About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion

Advertisers

Technorati

  • Add to
Technorati Favorites

License

  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« March 2009 | Main | May 2009 »

4 posts from April 2009

What's the use case?

By Dave Birch posted Apr 29 2009 at 5:25 PM

[Dave Birch] Suppose you did have a virtual identity that did something for you that was so useful that would actually pay for it. What kind of thing should it do? At the Forum Oxford Future Technologies seminar I heard Mark Curtis of Flirtomatic say something along the lines of "we would happily use mobile operator age verification services if they worked". This struck me as a very simple, prosaic example. Just as in the physical world there are a couple of age verification schemes where teenagers can buy cards that show them to be over 18, perhaps the online equivalent would be the place to begin.

Now that people like Facebook are getting on board with OpenID, perhaps one idea might be to a create an OpenID source that supplies IDs with a single credential IS_OVER_18 and two-factor authentication. This would be, effectively, one of Bob's LLPs. Where would you use this? Well, one of the long standing mass market problem area is social networking. There have been attempt to deal with this piecemeal.

Mobile social networking service Funky Sexy Cool is offering identity verification to all its members at no additional cost, says Tim O’Connor, CEO of the New York-based company. But members have to choose to go through the process. Funky Sexy Cool enables members to find other like-minded individuals in the same geographic area to hang out with. For example, a member can send out a message to his friends saying he’ll be at a certain club or bar... Funky Sexy Cool is using ID verification technology from IDology Inc., Atlanta. IDology searches public databases to confirm an identity [and] charges about 37 cents per ID verification.

[From Social networking sites have little to no identity verification : CR80 News]

Now teenagers would, naturally, want to obtain the 2FA "device" of an older sibling or friend in order to gain access to sites, but it's not like using fake ID to buy a beer, because they'd end up logged in not as themselves but their sibling, friend etc which isn't much use in social networking.

Continue reading "What's the use case?" »

Virtual identities and LLPs

By Dave Birch posted Apr 22 2009 at 12:26 PM

[Dave Birch] Over the Burton Group, Bob Blakely has been developing a line of thinking around a particular kind of virtual identity that he has called the Limited Liability Persona, or LLP and he recently posted some ideas for more specific characteristics of such a thing that I think deserve reflection. Bob's thinking is that since the invention of the limited liability company as a distinct legal entity the economy has grown and benefited, so there might be economic advantages to recognising some form of virtual identity as a distinct legal entity.

Well, since LLPs don't really exist yet, it's hard to be too specific. But in principle an LLP is a legal entity with a name:

  1. Created by an action of a court.
  2. Owned by one or more individuals.
  3. With its own resources distinct from those of its owners.
  4. In which owners can invest new resources.
  5. With its own "identity attributes" distinct from those of its owners.
  6. Whose actions are legally distinct from those of the owners (though the owners may be held accountable for those actions.
  7. Whose resources may be transferred to its owners.
  8. Which can be sold by the owners to new owners.
  9. Whose existence can be terminated by its owners.
[From Burton Group Identity Blog: The Limited Liability Persona]

This is very close to the idea of the virtual identity bound to a digital identity that we have discussed here before but with much firmer purpose. In Europe, as is many other jurisdictions, the relevant digital signature legislation already exists so that legally-binding digital signatures can be used and by inference legally-valid digital identities created. It's easy to see how Bob's ideas can be implemented except for the transfers part. If an LLP is a virtual identity that is, in essence, a public key certificate then it cannot be transferred. It must be deleted and a new virtual identity created: so let's say there is a virtual identity "Chair of Manchester City Fan Club" that it my public key signed by Manchester City Fan Club's private key. Then, when a new Chair is elected then my certificate has to be revoked and a new certificate created (ie, the new Chair's public key signed by Manchester City Fan Club's private key). So the particular attribute "Chair of Manchester City Fan Club" ends up bound to a new digital identity (key pair).

Continue reading "Virtual identities and LLPs" »

I can see an article of some sort. Anyone called David?

By Dave Birch posted Apr 14 2009 at 6:15 PM

[Dave Birch] Well, my paper on "Psychic ID: A blueprint for a modern national identity" has been accepted for the new Springer journal "Identity in the Information Society" (IDIS). I didn't completely understand the form I filled out, not being familiar with the world of academic journals, but I think the essence of it is that I can put a PDF of my original on my web site provided it contains a link to the actual journal article, so once I can sort that out I will do so. But the main reason for this post is just to note how what started off as an idea in a discussion -- basically, trying to visualise 21st-century digital identity management using Dr. Who's psychic paper as a reference point, having given up on trying to explain keys, certificates and all the rest of the crypto-infrastructure -- became a presentation and then a paper and finally a peer-reviewed paper that I'm rather proud of. I've found a way to explain to non-technical audiences -- well, British non-technical audiences at least -- that the combination of widely-available devices and intelligence can deliver an identity management infrastructure that can achieve much more than they imagine.

Continue reading "I can see an article of some sort. Anyone called David?" »

Time for a National Privacy Card scheme

By Dave Birch posted Apr 2 2009 at 9:21 PM

[Dave Birch] There was a bit of media attention around the recent report on government databases from the Joseph Rowntree Foundation (the authors include Forum friends William Heath and Angela Sasse) but I'm not sure that the government was listening. The report was quite strong on the extent of the problem within government:

A quarter of all government databases are illegal and should be scrapped or redesigned, according to a report.

[From BBC NEWS | UK | Call to scrap 'illegal databases']

The way to protect personal data most effectively, particularly in large organisations such as the government, is not to store it in the first place. This may seem unworldly. After all, I want Tesco to provide me with a good service, so why shouldn't I give up some of my personal data in order to get it? Setting aside the issue of whether what I bought in Tesco yesterday is "my" data or not, I am perfectly happy to have, and wield, my Tesco Clubcard. After all, it's not in my real name and Tesco never ask me for data I don't want to give them, so I'm more than happy for them to record what I buy. And, to their credit, I can say with hand on heart that I have never once received junk mail, spam or unsolicited phone calls for the imaginary alter-ego who shares my home, from which I deduce that Tesco have kept to their side of the bargain and not disclosed "my" data to a third party. So why am I concerned about the government having big databases of stuff about me?

Continue reading "Time for a National Privacy Card scheme" »