meeting.
o Kayila Hamlin, Identity Gang Meeting - links and last 1/2 summary.
o Dick Hardt, Identity Gang meeting @ DIDW.

The Identity Gang

Managed to squeeze in some time to be at the Hyatt Regency in San Francisco to join the Identity Gang in a pre-Digital Identity World Conference get-together. Glad I did. It was a four hour gathering that drifted from Kim's work on claims-based universal identity metasystems, to privacy issues, to usability, to policy presentation, to whether we should start a conference of sorts for the Identity Gang. (The list of attendees is in http://wiki.idcommons.net/moin.cgi/DigitalIdWorld.)

I'm glad I went because I got to meet a number of people who I only know via blogs I've read.

But, more importantly, I discovered that I'm in good company in thinking that, at least technologically, this digital identity endeavor is one of the biggest thing that is not just going to affect many of our future digital systems, and will also be the basis of many of our future social constructs. It is important to get it as close to right as possible because so much (our privacy, our relationship with our government, even our security) will depend on it.

See Also:
o Berkman Center, Identity Gang Meeting Agenda.
o Kim Cameron, Bottoms up identity discussion at DIDW.
o Marc Cantor, ID Gang. (I'm in the picture.)
o Johannes Ernst, Identity Gang Meeting.
o Kayila Hamlin, Identity Gang Meeting - links and last 1/2 summary.
o Dick Hardt, Identity Gang meeting @ DIDW.