Planet OpenID

July 24, 2015

The Path Forward for Self-Certification

The increasing adoption of OpenID Connect deployments has required the OpenID Foundation to develop new certification models that support the practical business, legal and technical realities of today’s Internet scale deployments. Throughout 2015, the pilot phase of OpenID Connect self-certification has been testing the efficiencies, cost effectiveness and trustworthiness of this new approach. Early adopters helped “test the tests” and put a wide range of solutions through the first iteration of OpenID Connect self-certification.

OpenID Connect self-certification is underway for the first set of OP tests with additional OP and new RP pilot testing planned later for this year. Certification costs/fees to be determined by the Executive Committee will reference the guidelines below as adopted by the OpenID Foundation Board. In this way, OpenID Connect self-certification is breaking new ground and setting precedents for certification in the foundation’s future.

OpenID Foundation Self-Certification Guidelines
1. Adoption is the foundation’s highest priority.
2. The foundation’s goals include incentivizing membership, certification of multiple profiles per implementation and international participation.
3. Certification Profiles are rolled out in three phases: pilot by early adopters, membership beta and general availability.
4. OpenID certification pilots and betas are to be available to all members in good standing.
5. Upon completion of the beta and pilot phases, certification for those profiles will be made available to non-members.
6. All fees are waived during the pilot phase; fees will be charged during the beta and general availability phases.
7. The Foundation intends to authorize fees sufficient to cover the costs of operating a certification program once the corresponding pilot phase is complete.
8. OpenID Foundation certification fees are to be the same for all members.
9. Certification fees are due at the time of submission and are charged per implementation.
10. Certification(s) will be approved once payment is received.

The Executive Committee is now working through the actions needed to make the planned OP and RP self-certification available to members and non-members and fully operationalize the OpenID Connect self-certification program. Your feedback is welcome at

Don Thibeau

by jfe at July 24, 2015 02:42 PM

July 23, 2015

Introducing RISC: Working together to protect users

According to a recent Gallup poll, more people are worried about their online accounts being hacked than having their home broken into.With more and more of our digital lives accessible online, attackers are redoubling efforts to steal our personal information, and increasingly exploiting the interconnectedness of web services and apps to “leapfrog” from one account to the next.

Attackers often target multiple accounts across service providers for a single individual, knowing that users normally register for all their internet services with just a few email addresses. For example, a victim’s social networking account may send password recovery information to their email account, or they might log into her photo sharing account using their social network credentials. When criminals exploit these linkages, a single weak link can create a cascade of account takeovers.

That’s why the OpenID Foundation is pleased to announce a new effort dedicated to tackling this problem by working together on account defense. This month, a consortium of technology companies including Aol, Confyrm, Deutsche Telekom, Google, LinkedIn, Microsoft, Nomura Research Institute, and Ping Identity chartered an initiative to design an “early warning system” that safely and securely raises the alarm when accounts are at risk.

This Risk & Incident Sharing and Collaboration Working Group (RISC) initiative has set its initial mission as the development of standards designed to enable providers to prevent attackers from compromising linked accounts across multiple providers and coordinate in restoring accounts in the event of compromise.

The RISC group takes the approach that through open collaboration, the internet industry can design and deploy mechanisms that significantly lessen the impact of account hijacking. The effort focuses on sharing security events that occur at the individual account level, like the fact that a specific account was put on hold because of a suspected compromise. The group will also work with an attention to minimizing impacts on user privacy. The RISC group is not focused on identification or defense against malware or other system or network level attacks.

To learn more about the working group please visit the OpenID Foundation RISC Workgroup or contact Don Thibeau Executive Director,

by Adam Dawes at July 23, 2015 07:13 PM

July 16, 2015

Kaliya Hamlin

I’m Quoted in Guardian Article re: Ellen Pao

Yesterday a reporter called me up and asked me for comment on Ellen Pao. I said “What did you expect?” It became the headline! – I continued “Ellen was at the center of a high-profile sexual discrimination suit versus a major VC firm and she was put in charge of the teenage boy section of the internet. What did you expect was going to happen? It was inevitable that they would turn on her,”

You can read the whole article here – I wasn’t the only one unsurprised by what happened. :)

‘What did you expect?’ Women in tech reflect on Ellen Pao’s exit from Reddit

by Kaliya Hamlin, Identity Woman at July 16, 2015 07:29 PM

Kaliya Hamlin

Enabling Multi-Stakeholder Consensus on Cybersecurity Issues

My friend Allen who was at Brookings got a job with NTIA to figure out what issues to focus on and how to get multi-stakeholder collaboration on cyber security issues.  Because he asked me to respond I took the time to give him my thoughts and input drawing on my experience with the attempts by NSTIC to do this same thing.  Here is the PDF document. IPTF-Kaliya-2

I will in time work to publish it in blog sized sections online so it is more internally linkable (starting with an index from this post). Until then enjoy.

by Kaliya Hamlin, Identity Woman at July 16, 2015 06:36 PM

July 08, 2015

Nat Sakimura

Internet Identity年表 | @_Nat Zone

そろそろ知っている人がだんだんいなくなってきそうなので、Internet Identity年表をまとめ始めました。個人的に重要だと思うイベントを独断と偏見で収録しています。まだまだ不完全ですので、「ここにこんなのがあったよ」などは、日付、見出し、出典(リンクなど)、それが重要だと思う理由を、(この記事ではなく)Internet Identity年表のコメント欄に書き込んでください。

by Nat at July 08, 2015 05:07 AM

Nat Sakimura

Internet Identity年表

そろそろ知っている人がだんだんいなくなってきそうなので、Internet Identity年表をまとめ始めました。個人的に重要だと思うイベントを独断と偏見で収録しています。まだまだ不完全ですので、「ここにこんなのがあったよ」などは、日付、見出し、出典(リンクなど)、それが重要だと思う理由を、この記事のコメント欄に書き込んでください。

# Contributionが結構あるようだったら、別途 Bitbucketか何かでプロジェクトをつくろうと思います。

by Nat at July 08, 2015 05:04 AM

June 22, 2015

Kaliya Hamlin

Internet Identity Workshop #21 Registration is open

Here is the registration for the 21st Internet Identity Workshop.
Join us its going to be great.

by Kaliya Hamlin, Identity Woman at June 22, 2015 10:09 PM

June 21, 2015

Nat Sakimura

1passwordのWebSocket 不認証脆弱性について

さて、MacOS XとiOSのXARA脆弱性について[1]では、もと記事[2]で1passwordを作っているAgileBItsも対策はムズカシイと言っているということについて、「なんでかなー」と疑問を呈したわけですが、AgileBitsの説明[3]を読みに行ってわかりました。そりゃそうだ、ってなもんです。あと、論文の著者たちの書き方は、自分たちの業績を売り込むためなんでしょうが、ちょっと誤解を招くなと。

この論文の著者たちが指摘する1passwordの脆弱性というのは、1passwordブラウザ拡張から1password miniへの通信がマルウェアによって傍受される可能性があるというものでした。1pasword miniは6263番ポートでWebSocketを開けて待ち受けているはずなんですが、1password miniがこのポートを専有する前にマルウェアで専有してしまえば、1passwordブラウザ拡張が送ってくるパスワード他をかっぱらうことができるというものです。逆に言うと、ユーザが入力してかつ1passwordに新たに保存することに決めたたパスワードをかっぱらうことしかできませんです。1passwordに保存済みのパスワードが漏れてしまうわけではありません。

これに対して私はMacOS XとiOSのXARA脆弱性について[1]で「インストール時に1passwordアプリにキーペアを生成させて、公開鍵をブラウザ拡張に持たせて、ブラウザ拡張からポート6263への通信を全てその公開鍵で暗号化してしまうんですけどね。」と書きました。確かにそれはそうなんです。ただ、AgileBits的には、それじゃダメでしょうと。


そんな変なプログラムを仕込まれてしまう状況では、1passwordのブラウザ拡張から1password miniに送られるWebSocketの通信を横取りするよりも、ブラウザへのパスワード入力をそのまま引っこ抜くほうが楽で確実でしょうというわけですね。そりゃそうだ。1password miniが使うポートを乗っ取るのよりも、入力されたパスワードを全て引っこ抜く方がカバレージ全然広いし確実ですからね。




by Nat at June 21, 2015 04:02 PM

June 18, 2015

Nat Sakimura

MacOS XとiOSのXARA脆弱性について

今日(6月18日)午後、GigaZineで「iOSとOS XでiCloud・メール・ブラウザ保存のパスワードが盗まれる脆弱性が発覚、Appleは半年以上も黙殺」[1]というセンセーショナルな記事が出ました。まぁ、Webメディアだからしょうがないかという感じではありますが、記事を読んだだけでは何のことやらさっぱりなので、読みましたよ、元の論文。


  • Xing, Bai, Li, Wang, Chen, Liao: “Unauthorized Cross-App Resource Access on MAC OS X and iOS” [2]




  1. Password Stealing (Keychainのアクセス・コントロール脆弱性)[MacOS X]
  2. Container Cracking (Apple App Storeの、BundleID確認の手違い) [MacOS X]
  3. IPC Interception (3.a WebSocket non-authentication, and 3.b local OAuth redirect) [MacOS X]
  4. Scheme Hijacking [MacOS X, iOS]

このうち、少なくとも3.b と4は実は私たちは少なくとも2013年11月から知っていたもので、現在規格策定の最終段階に入っているOAuth PKCE[3]が解決しようとしている問題そのものです。また、「対処方法は無い」と書かれていますが、正確に言うと、エンドユーザとしてすぐに出来る対処方法は無い、ですね。開発者として自分のアプリが脆弱性を持たないようにする方法はあります。これも以下で紹介します。



[3] Sakimura, N., Bradley, J, and N. Agaawal:”Proof Key for Code Exchange by OAuth Public Clients”, IETF, (2015)

by Nat at June 18, 2015 03:49 PM

June 17, 2015

Nat Sakimura



J.S.バッハの通称「ゴールドベルグ変奏曲」の正式名称は「2段鍵盤付きクラヴィチェンバロのためのアリアと種々の変奏」 (Clavier Ubung bestehend in einer ARIA mit verschiedenen Veraenderungen vors Clavicimbal mit 2 Manualen)  (BWV 988)であり、全4巻からなる「クラヴィーア練習曲集」の第4巻をなす。1742年に出版されたこの曲は、チェンバロ時代が終わりピアノ時代になってからは長らく忘れられていた曲だが、モダンチェンバロをつかったランドフスカの演奏もさることながら、なんといってもグレン・グールドのデビュー録音の大ヒットによって広く知られるようになった曲と言って良いだろう。


Goldberg Variations (CD)

   明確なリズム、引き込まれるような鋭利なアプローチ、そして対位法による演奏で、衝撃のデビューを飾った1955年のゴールドベルク変奏曲と比べると、この1981年の再録音は驚くほど違った演奏になっている。1981年の方は、もっとゆっくりしたペースで、シンプルに表現されており、装飾には深い熟考のあとがうかがえる。また、テンポが見事に組み立てられている(人によっては、やや大げさに聞こえるかもしれないが…)。1955年の時は反復は一切なかったが、今回はカノン、フゲッタ、その他のフーガ調の変奏でAパートの反復が見られる。素早く手を交差させながら正確に鍵盤をタッチする指さばきは健在で、感嘆せずにはいられない。しかし、ゆっくりなテンポの時の方がこの曲の舞踏的要素をうまく表現しているようだ。(Jed Distler,
List Price: ¥ 1,623
New From: ¥ 716 In Stock
Used from: ¥ 680 In Stock



Bach: Goldberg Variations & Italian Concerto etc (MP3 ダウンロード)

New From: ¥ 1,800 In Stock
Used from: Out of Stock



Scarlatti Sonatas (MP3 ダウンロード)

New From: ¥ 1,600 In Stock
Used from: Out of Stock


Bach: Goldberg Variations, BWV 988 (MP3 ダウンロード)

New From: ¥ 1,500 In Stock
Used from: Out of Stock


という訳で、ブゾーニの残した数少ない録音の中で、生前のブゾーニの演奏を知るブゾーニの孫弟子、Gunnar Johansenがブゾーニを伝える唯一のピアノロール録音と語る録音で最後は締めることにしよう。

リストの「鬼火」。F. ブゾーニの演奏で、どうぞ。うまい、よねぇ。ケレン味なくすごくあっさりひいていながらダイナミックで。


[1] 当時は彼の兄がアメリカの初代有色人種大統領になるとはつゆ知らず…(笑

[2] イタリア・Radio 3「An Interview with Martha Argerich」(2000/2/16) 同門のアバドと一緒にインタビューを受けている。

[3] 硬質の音とともに、スカルラッティを得意とするところ、そしてアルゲリッチを上回るとまで言われるテクニックも、ホロヴィッツを彷彿とさせるのだろう。

by Nat at June 17, 2015 06:15 PM

Nat Sakimura





[パリ 12日 ロイター] – 個人情報保護を扱うフランスの独立行政機関CNILは、米グーグル(GOOGL.O: 株価, 企業情報, レポート)に対し、現状にそぐわない過去の個人情報に関して削除を求められた場合、欧州だけでなく全世界のネット検索結果から削除するよう指示した。15日以内に従わない場合、制裁措置に踏み切るという。(出所)ロイター


「あなた既に転出されてますが」 私の住民票、誰がなぜ


これ、ISO/IEC 29115とかの身元確認プロセスでLevel 2以上をやっていたらこういうことは基本起きないはずなんですけどね。結局、「誰が確認したか」よりも「どのように確認したか」の方がよほど大切ということの証左であります。住民基本台帳はマイナンバーカードを発行する際の基本的なデータベースなわけですから、ここの運用はもっとしっかりやらないと。ちなみに、本気で高いレベルのクレデンシャルを発行しようと思ったら、根本的にやり方変えないとだめです。まずは公務員あたりから身元確認をやり直して、そこをトラストアンカーにして徐々に広げていかないとね。






Today, Justice Ministers in the Council reached a General Approach on the new data protection rules confirming the approach taken in the Commission’s proposal back in 2012. Trilogue negotiations between the Council, the European Parliament and the EU Commission will start next week on 24 June. (出所)Privacy Laws & Business

EUカウンシルが新データ保護法への方針に同意したとのこと[1]。2012年のコミッション提案の多くを踏襲しているとのこと。(例:EU Directive→EU Regulation,(EU市場でサービス提供する)域外企業に対する適用、(制限付き)忘れられる権利、データポータビリティ)。


by Nat at June 17, 2015 03:10 AM

June 16, 2015

Kaliya Hamlin

We “won” the NymWars? did we?

Short answer No – I’m headed to the protest today at Facebook.

A post about the experience will be up here by tomorrow. I’ll be tweeting from my account there which is of course @identitywoman


Post from Sept 2014

Mid-July,  friend called me up out of the blue and said “we won!”

“We won what” I asked.

“Google just officially changed its policy on Real Names”

He said I had  to write a post about it. I agreed but also felt disheartened.
We won but we didn’t it took 3 years before they changed.

They also created a climate online where it was OK and legitimate for service providers to insist on real names.

For those of you not tracking the story – I along with many thousands of people had our Google+ accounts suspended – this posts is an annotated version of all of those.

This was the Google Announcement:

When we launched Google+ over three years ago, we had a lot of restrictions on what name you could use on your profile. This helped create a community made up of real people, but it also excluded a number of people who wanted to be part of it without using their real names.

Over the years, as Google+ grew and its community became established, we steadily opened up this policy, from allowing +Page owners to use any name of their choosing to letting YouTube users bring their usernames into Google+. Today, we are taking the last step: there are no more restrictions on what name you can use.

We know you’ve been calling for this change for a while. We know that our names policy has been unclear, and this has led to some unnecessarily difficult experiences for some of our users. For this we apologize, and we hope that today’s change is a step toward making Google+ the welcoming and inclusive place that we want it to be. Thank you for expressing your opinions so passionately, and thanks for continuing to make Google+ the thoughtful community that it is.

There was lots of coverage.

Google kills real names from ITWire.

Google Raises White Flag on Real Names Policy in the Register.

3 Years Later Google Drops its Dumb Real Name Rule and Apologizes in TechCrunch.

Change Framed as No Longer Having Limitations Google Offers Thanks for Feedback in Electronista

Google Stops Forcing All Users to Use Their Real Names in Ars Technica

The most important was how Skud wrote a “real” apology that she thought Google should have given:

When we launched Google+ over three years ago, we had a lot of restrictions on what name you could use on your profile. This helped create a community made up of people who matched our expectations about what a “real” person was, but excluded many other real people, with real identities and real names that we didn’t understand.

We apologise unreservedly to those people, who through our actions were marginalised, denied access to services, and whose identities we treated as lesser. We especially apologise to those who were already marginalised, discriminated against, or unsafe, such as queer youth or victims of domestic violence, whose already difficult situations were worsened through our actions. We also apologise specifically to those whose accounts were banned, not only for refusing them access to our services, but for the poor treatment they received from our staff when they sought support.

Everyone is entitled to their own identity, to use the name that they are given or choose to use, without being told that their name is unacceptable. Everyone is entitled to safety online. Everyone is entitled to be themselves, without fear, and without having to contort themselves to meet arbitrary standards.

As of today, all name restrictions on Google+ have been lifted, and you may use your own name, whatever it is, or a chosen nickname or pseudonym to identify yourself on our service. We believe that this is the only just and right thing to do, and that it can only strengthen our community.

As a company, and as individuals within Google, we have done a lot of hard thinking and had a lot of difficult discussions. We realise that we are still learning, and while we appreciate feedback and suggestions in this regard, we have also undertaken to educate ourselves. We are partnering with LGBTQ groups, sexual abuse survivor groups, immigrant groups, and others to provide workshops to our staff to help them better understand the needs of all our users.

We also wish to let you know that we have ensured that no copies of identification documents (such as drivers’ licenses and passports), which were required of users whose names we did not approve, have been kept on our servers. The deletion of these materials has been done in accordance with the highest standards.

If you have any questions about these changes, you may contact our support/PR team at the following address (you do not require a Google account to do so). If you are unhappy, further support can be found through our Google User Ombuds, who advocates on behalf of our users and can assist in resolving any problems.

BotGirl chimed in with her usual clear articulate videos about the core issues.

And this talk by Alessandro Acquisti surfaced about. Why privacy matters

Google has learned something from this but it seems like other big tech companies haven not.

by Kaliya Hamlin, Identity Woman at June 16, 2015 04:34 AM

June 11, 2015

Nat Sakimura


TBSNews iの報道[1]によると、政府が今年11月に沖縄県でサイバーセキュリティに関する国際会議を開催するとのことです。


おりしもその前の週は横浜でIETF (インターネット技術タスクフォース)の横浜会合をやっています。IETFは、で利用される技術を策定する組織で、インターネットはIETFによって作られていると言っても過言ではありません。年に3回、世界回り持ちで総会を開き、最新の技術策定を行っています。もしオープン参加ならば、この横浜会合に来日したインターネット技術界の重鎮が参加しに行くことも考えられそうです。

[1] TBSNews i 『サイバーセキュリティ国際会議、沖縄で開催へ(2015/6/11)

by Nat at June 11, 2015 08:15 AM

June 10, 2015

Nat Sakimura









[1] 時事通信『会員情報、最大1万2000件流出=PCウイルス感染、警視庁捜査-東商』 (2015/6/10取得)

[2] 時事通信『再発防止求める=東商情報流出-菅官房長官』

by Nat at June 10, 2015 02:55 PM

Nat Sakimura

「番号」設計のあるべき姿 〜 年金番号漏洩事件によせて





  1. 主キーとなる識別子、「個人番号」を作る。これは基本不変。変えたくないので、使う「番号」(以後、「番号」)の内部的管理にしか使わない。もちろん門外不出。
  2. 「番号」は、発行日、有効化日、停止日、再有効化日、廃止日[3]を持ち、主キーに紐付けて管理する。
  3. 「番号」には、ユニークな形式を導入する。たとえば、3桁目がカタカナで、4桁目がチェックサム、とか。これは、データが漏洩した時に、この形式のものは検索エンジンに引っかからないようにとかするため。
  4. 「番号」は有効期限を持つ[4]
  5. 「番号」はいつでも変更可能。管理システムは、変更するためのAPIを持つ。
  6. 組織は「番号」を受け取ったら、(「番号」管理組織の提供する)組織別「番号」発行APIに、「番号」「組織番号」「組織クレデンシャル」を提示し、当該個人の「組織別番号」を取得する。「番号」は即時廃棄する[5]。以後、当該組織は、この「組織別番号」を利用する。
  7. ある組織が他の組織から情報を要求する場合には、認可サーバから当該データを取得するための「許可番号」[6]を取得し、これを使ってデータを要求する。情報提供組織はこの「許可番号」を認可サーバに提示し、誰のデータを提供すればよいのかを知り、当該データを提供する。
  8. 原則、データは主担当組織のみが持つことにし、各組織は必要に応じて取得、利用、その後速やかに廃棄する。



  1. ある組織がお漏らししても、そのデータは他の組織が持つデータと結合することはできない。つまり、プライバシーインパクトが低いので、コストが安く済む。
  2. お漏らしした組織の「組織別番号」を変更しても、他の組織には影響ないので、いくらでも変更可能。これも、コスト安につながる。
  3. お漏らしされたデータそのものは、検索エンジン等に引っかからないようにできる。また、回収も楽。これなんざ、今は望むべくも無いですね。[7]
  4. 「番号」は定期的に変わるので、これを使って、過去と現在を結びつける異時点間名寄せによる「無情社会」[8]を生みにくい。これもコスト安につながる。
  5. そもそも、各組織は自分が主担当のデータしか持っていないので、現在のように各組織がデータをコピーして持っている場合に比べて、データ漏洩時のプライバシーインパクトが低い。





[1] 郷原信郎 『「流出した基礎年金番号は変更」「変更通知は郵送」で本当に大丈夫なのか』(2015/6/9), ハフィントン・ポスト,

[2] 崎村夏彦『「番号」は漏れると危ないのか?』(2015/6/9), @_Nat Zone,

[3] 日じゃなくて、本当はせめて秒だけど。

[4] EUでは一番最近と思われるeIDカードの発行にあたって、ドイツは「番号」を書面番号とした。したがって、再発行で変わる。これはとても正しい。

[5] これ、米国国防総省の社会保障番号の利用ガイドラインでも基本そうなっています。ちなみに、「番号」を組織に渡すのもリスクだと考える場合、個人が「組織別番号」を取得して組織に渡す方式があります。SAMLのNameIdentifierとか、OpenIDのPPIDって、そういう仕組です。自動化されているので、個人は気づかないでしょうが。

[6] 専門的には、Access Token といいます。

[7] 悪意があって、「番号」を他のものに付け替えられたらだめですがね。

[8] 崎村夏彦『無情社会と番号制度〜ビクトル・ユーゴー「ああ無情」に見る名寄せの危険性』(2010/12/13), @_Nat Zone,

[9] エンタープライズなXML/SOAPシステムとかね。あれは、せいぜい200万人とか向けのシステムですから。XMLベースだと、余計なデータと演算が多くなっていけません。あれで1億人やるのは大変…。

[10] あと、各組織(雇用者、金融機関など)がマイナンバーを保存してまうとかも、あれだなぁ…。

by Nat at June 10, 2015 02:29 PM

June 09, 2015

Nat Sakimura






by Nat at June 09, 2015 02:40 PM

Nat Sakimura

Microsoft Azure や Dropboxが、クラウドプライバシー コントロール国際基準 ISO/IEC 27018 に準拠

Microsoft Azure が、クラウド唯一のプライバシー コントロール国際基準 ISO/IEC 27018 [1]に準拠した初のクラウド コンピューティング プラットフォームとして確認されましたらしい。認証はBSIがやっているそうだ。しかも今年の2/16と旧聞。見てたかもしれないが、流していたのだな。

さらに、今週気がついたのだが、Dropbox もまたISO/IEC 27018認証を取得しているらしい。BSI大忙しですな。JIPDECさんもやらないのですかね。Pマークがあるから無理か?

ISO/IEC 27018購入ページ

ISO/IEC 27018購入ページ。PDFだけでなく、ePub版もあるのが便利

ISO/IEC 27018 というのは、ISO/IEC 27002 がカバーしていないプライバシー部分を、ISO/IEC 29100 のプライバシー・フレームワークに沿って足しているものだ。対象は、ISO/IEC 29100 でいうところの PII Processor、いわゆる「委託先」である。委託先ではないデータコントローラを対象にする規格は、ISO/IEC 29151として策定が進んでいる。実はISO/IEC 27018は、策定が始まるところから日本の委員はもとより、国際委員みなで「びみょ~」「いるのか?クラウド特有のなんて無いだろ。」と言いながら、「まぁ、27017でセキュリティをやるならそれとセットで整合性のために」スタートした規格だ。ナイロビ会合でしたかねぇ。審議はSC 27/WG 5(私が国内主査をしているWG)でやっていた[1]のだが、まぁ、あまりやることがないので非常に高速にとっとと決まったという経緯がある。さらに、全体の枠組みとしては上述の29151が担当なので、そこが終わらないうちにやるのはどうかという話もある。なので、「うちはISO/IEC 27018対応!」とか言われると「びみょ~」という気分になるのだが、それでももちろんやらないよりは良いので…。

Microsoft Azure Japan Team Blog (ブログ) です。このBlog (ブログ) は Microsoft Azure に関する最新情報や、開発に役立つ情報を提供します。

情報源: Microsoft Azure が、クラウド唯一のプライバシー コントロール国際基準 ISO/IEC 27018 に準拠した初のクラウド コンピューティング プラットフォームとして確認されました – Microsoft Azure Japan Team Blog (ブログ) – Site Home – MSDN Blogs


[1] ISO/IEC 27018 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors

[2] 国内委員会の主担当はHPの佐藤さん。

by Nat at June 09, 2015 09:18 AM

Nat Sakimura





1. なりすましによる被害



  1. 望まない情報、特に「付随する情報」の開示
  2. 取得した「付随する情報」を使った脅迫、意思への介入
  3. 金融取引をなりすまして行われることによる経済的被害


2. 変更による救済可能性







3. 情報自体の価値



4. 結論




[1] 不正アクセスで125万件の個人年金情報流出 日本年金機構」日本経済新聞(2015/6/1) より 2015/6/9取得
[2] 米国社会保障番号(SSN)の民間利用制限なしという神話
[3] ISO/IEC 24760 などでは、識別情報という言葉を「識別子名:値」の名前:値ペアの「値」を指すのに使っていますので、ちょっと注意が必要です。
[4] マイナンバーは原則「生涯不変」だそうですが、以前から言っている通り気軽に変えられるようにしたほうが良いですね。システム的には大した話しじゃ無いので。

by Nat at June 09, 2015 05:32 AM

June 07, 2015

Nat Sakimura


clamdscan は clamav というウィルススキャナのdaemonを使って、メールなどのウィルスのチェックをするものです。Courier-mtaを使っていると多くの場合mailfilter を使ってローカルデリバリーをしていると思います。clamav を使うのに一番簡単そうなのは、この設定ファイル .mailfiter に設定してここから使うこと[1]だと思うのですが、そうすると

lstat() failed: Permission denied. ERROR




これによると、まず次のような /usr/bin/ を用意します。

# Created by Tom Walsh, slim at
# slightly modified by Wolfgang Ziegler, nuppla at

# RUN=clamscan
# Enable this line, if you are using the clamav-daemon.

MSG=$(< /proc/self/fd/0) # stdin -> $MSG
SCAN=$(echo "$MSG" | $RUN - --stdout --disable-summary)
VIRUS=$(echo "$SCAN" | awk '{print $2}')
SUBJECT=$(echo "$MSG" | reformail -x Subject:)

if [ "$EXIT" == "1" ]; then
 MSG=$(echo "$MSG" | reformail -i"X-Virus-Status: INFECTED")
 MSG=$(echo "$MSG" | reformail -i"Subject: $(echo "$SUBJECT")")
 MSG=$(echo "$MSG" | reformail -i"X-Virus-Status: CLEAN")

echo "$MSG"
exit 0


chmod +x /usr/bin/


if ( /^X-Virus-Status:.*INFECTED/ )
        log "Clamdscan: Virus found\n"
        to $SPAM

たぶん、これで動いているかな…。Clamav は一応zipの中味まで見てくれるので、その点が良いですね。

.exe とかの添付が付いたメールだけをを叩き落とすだけ[2]なら、何もclamavにご登場いただくまでもなく、次のような感じでよいです。

# attachments are in the body, so :b flag
if ( /^Content-type: (audio|application)/:b \
     && /name=.*\.(bat|com|exe|hta|pif|scr|shs|vb[es]|ws[fh])/:b )
        xfilter "${REFORMAIL} -a'$SPAMHEADER potential virus attachment'"
        log "Illegal Extention\n"
        to $SPAM

絶対こういうメールは受け取ら無いぞという場合、to $SPAMでなくてexitしてしまっても良いのですが、本文だけは読みたいこともありますものね。reformailでattachmentセクションを落とすというのもありそうですが、サボっててやっていません。

[1] メールサーバ自体に入れろよと言うのもありますが、個人レベルだとこっちの方が簡単だったので。perlmailfilter 使ってやるのも、テスト用サーバを建てたりする余裕ができたらやってみます。

[2] 年金機構の漏洩問題で数日前から話題ですね。

by Nat at June 07, 2015 07:57 AM

June 05, 2015

Nat Sakimura

アメリカの不動産業界がWeb APIの認証にOpenID Connectを採用

Peter Williams氏の報告[1]によると、アメリカの不動産業界がWeb APIの認証にOpenID Connectを採用することを決定したようです。知らなかったんですが、不動産業界って、GDPベースでは米国最大のセクターなんですね。米国商務省経済分析局の 2014年ベースの統計[2]でGDPの13%を占めています。2番めのセクターが政府セクターで、12.9%。


米国産業別GDP(2014) ー不動産業界は13%でGDP比率トップ

Williams氏の上記報告によると「5年がかり」の検討の結果[3]、不動産標準グループはOAuthのカスタムプロファイルを廃止して、OpenID Connectに標準化することを決めたとのこと。MicrosoftやAmazonのサポートによって、導入が非常に容易になったのが決め手だったようです。

Cal Heldenbrand氏曰く

皆に賞賛を。これは、標準全般の大きな勝利だ。特に、簡単に使えて相互運用性に優れた標準の。OpenID Connectを使って仕事することが、SAMLでやるのよりどれだけ楽しかったか、いくら言っても言い足りない。[3]


[1] Peter Williams, “Realty adoption”,

[2] 米国商務省経済分析局『Gross-Domestic-Product-(GDP)-by-Industry Data』, 『GDP by Industry / VA, GO, II 1997-2014: 71 Industries (XLSX)』

[3] Cal Heldenbrand氏によると、「いや、20分だったよ」とのことですがww。

by Nat at June 05, 2015 05:40 AM

June 01, 2015

Kaliya Hamlin

#mynameis my statement for the virtual press kit

I just wrote this up for the virtual press kit for the #mynameis protest.

With its real name / authentic name policy Facebook is violating the rights and dignity of thousands if not millions. Individuals of all stripes have authentic names that are not found on any of their legal paperwork.  In common law countries we have the right to define our own name and there rights need to be respected online.

Identity is contextual. That is the same person may use different names authentically in different social contexts – within the Drag Queen and LGBT community – one name Lil Hot Mess for example and in a professional day job a completely different name – more likely one on formal legal paperwork but not necessarily.  These different contexts have their own contextual authenticity.

Google+ when it began several years ago also had a real name or what they called common name policy and instead users send in government issued ID via e-mail.  Many resisted these policies and eventually years later they changed their policies.   The movement around their policies was called the #Nymwars and several people organized to found the Nym Rights group. We fully support the #MyNameIs campaign and its efforts.

The freedom to choose our own names is the digital civil rights issue of our time. Without the freedom to choose our own name(s) online and the right associated with that choose our digital identities subject to termination for arbitrary reasons.  In the physical world – if our body is assaulted, or killed whoever does will suffer consequences. We must struggle for our rights in the digital world and the freedom to choose our own names – without these rights and freedoms our right to express ourselves – to speak up in a free society will be severely weakened.

Kaliya, Identity Woman
Independent Advocate for the Rights and Dignity of Our Digital Selves.

by Kaliya Hamlin, Identity Woman at June 01, 2015 09:46 PM

May 26, 2015

Enhancing OAuth Security for Mobile Applications with PKSE

OAuth 2.0 is the preferred mechanism for authorizing native mobile applications to their corresponding API endpoints. In order to be authorized, the native application attaches an OAuth access token to its API calls. Upon receiving a call, the API extracts the token, validates it (checks issuer, lifetime, associated authorizations, etc) and then determines whether the request should be allowed or denied.

Of course, before the native application can use an access token on an API call, it must necessarily have first been issued that token. OAuth defines how the native application, with a user’s active involvement, interacts with an Authorization Server (AS) in order to obtain a set of tokens that represent that user and their permissions. The best practice for native applications leverages a version of OAuth called the ‘authorization code grant type’ – which in this context consists of the following steps

  1. Upon installation, the native application registers itself with the mobile OS as the handler for URLs in a particular scheme, e.g. those starting with ‘com.example.mobileapp://’ as opposed to ‘http://’.
  2. After installation, the native application invites the user to authenticate.
  3. The native application launches the device system browser and loads a page at the appropriate AS.
  4. In that browser window, the AS
    • authenticates the user. Because authentication happens in a browser, the AS has flexibility in the how & where the actual user authentication occurs, i.e., it could be through federated SSO or could leverage 2 Factor Authentication etc. There are advantages to using the system browser and not an embedded browser – notably that a) any credentials presented in the browser window are not visible by the application b) any session established in the browser for one native application can be used for a second, enabling a SSO experience
    • may obtain the user’s consent for the operations for which the native application is requesting permission
  5. If step 4 is successful, the AS builds a URL in the scheme belonging to the native application and adds an authorization code to the end of the URL, e.g. ‘com.example.mobileapp://oauth?code=123456. The AS directs the user’s browser to redirect to this URL
  6. The browser queries the mobile OS to determine how to handle this URL. The OS determines the appropriate handler, and passes the URL to the appropriate application
  7. The native application parses the URL and extracts the authorization code from the end
  8. The native application sends the authorization code back to the AS
  9. The AS validates the authorization code and returns to the native application an access token (plus potentially other tokens)
  10. The native application then stores that access token away in secure storage so it can be subsequently used on API calls.

The current reality is that there is a security risk associated with Steps 6-8 above that could result in a malicious application being able to insert itself into the above flow and obtain the access token – and so be able to inappropriately access the business or personal data stored behind the API. The risk arises due to a combination of factors

  1. The nature of how native applications are distributed through public stores prevents individual instances of applications having unique (or secret) credentials. Consequently, it is not currently practical to expect that the native application can authenticate to the AS when exchanging the code for tokens in Step 8. As a result, if a malicious application is able to get hold of the code, it will be able to exchange that code for the desired tokens.
  2. In Step 6, the handoff of the authorization code can be intercepted if a malicious application is able to ‘squat’ on the URL scheme, i.e., get itself registered as the handler for those URLs. The mobile OSs differ in how they protect against such squatting – for instance, Android prompts the user to choose from between multiple apps claiming the same scheme, iOS does not.
  3. The current industry reality is that access tokens are predominantly ‘bearer’ tokens, i.e., any actor that can gain possession of an access token can use it on API calls with no additional criteria (such as signing some portion of the API call with a key associated with the token).

PKSE (Proof Key for Code Exchange by OAuth Public Clients) is an IETF draft specification designed to mitigate the above risk by preventing a malicious application, having obtained the code by scheme squatting, being able to actually exchange it for the more fundamental access token.

PKSE allows the native application to create an ephemeral one-time secret and use that to authenticate to the AS on Step 8 in the above. A malicious application, even if able to steal the code, will not have this secret and so will be unable to trade the stolen code for the access token.pkce

If using PKSE, the overall flow is identical to the above, but with additional parameters added to certain messages. When the native application first loads the AS page in the browser (Step 3 above), it generates a code_verifier string (and may transform it through some mechanism) and passes that as a parameter on the URL. The AS stores away this string before returning the code back to the native application. When the native application then exchanges the code for the access token (Step 8 above), it will include the code_verifier string on that call. If the code_verifier is missing or doesn’t match that previously recorded, the AS will not return the access token.
Even if a malicious application is able to obtain a code, without the corresponding code_verifier it will be unable to turn that code into an access token, and so unable to access the business or personal data accessed through the APIs.

PKSE promises to provide an important security enhancement for the application of OAuth 2.0 to native applications by mitigating the risk of authorization codes being stolen by malicious applications installed on the device. In fact, the PKSE ‘trick’, that of using transient client secrets in order to authenticate to an AS when the client has no long-term secret, is being used in other applications, e.g. the Native Applications (NAPPS) WG underway in the OpenID Foundation .

by jfe at May 26, 2015 11:48 AM

May 20, 2015

Nat Sakimura


ietf-logoずいぶん長くかかりましたが[1]、JSON Web Signature (JWS)とJSON Web Token (JWT) がようやく Standard Track の RFC[2]になりました。それぞれ、[RFC7515]と[RFC7519]です。




[1] JSON Simple Sign が2010年だから、5年がかりですね…。IETFでJOSE WGができたのが2011年11月、えらく長くかかりました。
[2] RFCには、Informational, Experimental, Standard と3つのトラックがあり、いわゆる「標準」とされるのはStandard Trackだけです。良く引用されるRFCも、多くはInformationalだったりするので、注意してみてみてください。

by Nat at May 20, 2015 02:35 AM

May 13, 2015

Certification pilot expanded to all OIDF members

The OpenID Foundation has opened the OpenID Certification pilot phase to all OpenID members, as the Board previously announced we would do in May. This enables individual and non-profit members to also self-certify OpenID Connect implementations. The OpenID Board has not yet finalized beta pricing to cover the costs of certification applications during the next phase of the 2015 program. OpenID Foundation Members’ self-certification applications will be accepted at no cost during this pilot phase. We look forward to working with all members on the continued adoption of the OpenID Certification program, including individual and open source implementations.

Don Thibeau
OpenID Foundation Executive Director

by Don Thibeau at May 13, 2015 09:52 AM

May 06, 2015

Certification Accomplishments and Next Steps

OpenID Certified markI’d like to take a moment and congratulate the OpenID Foundation members who made the successful OpenID Certification launch happen. By the numbers, six organizations were granted 21 certifications covering all five defined conformance profiles. See Mike Jones’ note Perspectives on the OpenID Connect Certification Launch for reflections on what we’ve accomplished and how we got here.

We applied the meme “keep simple things simple” that was the touchstone when designing OpenID Connect to its certification program. But for as much as we’ve already accomplished, there’s plenty of good things to come. The next steps are to expand the scope of the Certification program along several dimensions, per the OpenID board’s deliberately phased certification rollout plan. I’ll take the rest of this note to outline these next steps.

One dimension of the expansion is to open the program to all members, including non-profit and individual members. This second phase will be open to OpenID Foundation members, acknowledging the years of work that they’ve put into creating OpenID Connect and its certification program.

Closely related to this, the foundation is working to determine our costs for the certification program in order to establish a beta pricing program for the second phase. The board is on record as stating that pricing will be designed with two goals in mind: covering our costs and helping to promote the OpenID Connect brand and adoption.

Putting a timeline on this, the Executive Committee plans to recommend a beta pricing program for the second phase during its meeting on June 4th for adoption by the Board at its meeting during the Cloud Identity Summit on June 10th. We look forward to seeing certifications of open source, individuals’, and non-profits’ implementations during this phase, as well as continued certifications by organizations.

Another dimension of the expansion is to begin relying party certifications. If you have a relying party implementation, we highly encourage you to join us in testing the tests, just like the pilot participants did for the OpenID Provider certification test suite. Please contact me if you’re interested.

See the FAQ for additional information on OpenID Certification. Again, congratulations on what we’ve already accomplished. I look forward to the increasing adoption and quality of OpenID Connect implementations that the certification program is already helping to achieve.

by Don Thibeau at May 06, 2015 08:08 AM

April 27, 2015

Final OAuth 2.0 Form Post Response Mode Specification Approved

The OAuth 2.0 Form Post Response Mode specification has been approved as a Final Specification by a vote of the OpenID Foundation members. A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision.

This specification defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST.

The voting results were:

  • Approve – 39 votes
  • Object – 1 votes
  • Abstain – 3 votes

Total votes: 43 (out of 164 members = 26% > 20% quorum requirement)

— Michael B. Jones – OpenID Foundation Board Secretary

by Mike Jones at April 27, 2015 08:50 PM

April 22, 2015

Nat Sakimura

グーグル、マイクロソフト、ペイパル、野村総合研究所などの実装がOpenID Connect適合性試験に合格

OpenID Certified ロゴ
(図1)OpenID Certified ロゴ

米OpenID® Foundationは現地時間22日、OpenID Connect実装適合性自己認証プログラムを発表しました。これは、OpenID Foundationが提供するオンライン・テストに実装が合格したことを、その証憑と合わせてOpenID Foundationに提出・宣言することによってOpenID Certifiedのマーク(図1)の使用が可能になるものです。

現在提供されているテストにはOP Basic, OP Inplicit, OP Hybrid, OP Config, OP Dynamicの5種類があり、第一弾として、グーグル、野村総合研究所、ForgeRock、ペイパル、マイクロソフトの実装が、下記の表のように合格しています。

(表1)第一弾OpenID Certification合格実装一覧

会社/組織 実装名 OP Basic OP Implicit OP Hybrid OP Config OP Dynamic
ForgeRock OpenAM 13 13-Apr-2015 13-Apr-2015 13-Apr-2015 13-Apr-2015
Google Google Federated Identity 20-Apr-2015 21-Apr-2015 15-Apr-2015
Microsoft ADFS for Windows 10 7-Apr-2015
Microsoft Azure Active Directory 8-Apr-2015
野村総合研究所[1] phpOIDC 10-Apr-2015 10-Apr-2015 10-Apr-2015 10-Apr-2015 10-Apr-2015
Uni-ID 10-Apr-2015
PayPal Login with PayPal 15-Apr-2015
Ping Identity PingFederate 10-Apr-2015 10-Apr-2015 10-Apr-2015 9-Apr-2015

このプログラムによって、OpenID Connectを実装している事業者は、自身の実装がOpenID Connect標準仕様を満たすことを宣言することができます。このCertificationプログラムに参加することで、異なる実装間での相互運用性がより確実なものになるでしょう。

OpenID Certificationテストスイートは、デジタルアイデンティティに関わるシステム間の相互運用性を促進する目的で、スウェーデンのウメオ大学 (Umeå University) およびEUのGÉANTプロジェクトの協力により、オープンソースソフトウェアとして開発されました。

OpenID Connectは、セキュアでモバイルフレンドリーかつプライバシーにも配慮した、Identity技術のオープンスタンダードです。昨年のRSA Conference 2014での仕様確定以降、この仕様はGoogle Sign-in、Microsoft Azure ADなど多くのサービスで採用されてきました。実装の適合性を実際にテストできるようになったことによって、より簡単に相互接続できるようになることが期待できます。

今回発表されたのはOpenID Provider実装向けのもののみですが、2015年5月には、Relying Party向けの認証を開始される予定です。


[1] 総務省 平成24年度 戦略的国際連携型研究開発推進事業における、野村総合研究所とウメオ大学の共同研究により開発されたオープンソース実装です。

by Nat at April 22, 2015 02:54 PM

April 19, 2015

Nat Sakimura

【個人情報保護法改正】第三者提供記録義務について【Part 2】


1. これは名簿屋対策で、本人同意がある場合は除外するはずではなかったか?



2. だとすると、SNSの公開プロフィールページなども記録義務が提供元にかかるが、現実的ではないのではないか?







第二十五条 個人情報取扱事業者は、個人データを第三者(第二条第五項
 2 個人情報取扱事業者は、前項の記録を、当該記録を作成した日から個



[1] 崎村夏彦『[個人情報保護法改正] 匿名加工情報と第三者提供記録について』 (2015/3/12)

[2] 吉田 利宏 『元法制局キャリアが教える 法律を読む技術・学ぶ技術[第2版]』 による。この解釈について板倉弁護士(産総研高木先生経由)と鈴木教授(直接)にも確認してみた。板倉弁護士の見解は「『氏名 OR 規則で定める事項(∋名称)』、『規則で定める事項(∋氏名 OR 名称)』双方あり得る。『A又はBその他の規則で定めるC』というときに、AやBは例示であって入らない場合もある」。これに対して鈴木教授の見解は、「理論的に例示列挙だとしても、典型例として条文冒頭に掲げておいて、省略していいゎという運用は、は?という感じでありえんだろうと。」とのことで、悩ましい。

by Nat at April 19, 2015 03:56 PM

April 17, 2015

The OpenID Foundation Launches OpenID Connect Certification Program

OpenID Certified mark

Google, Microsoft, Ping Identity, ForgeRock, Nomura Research Institute, and PayPal OpenID Connect Deployments First to Self-Certify Conformance

RSA Conference 2015, San Francisco, CA – April 22, 2015 – Today the OpenID® Foundation introduced OpenID Connect Certification – a program that enables organizations to certify that their OpenID Connect implementations conform to specified profiles of the OpenID Connect standard. The certification program is a tool to ensure that implementations by different parties will successfully interoperate.

OpenID Connect is a secure, mobile-ready, privacy-enhancing open identity standard. It has been widely adopted since its finalization last year during the 2014 RSA Conference.

The OpenID Certification program provides important assurances to the global community of developers that the Internet identity services that certifying organizations have deployed reliably conform to the OpenID Connect standard. The goal is that OpenID Certified implementations will “just work” with one another.

Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal are the first industry leaders to participate in the OpenID Connect Certification program and certify that their implementations conform to one or more of the profiles of OpenID Connect standard.

Overview of OpenID Connect Certification Program Process

The OpenID Connect Certification program is based on self-certification – a formal public declaration by an entity that its specific identified deployment of a product or service meets the requirements of specified conformance profiles of the OpenID Connect standard, as demonstrated by passing a set of self-administered conformance tests for those profiles. With self-certification, the organization implementing an OpenID Connect deployment tests its own deployment via the OpenID Connect Conformance Test Suite™ software and verifies that it conforms to one or more defined OpenID Connect profiles. Once the tests for a profile are successfully completed, the organization signs and submits to the OpenID Foundation a Certification of Conformance attesting that it successfully completed the software tests, and asserting that its deployment conforms to the designated OpenID Connect profile. Following submission of the required materials, the self-certifications are published. These certifications are also registered by the OpenID Foundation at the Open Identity Exchange’s publically accessible identity registry, known as OIXnet.

The OpenID Foundation is taking a phased approach to rolling out the OpenID Connect Certification program. The initial phase is now complete, launching with the certification of OpenID Connect identity providers by Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal. The next phase will add relying party certification and make self-certification available to all OIDF members in good standing starting in May 2015. The planned third phase in the roadmap will make the OpenID Connect Certification program generally available in January 2016.

The OpenID Certification testing suite is open source software that was developed in cooperation with Umeå University in Sweden, with its development also partially supported by the European Union GÉANT project under a grant to promote interoperability of digital identity systems.

Comments by Industry Leaders

“The rapid adoption of OpenID Connect worldwide required us to create light-weight certification processes to meet the growing volume, velocity and variety of online transactions,” said Don Thibeau, Executive Director of the OpenID Foundation. “Self-certification is an important tool created and vetted by industry leaders. These intense competitors have come together to build a more secure and trusted Internet identity ecosystem.”

“Widely-available secure interoperable digital identity is the key to enabling easy-to-use, high-value cloud-based services and applications available for people to use on the devices they love,” said Alex Simons, Director of Program Management for Microsoft Active Directory. “Certification of Azure Active Directory and additional products to come helps assure developers, customers, and partners that OpenID Connect will just work.”

“This program enables us to build conformance testing into our ongoing engineering process which ensures that Google’s system for managing users’ account information remains interoperable with apps and web sites across the Internet,” said Eric Sachs, Product Management Director for Identity.

“Ping Identity lives and breathes open identity standards. They are key to the expertise and experience that we provide to our clients. The OpenID certification of Ping deployments is proof positive of the interoperability today’s enterprise requires,” said Andre Durand, CEO of Ping Identity.

“ForgeRock is at the center of multiple open standards communities globally as we pride ourselves on our open architecture and user-centric focus. We see OpenID Connect self-certification providing the reliability and consistency that the market demands,” said Lasse Andresen, CTO of ForgeRock.

“As a leader in payment services, PayPal is continually investing in its security infrastructure to ensure consumers have a seamless experience whether they’re on their mobile, online or in store. We have always embraced open standards, and this initiative further raises the bar on assurance for our consumers when they use PayPal across the digital ecosystem,” said Raj Mata, Sr. Director, Platform Product Management. “PayPal is excited to be part of this effort to make interoperable digital identity a reality across platforms and vendors.”

“NRI Group has been working on the identity standards for over a decade and is happy to ‘Self-certify’ both our open source implementation and the product provided through NRI Secure Technologies, our security solution subsidiary,” said Hiroshi Masutani, Senior Managing Director of Nomura Research Institute. “Self-certification is a low overhead, low cost, scalable open source option that’s another tool to provide robust services based on an open standard. The registration of the OpenID Connect self-certifications will increase trust through transparency and enable increased interoperability.”

“The OIXnet Registry and the OpenID Connect test suite will be hosted by Symantec to ensure the security of the trust framework resources and certifications,” said Vice Chairman of OIX Paul Agbabian, VP, Fellow, and CTO, Enterprise Security Business at Symantec. “As a global leader in security, we are excited to lend our expertise and be a part of these valuable efforts.”

About OpenID Connect

OpenID Connect is a secure, mobile-ready, privacy-enhancing open identity standard. OpenID Connect has been widely adopted since its finalization in 2014.

Further information about OpenID Connect and the OpenID Connect Self-Certification program is available at and

About the OpenID Foundation

The OpenID Foundation is an international non-profit organization of individuals and companies committed to enabling, promoting and protecting OpenID technologies. Formed in June 2007, the foundation serves as a public trust organization representing the open community of developers, vendors, and users. The OIDF assists the community by providing needed infrastructure and help in promoting and supporting expanded adoption of OpenID technologies. This entails managing intellectual property and brand marks as well as fostering viral growth and global participation in the proliferation of OpenID.

OpenID is a registered trademark of the OpenID® Foundation.

# # #

News Media Contacts:

Jeff Fishburn
OnPR for OpenID Foundation

Don Thibeau
Executive Director, OpenID Foundation

by Don Thibeau at April 17, 2015 01:00 PM

Final OpenID 2.0 to OpenID Connect Migration Specification Approved

The OpenID 2.0 to OpenID Connect Migration specification has been approved as a Final Specification by a vote of the OpenID Foundation members. A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision.

This specification defines how to migrate from OpenID 2.0 to OpenID Connect.

The voting results were:

  • Approve – 28 votes
  • Disapprove – 0 votes
  • Abstain – 4 votes

Total votes: 32 (out of 158 members = 20.3% > 20% quorum requirement)

— Michael B. Jones – OpenID Foundation Board Secretary

by Mike Jones at April 17, 2015 12:24 AM

April 06, 2015

Vote to approve final OAuth 2.0 Form Post Response Mode specification

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Final Specification:

  • OAuth 2.0 Form Post Response Mode 1.0 – Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST

A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision.

The official voting period will be between Friday, April 17th and Friday, April 24th, 2015. For the convenience of members, voting actually opened on Monday, April 6th for members who have completed their reviews by then, with the voting period still ending on Friday, April 24th. Vote now at

Voting to approve the OpenID 2.0 to OpenID Connect Migration 1.0 specification is also open at through April 9th.

If you’re not already a member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at

A description of OpenID Connect can be found at The working group page is

– Michael B. Jones, OpenID Foundation Secretary

by Mike Jones at April 06, 2015 09:38 PM

March 23, 2015

Nat Sakimura


photo by Brian Solis (2009) CC-BY。今はもうちょっと老けていると思われ。


Yahoo! Techによる、デビッドがホワイトハウスの「director of information technology」に抜擢されたというニュース[1]です。これって、日本語だと、「情報技術長官」で良いのですかね…。Wikipediaの米国政府用語[2]によると、Directorは「長官」らしいので…。(誰か詳しい人教えて…。)

彼は、米国のOpenID® Foundation立ち上げの立役者兼初代副理事長で、OpenID® Authentication 2.0の主著者でもありますね。当時はSixApart→Verisign Laboで働いていたのですが、その後Facebookに行って、FacebookのIdentityのOAuth 2.0化を途中までやって[3]、Open Compute Project[4] の方に行ってそちらでも業績を残しました。



  • 政府のより賢いIT供給施策:ホワイトハウスによって使われるテクノロジーが効率的、効果的、かつ安全であるように。
  • 共同作業のためのソフトウェアの近代化と、民間のベストプラクティスと平仄をあわせた新技術の導入


ちなみに、ホワイトハウスは、来年度の予算として、25省庁のデジタル・チームの編成に$105M (約120億円)を要求しているらしいので、これからもシリコンバレーからの引き抜きが続くでしょう。



[1] Alyssa Bereznak, “Exclusive: Facebook Engineering Director Is Headed to the White House”, (2015-03-19), Yahoo! Tech,

[2] Wikipedia 米国政府用語一覧

[3] 結局、そこで止まっているのがなんとも…。なので、FBは未だにOAuth 2.0 draft 10とかそのくらい…。

[4] ざっくり言うと、GoogleやFacebookスタイルのサーバをオープン化して普及しようというもの。

[5] Anita Breckenridge, “President Obama Names David Recordon as Director of White House Information Technology”, The Whitehouse Blog, (2015-03-19),

[6] Mariella Moon, “White House names top Facebook engineer as first director of IT“, Engadget

by Nat at March 23, 2015 12:53 PM

Nat Sakimura





これ、法律家はさておき、一般には全く理解されていないんじゃないかと思うんですよね。なので、先日のOpenID BizDay[3]では、ここのところを大きく取り上げたのです。








[1] 夏井高人: “鈴木正朝・高木浩光・山本一郎『ニッポンの個人情報 -「個人を特定する情報が個人情報である」と信じているすべての方へ』”, サイバー法ブログ, (2015/3/23),

[2] 鈴木正朝・高木浩光・山本一郎『ニッポンの個人情報 -「個人を特定する情報が個人情報である」と信じているすべての方へ』,  翔泳社 (2015/2/20)

[3] 崎村夏彦:『セミナー:企業にとっての実践的プライバシー保護~個人情報保護法は免罪符にはならない』, @_Nat Zone, (2015-03-01)

by Nat at March 23, 2015 11:50 AM

March 17, 2015

Kaliya Hamlin

Ello….on the inside

So. I FINALLY got my invitation to Ello.

I go in…make an account.

I check the Analytics section.

Ello uses an anonymized version of Google Analytics to gather and aggregate general information about user behavior. Google may use this information for the purpose of evaluating your use of the site, compiling reports on site activity for us and providing other services relating to site activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. To the best of our knowledge, the information gathered by Google on Ello’s behalf is collected in such a way that neither Ello, nor Google, can easily trace saved information back to any individual user.

Ello is unique in that we offer our users the option to opt-out of Google Analytics on the user settings page. We also respect “Do Not Track” browser settings. On your Ello settings page, you can choose to turn Google Analytics off completely when you visit the Site. If you choose either of these options, we make best efforts not to send any data about your user behavior, anonymized or otherwise, to Google or any other third party service provider. Please be aware that there may be other services that you are using and that are not controlled by Ello (including Google, Google Chrome Web Browser, Android Operating System, and YouTube) that may continue to send information to Google when you use the Site, even if you have asked us not to send information through our services.

Not sure what to make of all this.

by Kaliya Hamlin, Identity Woman at March 17, 2015 12:24 AM

March 11, 2015

Nat Sakimura

[個人情報保護法改正] 匿名加工情報と第三者提供記録について(3/13 8:50改定)



1. 匿名加工情報の規制対象範囲が適切に設定されていない件
2. 第三者提供の記録義務がかかる範囲が適切に設定されていない件


1. 匿名加工情報の規制範囲が適切に設定されていない件

匿名加工情報についての問題点を、高木先生が自宅の日記「匿名加工情報の規定ぶりが生煮えでマズい事態に(パーソナルデータ保護法制の行方 その15)」で指摘されておられます[2]。一言で言えば、

(1) 匿名加工化は一部情報削除、仮名化を含む極めて広い概念(第2条9)

(2) これをデータベース化して事業に用いているものを匿名加工情報取扱事業者と呼ぶ (第2条10)←ほとんど誰でもになることに注意

(3) 匿名加工情報DBを作るときには、

(a) 個人情報保護委員会規則で定める基準に従い、当該個人情報を加工しなければならない。(第36条1)

(b) 匿名加工情報を作成したときは、個人情報保護委員会規則で定めるところにより、当該匿名加工情報に含まれる個人に関する情報の項目を公表しなければならない。(第36条3)




[3] これ、某所で高木先生に指摘されて初めて気付いた。見る目が無いので、個人情報保護委員会とかで働くのには私は失格ですな。

by Nat at March 11, 2015 11:29 PM

March 10, 2015

Kaliya Hamlin

IIW is early!! We are 20!! We have T-Shirts

Internet Identity Workshop is only a month away. April 7-9, 2015

Regular tickets are only on sale until March 20th. Then prices to up again to late registration.

I’m hoping that we can have a few before we get to IIW #20!!

Yes it’s almost 10 years since we first met (10 years will be in the fall).

I’m working on a presentation about the history of the Identity Gang, Identity Commons and the whole community around IIW over the last 10 years.

Where have we come from?…leads to the question…. where are we going?  We plan to host at least one session about these questions during IIW.

It goes along with the potential anthology that I have outlined (But have a lot more work to get it completed).

by Kaliya Hamlin, Identity Woman at March 10, 2015 02:03 AM

March 04, 2015

Kaliya Hamlin

IIW topics so far

We keep track of topics folks want to talk about on our Identity Commons wiki.

I figured I would pull the list out from there and share it here…Its looking good so far.

What topics are you planning to present about or lead a discussion about at this IIW?

  • Notification management – Notifs
  • unhosted identity
  • Redelegation of OAuth bearer tokens
  • “OpenID Connect certification
  • Proof of Possession”
  • Trust-elevation (adaptive access)
  • IdM for future scientific collaborations
  • I am a member of the W3C Credentials Community Group ( and will present status/progress/goals/roadmap/use cases and how they relate to other identity initiatives.
  • OpenID Connect mobile profile
  • “Consent management UI and internals International consent issues”

What are you hoping to learn about or hear a presentation about at IIW?

  • what’s new in identity protocols, VRM, …
  • Trust Frameworks including Public and Private Sector organizations and international governments
  • http-free protocols
  • SCIM, OpenID Connect
  • UMA – VRM – OIDF Certification Threat Management Reputation Management
  • What others are doing
  • OAuth OpenID Connect and FIDO profiles
  • OpenID Connect, OAuth 2.0, UMA
  • Federated and delegated IdM
  • How other technologies overlap and can potentially integrate with the Credential CG standards.
  • “Personal control of data sharing OAuth/OpenID Connect”
  • SCIM extensions or anything SCIM
  • OpenID Connect, UMA, vectors of trust
  • Others working on consent management

What are the critical questions about user-centric identity and data you hope to discuss with peers at IIW?

  • social physics consensus and collaboration using decentralized mechanisms (e.g. blockchain)
  • How to have identity without subscription to a service. IE How to have a service recognize rather than authenticate.
  • Password management use cases with SCIM OpenID Connect NAPPS Profile
  • User Centric Business Models
  • What are the remaining roadblocks to adoption of higher LOA BYOI
  • “Identity Management as a Service – Use Cases Attribute based credentials – Use casesMulti factor authentication on Mobile Devices”
  • Consent

by Kaliya Hamlin, Identity Woman at March 04, 2015 07:32 PM

March 02, 2015

Nat Sakimura



データの種類による規制主義ではなく、コンテキスト主義で押し切っているのが特徴です。私はこっちの方が良いと思っています。構成的には、SEC. 4 に定義があって、SEC.101~107が消費者権利章典、SEC.201~203が法執行、SEC.301が法執行可能な行動規範としてのセーフハーバー、SEC.401で、この法が他に優先すること、SEC.402で、FTCの権限に影響を与えないこと、SEC.403で、Private Right of Actionをこの法は与えないことを明示しています。

この辺りについても、今日のOpenID BizDay #8 で、時間があれば話して行ければよいと思っています。

なお、この記事は、時間を見つけて拡充して行く or 別記事をおこす予定です。

今週末は、ISO/IEC のコメント締切が5件あったりして、全然時間が取れませんでした。今日のBizDayの後ですね、何か書くのは。



by Nat at March 02, 2015 05:58 AM

February 28, 2015

Nat Sakimura


明日3/2、OpenID BizDay #8 で、「企業にとっての実践的プライバシー保護の考慮点」について、新潟大学の鈴木正朝教授と、産総研の高木浩光先生をゲストにお迎えして座談会を行います。わたしが司会者としていろいろ質問していく中で、企業活動として、プライバシーにどのように向き合っていったら良いのかということを浮かび上がらせて行くことができればと思っています。ちなみに、OpenIDファウンデーション・ジャパンでなんでこんなことやるかというと、OpenIDというのは、同意取得のフレームワーク+属性提供のフレームワークだからですね。



Q.1 個人情報保護法(今年改正予定)、刑法、消費者契約法、債権法(今年改正予定)、不法行為法など、関係する法律がたくさん有るように思われますが、それらの関係を教えて下さい。個人情報保護法が良いと言っても、他の法律がダメと言っているのが結構ありそうで、個人情報保護法を守っていても免罪符にはならないように思われます。その辺りも教えてください。


  • 利用目的関連:不正指令電磁的記録に関する罪、電気通信事業法、電波法、民法(債権関連)、民法(不法行為)、消費者契約法、(経産省Q45)
  • 安全管理関連:不正競争防止法


Q.2 企業がビジネスを行う上での目標というのは、法律云々よりも、ブランド価値を高めて、自社の商品・サービスをもっと評価していただくことだと思うんですが、そこと、現在の個人情報保護法周りの話はかなり乖離しているように思われます。これはなぜなのかとか、ご意見お持ちでしょうか?


Q.3 「特定の個人」って、何なんですか?この辺り、今般の改正でもかならいせめぎ合いになったところのように各方面から聞いておりまして、これで「個人情報」の範囲をできるだけ限定しようとしているというわけですね。なので、この概念をちょっと詳しく説明していただけますでしょうか?

ここで、ISO/IEC 29100によるリンクの概念の解説に飛ぶかもしれません。

Q.4 「個人情報」の範囲を狭くするのは、企業にとって意味があることなんでしょうか?ブランド価値の保全まで考えたら、考慮対象を狭くすることはかえってリスクを高めるように思えるのですが。

この、「できるだけ限定したい」という議論、「個人情報保護法」へのコンプライアンスだけを考えるならば、その気持ちは分からないでもないんですが、上述の通りそれじゃダメなわけで、実は個人的には非常に違和感を持っているものなんですよね。80カ国近くの企業や政府関係者が集まって作っているISO/IEC 29100 プライバシー・フレームワークとかとはまるっきり逆方向なんですよ。こちらでは個人情報(PII)を「(a)その情報が関係する本人を識別することに利用することができるか (b)本人に直接・間接に結び付けられうる、任意の情報」[1]と、とても広く定義しておりまして、なんと1節まるまる使って、どうやって隠れている個人情報をあぶり出すかなんてことまで書いています。その上で、その「個人情報」をどのように「使うか」によって起きてくるプライバシーへの影響を評価して、リスクレベルに応じた対策をせよ、となってるんですよね。たとえば、名刺情報の部門での連絡用共有なんて言うのはリスクが低いからそれなりの対策で良くて、それに対して、お預かりしている健康相談情報なんかはすごく対策する、みたいにね。ブランド価値の棄損とかまで考えたら、こっちの方がずっと実践的だと思うんですよ。

Q.5 約款変更に先立つ公表、通知、同意はどうあるべきでしょうか?


Q.5 匿名加工情報というのが今回新設されるようですが…。オプトアウトも必要ないような「匿名加工」って、統計化のさらに限定されたものになってしまいそうなんですが、それだと現行法でもOKっぽくて…。詳しく教えていただけますでしょうか?


Q.6 データの越境移動関連なんですが、グローバル展開している企業が、EU在住の職員のデータを日本に持ってきて日本で人事評価するとなるとやばそうという話もあるんですが、どうなんでしょうか?安全にやるには、どうしたら良いのですか?


Q.7 個人情報保護法改正項目の中に「第三者提供時に提供元 & 提供先双方でその記録義務が追加される」というのが有るらしいですが…。どこまでやれば良いのでしょうか?

実務を考えると:たとえばOpenID Connect / OAuth で属性を連携したとしましょう。属性の提供先は、IdP側は記録しているはずです。RP側も建前としては記録しているはずです。ですが、その後は、経路問わずのDBに突っ込んでしまうケースが多いはずで、しかも、途中でRPは本人から新しい情報を直接もらったりもする。すると、もはやどこから何のために来たかなんてわからなくなってしまうわけで、こういうシステムは結構改造が必要になりそうです。まぁ、プライバシー・バイ・デザインをやってないと、後でひどくコストがかかるということの典型例なわけで、ISO/IEC 29101 プライバシー・アーキテクチャ・フレームワークでも、最初の段階でちゃんとそこのところ設計しろと言っているわけですが…。

[1] SOURCE: ISO/IEC 29100. 2.9 PII = any information that (a) can be used to identify the PII principal to whom such information relates, or (b) is or might be directly or indirectly linked to a PII principal

by Nat at February 28, 2015 09:53 PM

February 20, 2015

Nat Sakimura


The Intercept が現地時間2015/2/19に報じた[1]ところによると、NSAとGCHQによって、Gemealtoから出荷されたSIMに保存されている鍵(Ki)が大量に強奪されていたとのことです。その結果、これらのSIMを使った携帯電話の通信を盗聴するのは、何でもなくなっていたと。Snordenさんが持ちだしたファイルの中にこの情報が入っていたとのことです。

携帯電話に入っているSIMカードは、Gemaltoのような「パーソナライゼーション会社」によってAuthentication Key (Ki)が焼きこまれます。このAuthentication Keyは、SIMをネットワーク上で認証するのと、暗号鍵を生成するのに使われます。この鍵は生成された後、SIMカードに記録され、取り出せないようになります。ですが、このSIMカードをネットワーク上で認証するためには、同じ鍵を携帯電話会社も持たなければならないので、携帯電話会社にも送られます。問題があったのは、この送り方ですね。SIMカードは大量にパーソナライズされて電話会社に届けられます。その時、書き込んだAuthentication Keyを大量にまとめてFTPないしはemailで送っていたとのことです。しかも、弱い暗号しか使わず、場合によっては平文で。


わたし、この分野には疎くて、まさかこんなことになっているとは知りませんでした。当然チップ内でキーペアを生成させて、そのPublic Keyをキャリアに送っているんだとばかり思っていました。共通鍵でやっていたとは…。

昨日、Real World Crypto 報告会に行っていたのですが、そこで「暗号プリミティブをクラックするより、その他の場所をクラックしたほうが全然簡単だから、暗号プリミティブ自体が弱いとかあんまり関係ない」という意見がフロアから出ていましたが、正にそれを地で行ったわけですね。


  • (1) 長期秘密鍵を送信するのはやめよう(郵送もダメよ)
  • (2) 秘密鍵を2人以上が長期にわたって保有するのはやめよう
  • (3) 鍵管理はちゃんとやろう



by Nat at February 20, 2015 02:22 AM

February 16, 2015

Review of proposed final OAuth 2.0 Form Post Response Mode specification

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Final Specification:

  • OAuth 2.0 Form Post Response Mode 1.0 – Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values that are auto-submitted by the User Agent using HTTP POST

A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision.

This note starts the 60 day public review period for the specification drafts in accordance with the OpenID Foundation IPR policies and procedures. This review period will end on Friday, April 17, 2015. Unless issues are identified during the review that the working group believes must be addressed by revising the drafts, this review period will be followed by a seven day voting period during which OpenID Foundation members will vote on whether to approve these drafts as Final Specifications and Implementer’s Drafts. For the convenience of members, voting may begin up to two weeks before Friday, April 17th, with the voting period still ending on Friday, April 24, 2015.

A description of OpenID Connect can be found at The working group page is Information on joining the OpenID Foundation can be found at If you’re not already a member, please consider joining to participate in the approval vote.

You can send feedback on the specifications in a way that enables the working group to act upon your feedback by (1) signing the contribution agreement at to join the working group (please specify that you are joining the “AB+Connect” working group on your contribution agreement), (2) joining the working group mailing list at, and (3) sending your feedback to the list.

— Michael B. Jones, OpenID Foundation Secretary

UPDATE: The working group has added a sentence about not caching responses and updated the example Cache-Control directive. The RFC 2616 reference has also been updated to RFC 7230. The originally posted version is available at the location below to facilitate comparison between the original version and the current version with the corrections applied:

by Mike Jones at February 16, 2015 08:57 PM

Industry Leaders Lead: Google Asks Developers to Migrate from OpenID 2.0 to OpenID Connect

In 2015, waves of disruption are coursing through the Internet identity ecosystem as standard development organizations, companies and governments look to bolster the security and privacy of the information they are charged with protecting.

Implementing the latest open standards is one of the many practical steps identity providers and relying parties can take now to secure the identities of people accessing websites and apps. Industry leaders like Google are adopting the OpenID Connect protocol and migrating away from OpenID 2.0 to enable better privacy controls and stronger authentication. Released last year, OpenID Connect helps website and application developers get out of the business of storing and managing passwords – especially in the face of the increasing attacks that have compromised the identities of hundreds of millions of people worldwide.

Google recently announced to its developer ecosystem that they should migrate to OpenID Connect by April 20, 2015, the deadline when OpenID 2.0 will no longer work for Google Accounts.

Along with Google, other OpenID Foundation members including Microsoft, Salesforce, Ping Identity, and ForgeRock as well as companies such as Amazon, are adopting and deploying OpenID Connect. This is a signal to organizations worldwide that the tide is turning in the fight against identity theft and cybercrime. OpenID Connect will increase the security of the whole Internet by putting the responsibility for user identity verification in the hands of the most expert service providers.

For questions and information on OpenID Connect please turn to the following resources:

by Don Thibeau at February 16, 2015 02:39 PM

February 05, 2015

2015 Board of Directors Election Results

Thanks to all who voted for those who will represent corporate members and the community at large on the OpenID Foundation Board of Directors. John Bradley and Mike Jones have been elected to two year terms and George Fletcher to a one year term.

The returning board members help ensure the leadership, continuity and deep technical expertise that is the lifeblood of the Foundation. Those reelected will join current sustaining board representatives: Pam Dingle of Ping Identity, Raj Mata of PayPal, Tony Nadalin of Microsoft, Roger Casals of Symantec, Tracy Hulver of Verizon, Dylan Casey of Yahoo!, Debbie Bucci of the US Department of Health and Human Services, Office of the National Coordinator and Adam Dawes of Google on the board.

Corporate Members of the OpenID Foundation elect a member to represent them on the OIDF board. All corporate members were eligible to nominate themselves, second the nominations of others, and vote for candidates. I am very pleased to announce the reelection of Torsten Lodderstedt of Deutsche Telekom as the Corporate member representative to the Board of Directors. In addition to his service on the Board, Torsten chairs the Mobile Profile for OpenID Connect WG. Torsten’s leadership in profiling OpenID Connect on the platform of choice, mobile, together with Deb Bucci’s focus on a particularly ‘wicked’ problem space, medical patient records permissioning demonstrates the importance of the work we have set out to do.

I am very pleased to announce a OpenID Foundation corporate member Nomura Research Institute, represented by Nat Sakimura, our long standing board Chairman, has stepped up its membership. Sustaining membership requires a significant financial and resource commitment. I am delighted that NRI’s increased investment and Nat’s global thought leadership continues to inform our work. Nat’s Chairmanship of the OpenID Foundation and liaison with OpenID Foundation Japan helps coordinate working groups with a vibrant community of developers in Asia.

There is a special place in heaven, or at least in the identity ecosystem, for those that lead by example. Please join me in thanking all OpenID Foundation Board members for their leadership.


Don Thibeau

by jfe at February 05, 2015 08:12 PM

February 03, 2015

Nat Sakimura

Yahoo! CEO メリッサ・マイヤー「消費者からの不信がパーソナル・インターネットの発展を阻害している。」「自己情報コントロールを!」

ちょっと前のニュースになりますが、日本でも流れてましたかね?パーソナル・データの取り扱いに関する、Yahoo! CEOのメリッサ・マイヤー氏の発言が、最近の某国の某社を中心とした「オプトアウトで目的変更可能に」という主張と真っ向対立しているというニュースです。

The Drum の報道[1]によりますと、去る1月22日に行われたパネル・ディスカッションで、米Yahoo! CEOのメリッサ・マイヤー氏は、「一部テクノロジー企業がデータ販売の境界を押し広げようとすることによって、政府・消費者双方の信頼を失い、パーソナライズド・インターネットの発展を阻害している。」と述べたとのことです。個人による意思を伴った同意を経ないで、パーソナル・データから利益を得ようとする企業によって起きている信頼の喪失による経済的被害をさしたものです。「思うに、自己コントロールによる同意:あなたが何をしようとし、そのデータがどのように取り扱われ、どこに流れていくかということに関して、企業がオープンであり、個人がそれを能動的に認めることによってこそ、データが流れるようになるのだ。私たちは、データについてある種のことを行わないという能動的な商業的決定をする。」




更に、米Yahoo! は、消費者に対して、データ取扱とデータのコントロールについて十分な制御を与えられるようにするために必要な商業的なコストは厭わないとしています。




ちなみに、米Yahoo! は、プライバシー・ポリシー[2]に実影響があるような変更を施す際には、主メールアドレスに通知するとしています。通知です。公表じゃありません。まぁ、EU-USセーフ・ハーバー[3]に参加している[4]ので、EUと同様の規則に従うのは当然なんですね。


(出所)The Drum[1]

[1] SEB JOSEPH: “Yahoo’s Marissa Mayer: ‘Some internet vendors are not being transparent enough with data'”, The Drum, 2015-01-23,




by Nat at February 03, 2015 12:55 PM

February 02, 2015

Review of proposed final OpenID 2.0 to OpenID Connect Migration specification

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Final Specification:

A Final Specification provides intellectual property protections to implementers of the specification and is not subject to further revision.

This note starts the 60 day public review period for the specification drafts in accordance with the OpenID Foundation IPR policies and procedures. This review period will end on Thursday, April 2, 2015. Unless issues are identified during the review that the working group believes must be addressed by revising the drafts, this review period will be followed by a seven day voting period during which OpenID Foundation members will vote on whether to approve these drafts as Final Specifications and Implementer’s Drafts.  For the convenience of members, voting may begin up to two weeks before Thursday, April 2nd, with the voting period still ending on Thursday, April 9, 2015.

A description of OpenID Connect can be found at  The working group page is  Information on joining the OpenID Foundation can be found at  If you’re not already a member, please consider joining to participate in the approval vote.

You can send feedback on the specifications in a way that enables the working group to act upon your feedback by (1) signing the contribution agreement at to join the working group (please specify that you are joining the “AB+Connect” working group on your contribution agreement), (2) joining the working group mailing list at, and (3) sending your feedback to the list.

— Michael B. Jones, OpenID Foundation Secretary

by Mike Jones at February 02, 2015 06:22 AM

January 22, 2015

Registration is Now Open for the OIDF Workshop on April 6, 2015

Registration is now open for the OpenID Foundation Workshop on April 6 (the Monday before IIW) from 12:00 – 5:00 PM at Aol offices in Palo Alto, CA.

This OpenID Foundation Workshop will provide early insight and influence on important new online identity standards like OpenID Connect. We will provide a hands-on tutorial on the OpenID Connect Self Certification Test Suite led by its developer Roland Hedberg. We’ll review progress on the Mobile Profile of OpenID Connect as well as other protocols in the pipeline like HEART, Account Chooser and Native Applications. Leading technologists from Forgerock, Microsoft, Google, Ping Identity and others will update developments with these key protocols, review work group progress and discuss how they help meet enterprise business challenges. Thanks to OpenID Foundation Board Member George Fletcher and teamAol for hosting.

Planned Agenda:

  • Lunch
  • Introduction and Overview of OpenID Connect Self Certification and Registration by Don Thibeau of the OpenID Foundation
  • OpenID Connect by Co-Chairs Mike Jones of Microsoft, John Bradley of Ping Identity and Nat Sakimura of the NRI
  • Mobile Profile for OpenID Connect by its Chairman Torsten Lodderstedt of Deutsche Telekom
  • Account Chooser by Adam Dawes of the Google Identity Team and Pam Dingle of Ping Identity
  • Native Applications Work Group by Chairman Paul Madsen of Ping Identit
  •  “HEART” Health Relationship Trust Profiles of OpenID Connect and Related Specifications by Co-Chairs Eve Maler of ForgeRock and Deb Bucci of the US Office of the National Coordinator for Health Information Technology
  • OpenID Connect Conformance Testing by Roland Hedberg of the Umea University of Sweden

Don Thibeau

by jfe at January 22, 2015 07:37 PM

January 16, 2015

2015 Election for the OpenID Foundation Individual Board Representatives

The OpenID Foundation plays an important role in the evolution of Internet identity technologies. The OpenID Foundation Individual community board member election 2015 is now underway. Those elected will help determine the role OIDF will play in facilitating faster and broader adoption of open identity standards and profiles such as OpenID Connect, Account Chooser, the Mobile Profile for OpenID Connect, Native Applications, and Health Relationship Trust (HEART). Per the bylaws approved by the OpenID Foundation (OIDF) board on May 8, 2013, Individual community Members will elect three (3) board member to represent them.

Currently, we have four Individual community board members whose terms are expiring (2014 was a ‘transition’ year): Nat Sakimura, Mike Jones, John Bradley, and George Fletcher. I want to thank them for their service to the OIDF. They are eligible to seek re-election, if they so choose.

The Individual community board member election is being conducted on the following schedule:

• Nominations opened: Monday, January 5, 2015
• Nominations close: Monday, January 19, 2015
• Election begins: Wednesday, January 21, 2015
• Election ends: Wednesday, February 4, 2015
• Results announced by: Wednesday, February 11, 2015
• New board terms start: Wednesday, February 25, 2015

Times for all dates are Noon, U.S. Pacific Time.

All members of the OpenID Foundation are eligible to nominate themselves, second the nominations of others who self-nominated, and vote for candidates. If you’re not already a member of the OpenID Foundation, we encourage you to join now at

Voting and nominations are conducted using the OpenID you registered when you joined the Foundation. If you are already a member, you have received an email from advising you that the election is open and how to participate. Please log in with your OpenID membership credentials at to participate in the nomination and voting. If you experience problems participating in the election or joining the foundation, please send an email to right away.

Board participation requires a substantial ongoing investment of time and energy. It is a volunteer effort that should not be undertaken lightly. Should you be elected, expect to be called upon to serve both on the board and on its committees where the work of the foundation is conducted. If you’re committed to OpenID and advancing open digital identity and are a person who works well with others, we encourage your candidacy. The OIDF’s Executive Committee has suggested a few questions candidates may want to publically address in their candidate statements:
1.What are the key opportunities you see for the OpenID Foundation in 2015?
2. How will you demonstrate your commitment to the work of the foundation in terms of resources, focus and leadership?
3. What would you like to see accomplished over the next year, and how do you personally plan to make these things happen?
4. What resources can you bring to the foundation to help the foundation attain its goals?
5. What current or past experiences, skills, or interests will inform your contributions and views?

Candidates can address these questions in their election statements on various community mailing lists, especially Please forward questions, comments and suggestions to me at


Don Thibeau

by jfe at January 16, 2015 01:00 AM

January 11, 2015

Nat Sakimura














Paris march: Global leaders join ‘unprecedented’ rally in largest demonstration in history of France





[1] まぁ、遠回し(?)に一貫してdisっているわけですが…。

[2] まずは練習を録音していろいろ反省してバグフィックスして本番録音しようと思っていたら、本番録音する時間がなくなってしまった…。なので、バグだらけ…。

[3] 敬愛する、一回だけ偶然お好み焼き屋さんのカウンターで隣で食事をしたことのある高木綾子さんの楽譜を持っているわけで。

by Nat at January 11, 2015 08:38 PM

January 08, 2015

Open Invitation to Join the First Meeting of the Health Relationship Trust ( HEART) Working Group

A few months ago the OpenID Foundation Board of Directors welcomed Deb Bucci as a colleague and representative of the US Office of the National Coordinator for Health Information Technology (ONC). The Board noted the important coincidence of the growing adoption of the OpenID Connect standard and the commitment of public and private sector organizations to OpenID Connect profiles that can accelerate progress on identity-related heath care challenges.That public and private collaboration is reflected the leadership of a new working group. Eve Mailer of Forgerock, OpenID Foundation member and industry opinion leader, has joined Deb as co chair of a new working group.

We are inviting interested parties in the public, private and academic sectors to join the first meeting of the Health Relationship Trust ( HEART) Working Group (WG) on January 12. The HEART WG is a collaboration of the MIT – KIT Consortium and the Open ID Foundation. The HEART WG will be looking at ways to harmonize and develop a set of privacy and security specifications that will help an individual control the authorization of access to RESTful health-related data sharing APIs and facilitate the development of interoperable implementations of these specifications.

The US ONC’s Office of Standards and Technology is supporting this effort joins the Foundation in encouraging the active participation of technical and policy subject matter experts from across the Health IT community. The initial work will focus on identifying/scoping/framing relevant use cases rather than delving into the technical details.

You can review the HEART Project Charter for more detailed information about the HEART WG. Additional Information about joining and registering for our mail list can be found here. Anyone can join the mailing list as a read-only recipient and attend the meetings.

Don Thibeau
The OpenID Foundation

by jfe at January 08, 2015 11:15 PM

January 06, 2015

Nat Sakimura

TEPPEN 2015のピアノ対決がヤラセというが…

全然知らなかったのだが、TEPPEN 2015というフジテレビの芸能番組で、芸能人のピアノ対決をやっていたらしい。その中でいまネットで話題に成っているのが HKT48 の森保まどか氏、AKB48 の松井咲子氏、芸人のさゆり氏、の3人。彼女たちがトップ3人なのだが、森保まどかが圧倒的なのに3位でヤラセなのではないかというのだ。




















(同じく芸能人の)松下奈緒の 「Chopin バラード第3番変イ長調」[5]





[1] ロケットニュース
[2] 更に、音量のバランスを変えると、実はピッチも微妙に変わる。強く弾けば弦が端まできちんと振動するので低くなるし、軽く弾けば高くなる。
[3] アラブのダブルリード楽器。
[4] アラブの打弦楽器。これがシルクロードを西に下ってハンガリーのツィンバロンやドイツのハックブレット、英国のハンマー・ダルシマーに、東に下って中国の楊琴になった。
[5] ま、上記3人+松下奈緒だったら、松下奈緒が一番うまい感じですな。
[6] 同じ音量で聞いていると、出だしの音が小さい気がするかもしれないが、それはダイナミック・レンジが広くて、ピアニッシモはとても小さく、フォルティッシモはとても大きく弾いてるから。ダイナミック・レンジは広いし、音一つ一つにニュアンスを込めてるし、フレージングも素晴らしいし、音楽はこうでなくっちゃね。ちなみにこの演奏は、Youtubueにアップされていた、ホロヴィッツ、キーシン、他各種の演奏の中から筆者が厳選いたしましたです。ずーっとホロヴィッツで聞いてたんですがね、ツィーメルマン、いいわぁ。

by Nat at January 06, 2015 11:46 PM

Nat Sakimura

カップヌードルCM「NY/サムライーK」 は本当に木刀でボールを打っているらしい






[1] 参照

[2] 1年間で全世界の即席めんの消費量は953.9億食, WIZBIZ, (2012/3/7)

by Nat at January 06, 2015 03:28 PM

January 04, 2015

Nat Sakimura



2009年5月4日 放送 、『桑田佳祐の音楽寅さん』だそうです。



  1. 公明党BROTHER(Come Together
  2. さみしい…(Something
  3. 舛添居ず知らぬ間データ(Maxwell’s Silver Hammer
  4. 親だ~れ!?(Oh! Darling
  5. 僕当選さす票田(Octopus’s Garden
  6. iPhone中(I Want You (She’s So Heavy)
  7. 爪噛むおじさん(Here Comes The Sun
  8. 民主党(Because
  9. 油田は危機を招き(You Never Give Me Your Money
  10. 国際危惧!!(Sun King
  11. 民意無視して増した・・・!!(Mean Mr. Mustard
  12. オレ審判!?(Polythene Pam
  13. 「死刑」にするも「罰する」も非道!?(She Came In Through The Bathroom Window
  14. 公然知らんばい(Bye)!?(Golden Slumbers
  15. 借金(かり)が増え!!(Carry That Weight
  16. 次年度(The End

by Nat at January 04, 2015 01:44 PM

Nat Sakimura





  1. 産めよ増やせよ
  2. 移民

です。フランスは1.をやってある程度成功しました。アメリカは2.で経済を維持しています。日本でもこれらが検討されていますが、1.は最低でも20年がかりでいささか手遅れ(でも今すぐにでもやるべきですが)で、2. は移民国家ということ自体がアイデンティティである米国とは違って日本ではさまざまな摩擦を引き起こすことが予想され、多くの困難があるであろうことは、識者の皆さんのご指摘の通りだと思います。


あるじゃないですか、Cool Japanな解決方法が。


(図1)ロボットスーツHAL (出所)

(図1)ロボットスーツHAL (出所)











[1] 与太話ともいう

[2] 一般社団法人 東京タクシー・ハイヤー協会:『東京のタクシー2013』P.25

[3] 小野口哲『来年には50万円でパワードスーツが買えるようになります』日経ビジネス (2014/3/5)

[4] 首相官邸 『「日本再興戦略」の改定』 (平成26年6月24日閣議決定)

[5] 首相官邸 『「「日本再興戦略」改訂のポイント(改革に向けての10の挑戦)』(平成26年6月24日閣議決定)P.4

by Nat at January 04, 2015 07:01 AM

Nat Sakimura

EeeBoxにLubuntu 14.10を入れてみた

eb1012-blackうちのサーバルーム(納戸ともいう)の片隅に、もう4年近く火を入れていないEeeBox[1]があった。リカバリーパーティションも潰して、Debian Lennyを入れて、しばらくサーバとして使っていたのだが、東日本大震災の影響で毎日のように停電していた頃に諦めてクラウド移行してからずっと放ってあったものだ。これを、娘が使えるように再生しようというわけだ。

最初はWindowsにリカバリーしようかとも思ったが、よく見ると添付されていたのはWindows XP。2009年1月に買ったマシンだからしかたがないが、これではダメだ。Lubuntu と Xubuntu とどちらにしようかと一瞬迷ったが、メモリーが少ないこのマシンにはLubuntu一択のようだったので、Lubuntu 14.10を入れることにした。



  1. Mac OS 10.10.1 のマシンを使って、Lubuntu 14.10 PC 32bit版をダウンロードページから取得。
  2. ターミナルで、ダウンロードしたフォルダにGO。(私の場合、$ cd Download)
  3. ダウンロードした.isoファイルを.imgファイルに次のようにして変換。
$ hdiutil convert -format UDRW -o ./lubuntu-14.10-desktop-i386.img ./lubuntu-14.10-desktop-i386.iso
  1. hdutil が勝手にファイル末尾に.dmgをつけているのでこれを削除
$ mv ./lubuntu-14.10-desktop-i386.img.dmg ./lubuntu-14.10-desktop-i386.img
  1. ブートドライブにするSDカードをスロットに挿入。
  2. ターミナルで diskutil list して、ディスクのパスを調査
$ diskutil list
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *500.1 GB   disk0
   1:                        EFI EFI                     209.7 MB   disk0s1
   2:                  Apple_HFS Macintosh HD            499.2 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     Apple_partition_scheme                        *2.0 TB     disk1
   1:        Apple_partition_map                         32.3 KB    disk1s1
   2:                  Apple_HFS MyBook2T                2.0 TB     disk1s3
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *3.0 TB     disk2
   1:                        EFI EFI                     209.7 MB   disk2s1
   2:                  Apple_HFS TimeMachine2            3.0 TB     disk2s2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *7.7 GB     disk3
   1:                 DOS_FAT_32 NO NAME                 7.7 GB     disk3s1

  1. SDカード(NO NAMEという名前だった)が、/dev/disk3だということがわかったので、これを一旦アンマウント。アンマウントにあたっては、ボリューム名を使用するので、df コマンドでボリューム名を調査
$ df -g
Filesystem    1G-blocks Used Available Capacity   iused     ifree %iused  Mounted on
/dev/disk0s2        464  425        38    92% 111670483  10216259   92%   /
devfs                 0    0         0   100%       670         0  100%   /dev
map -hosts            0    0         0   100%         0         0  100%   /net
map auto_home         0    0         0   100%         0         0  100%   /home
/dev/disk1s3       1862 1326       536    72% 347818226 140519426   71%   /Volumes/MyBook2T
/dev/disk2s2       2794 2003       790    72% 262631430 103609902   72%   /Volumes/TimeMachine2
/dev/disk3s1         15    0        15     0%         0         0  100%   /Volumes/NO NAME
  1. アンマウント(これをしないと、Resource busyになって、次のステップで書き込みできない。)
$ diskutil umount /Volumes/NO\ NAME/
Volume NO NAME on disk3s1 unmounted
  1. ddコマンドでディスクイメージをSDカードに書き込み:
$ sudo dd if=lubuntu-14.10-desktop-i386.img of=/dev/rdisk3 bs=256m
2+1 records in
2+1 records out
739246080 bytes transferred in 148.771499 secs (4969003 bytes/sec)
  1. 書き込み終わると、MacOSがマウントしようとして読み込めないと言ってくるので「取り出す」を選ぶ。


  1. 作成したSDカードを取り出して、EeePCに挿入
  2. 電源ONして、DELキーでセットアップ画面に入る。ここで、ブートデバイスの設定をする。SDカードはハードディスクとして認識されるので、HDDのブート順序を、変更。F10で保存、再起動。
  3. あとはウィザードにしたがって進めばOK。インストールが終わったら、再起動を即されるので再起動。この際、SDカードは抜くこと。


  1. デフォルトだと、日本語入力の切り替えが<super>+<space>に割り当てられている。慣れの問題かもしれないが、これを<control>+<space>に変更したいので、Lubuntuメニューから「設定>キーボード・インプットメソッド」 とたどり、設定。

FirefoxからGoogle Documentを使う分にはなんとかこれで行ける。(変換中の文字列が、入力行より微妙に下にでるのはちょっとあれだが。)AbiWordだと、インラインに入力文字列が出ないので、ちょっと使えないかな。

[1] ASUS EeeBox MODEL:EBXB202 BLK/VK191T。CPU: Atom N270,Memory:1GB, HDD: 80GB, Wireless: 802.11n。Windows XP home (JPN)添付。

by Nat at January 04, 2015 04:53 AM

January 02, 2015

Nat Sakimura




図1 – 2003年からの現金と株式の価値の推移



  1. 政府貨幣の発行(or 国債日銀引受)によるマネーの増加
  2. その収入による公共投資



  1. 大胆な金融政策
  2. 機動的な財政政策
  3. 民間投資を喚起する成長戦略


では、Good Night!

by Nat at January 02, 2015 04:08 PM

Nat Sakimura








図1 日経平均と現金の価値の推移(米ドルベース指数)




by Nat at January 02, 2015 03:50 AM

December 14, 2014

Kaliya Hamlin

Internet Identity Workshop #20 is in April !!

IIW is turning 20 !

That is kind of amazing. So much has evolved in those 10 years.
So many challenges we started out trying to solve are still not solved.

I actually think it would be interesting as we approach this milestone to talk about what has been accomplished and what we think is yet to be accomplished.

I am working on organizing a crowd funding campaign to support completing an anthology that I have outlined and partially pulled together. I will be asking for your support soon. Here is the post on my blog about it.

In the mean time tickets for IIW are up and for sale! You can also order a special T-shirt we are designing especially for the occasion.

by Kaliya Hamlin, Identity Woman at December 14, 2014 11:31 PM

Kaliya Hamlin

ID Anthology – the community “cannon”

A few years ago I pulled together the start of a community anthology.
You could think of it as a cannon of key blog posts and papers written in the Identity Gang and circulated around the Internet Identity Workshop and other conferences back in the day like Digital Identity World.

I think with IIW coming into its 10th year and #20 and #21 happening this year the time is right to make a push to get it cleaned up and actually published.

We need to make the important intellectual and practical work done thinking and outlining digital identity that this community has done .  I also have included works that highlight key issues around user-centrism and identity that originated from outside the community of the identerati.

I am working on organizing a crowd funding campaign to raise a small amount to work with a professional editor and type setter get the needed copyright clearances so we can have a “real” book.

In the mean time I have this outline below of articles and pieces that should be included.

I would love to hear your suggestions of other works that might be good to include. It may also be that we have So many that choose to do more then one volume. For this first one my focus is more on early works that were foundational to a core group early on – essays and works that we all “know” and implicitly reference but may not be known or accessible (because they are 6-10 years ago in blogosphere time and that is eons ago) or may not even be on the web any more.

You could comment on this blog. You could use the hashtag #idanthology on twitter. You could e-mail me Kaliya (at) Identitywoman (dot) net. Subject line should include IDAnthology

The book would be dedicated to the community members that have died in the last few years (I am open to including more but these are the ones that came to my mind).

  • Nick Givitosky
  • RL “Bob” Morgan
  • Bill Washburn
  • Eno Jackson

Digital Identity Anthology

Context and History from the User-Centric Identity Perspective

edited by Kaliya “Identity Woman”

Forward, Preface, Introduction – TBD

Openning Essay – by Kaliya

Contextualizing the Importance of Identity

Protocols are Political – Excerpts from Protocol: How Control Exists after Decentralization

Identity in Social Context

Identity in Digital Systems

The “Words” – taking time to contextualize and discuss the meaning of words with broad meaning often used without anchoring the particular meaning the author is seeking to convey.


Pre-Identity Gang Papers

Building Identity and Trust into the Next Generation Internet (10 page summary)

Accountable Net (summary or key points)

Cluetrain Manifesto by Doc Searls et al. (some key highlights)

The Support Economy (some key excerpt?)

Identity Gang Formation

Andre Durand’s talk at DIDW way back in the day.

Blog post of Kaliya and Doc meeting at SBC (now ATT ) park in SF –

Dick’s Identity 2.0 talk.

Phil’s Posts

Johannes – early Venn

The Community Lexicon

Laws of Identity + Responses

The Laws of Identity

4 More Laws (by Fen Labalme)

Verifiable, Minimal and Unlinkable (by Ben Laurie)

Axioms of Identity

Key Identity Gang Ideas + Posts

On The Absurdity of “Owning One’s Identity

Law of Relational Symmetry

The Limited Liability Persona

Identity Oracles  (Bob Blakley)

Identity Spectrum version 1 version 2    (Kaliya)

Onion Diagram (by Johannes)

Venn of Identity (Eve Mahler)

Claims and Attributes

Context and Identity

Signaling Theory

Agency Costs

Social Protocols

 What is Trust?

The Trouble with Trust and the Case for Accountability Frameworks

Trust and the Future of the Internet

User-Centric ID and Person-hood.

At Crossroads: Personhood and Digital Identity in the Information Society

The Properties of Identity

The Privacy Frame

Ann Covukian’s Take

Daniel Solove’s work

Taxonomy of Privacy

Model Regime of Privacy

Understanding Privacy

The Future of Reputation

Nothing to Hide

Identity and Relationships

A Relationship Layer for the Web, Burton Group Paper

Privileged and Not Gender and Other Difference

Genders  and Drop Down Menus

Designing a Better Drop-Down Menu for Gender

Disalienation: Why Gender is a Text Field on Diaspora

“Gender is a Text Field” (Diaspora, backstory, and context)


There were many posts that arose out of the NymWars that began with Google+ turning of people’s accounts in July of 2012 – I have to go through and pick a good selection of those from BotGirl, Violet Blue and others.

Personal Data Concepts and Principles

Vendor Relationship Management Community,

The Support Economy

Exploring Privacy:

LumaScape of Display Advertising

My Digital Footprint (By Tony Fish)

Personal Data the Emergence of a New Asset Class, WEF Report

Rethinking Personal Data: Strengthening Trust

The Paradox of Choice: Why More is Less

Visions and Principles for the Personal Data Ecosystem (Kaliya)

PDX Principles (Phil Windley)

Control and Protocol

Its Not so Simple Governance and Organizational Systems Theory

Accountable Net

Visa the Original “Trust Framework”

Life organizes around identity form When Change is out of Control. and Using Emergence to take Social Innovation to Scale.

Intervening in Systems

Closing Essay

Appendix 1: Information Practices the Evolution of FIPPs

Drawing on this work.

Appendix 2: Bills of Rights

“The” Words

by Kaliya Hamlin, Identity Woman at December 14, 2014 11:25 PM

Kaliya Hamlin

A Preliminary Mapping of the Identity Needs in People’s Life Cycles

This start of a paper and idea for an interactive Exercise to be done at the ID360 Conference was written by myself and Bill Aal. It was submitted to the 2014 ID360 Conference put on by the Center for Identity at the University of Texas at Austin.

Over people’s life cycles there are many different “identity events” that occur. While considering how people interact with an identity ecosystem the whole range of lifecycle events must be considered not just those in mid-life career people.  We present a draft Field Guide to the different stages of life naming different key events and contextualizes what identity needs they might have. We also explore a user centric view of the hat looks at the digital lifecycle from the perspective of our needs as people in a social context. This may be contrasted with a view of the digital life cycle from governmental, civil society or business perspectives. We end with exploring the implications of going beyond the tension between privacy rights and institutional desires for security and authentication.

This paper builds on some of the key concepts of the paper also submitted to ID360 by Kaliya Hamlin entitled The Field Guide to Identity: Context, Identifiers, Attributes, Names and More

The first part of the paper draws  the key concepts from that paper and go on to articulate to ask critical questions that are particular to the Digital Life Cycle. It is an attempt to layout a research program for a user centered view of the digital life cycle.

The second part of the paper charts key life stages and identity events along with community and institutional interactions that are likely.  We would like to work with the organizers of the conference to have a interactive wall sized paper map available in the conference center as the event is happening to both consider each phase from the individual’s point of view and the institutions and potentially contextualize the contributions of different papers/presentations on the map.

Key concepts:

Identity is socially constructed and contextual.

More and more at earlier and earlier ages, we are given identifiers by the state, medical institutions and educational institutions that signify who we are in the social field.
How do our identities evolve through an interaction between our bio/social roots and the institutional identifiers we are assigned?

When are we recognized as a person?

Do we think of ourselves as our drivers license, or library card identifiers??Does our online representation play out in the development as human identities?

Self as a Part of Something Greater

We are defined by who we are, connected to our identities as part of something greater.
Do online identities support that sense of being part of a larger whole?

Context of Observation

The context of observation matters for shaping our identities. It defines the scope of our freedom expression our ability to make choices about context. There are three different types of observation that are quite different.

Being Seen – a mutual act. I see you, You see me. We see each other.  ?How do digital social networking identities help us see each other?

Being Watched – This is where one is observed but it is not known by the person who is looked at.  There may be interaction between actors, but there is less of an  “I- thou” quality. How do we know when we are being watched?   In small society social interactions, we grow up being watched and knowing that we are being cared for.
How do our online identities help us be seen as we mature?

Being Stalked – This is what happens when the watching shifts from an appropriate happenstance window of time and space to  watching over time and space – to following and monitoring our behavior without our knowledge. Recent attention to government surveillance and corporate access to our most intimate online interactions gives rise to anxiety over privacy/anonymity.
How do we create principles that allow for control over the stalking?

Self in Mass Society

The self is shaped differently by living in a mass society.
The first systems of mass identity were paper and bureaucratic record keeping of the state as way to give abstract identity to citizens to provide them services and to control their movement. It is vital to remember that we are not our government issued paperwork.

We are people with our own identities, our own relational lives in our communities. We must not mistake how identity in mass society operates for what it is a system, a set of technologies to manage identity in mass society.
How can we create systems of digital identity that recognize and support our having continuity across governmental, educational and medical systems, that protect our first amendment and privacy rights?

Self in Communities

Communities provide the middle ground in between the Small Society and Mass Society modalities of Identity. Communities of interest, communities of practice and geography give us the affordance to move between different contexts and develop different aspects of ourselves. This type of contextual movement and flexibility is part of what it mean to live in cities and particularly large cities, where people in one context would not necessarily share other contexts. We need to work to ensure the freedom to move between communities is not implicitly eroded in the digital realm. One key way to do this is to build digital systems that people have the capacity to use non-corelateable identifiers (pseudonyms) across different contexts they do not want linked.

Self in relationship to Employers

The power relationship between an employee and an employer is quite clear.  This power relationship is NOT the same of an individual citizen’s relative to their government or the power relationship of a person relative to communities they participate in. There is a tension between the employers rights and responsibilities and the individual employees rights and responsibilities.
For example, should an employer have the “right” to access an employee’s private social network activities, or surveillance of their life outside the workplace?
What are the digital assets that are uniquely the employer or employee?
How can standards apply across the business world??

Other areas we wish to explore:

  • Self in Relation to Peers
  • Self in Relation to the Education System
  • Self in Relationship to the Medical System and Social Services
  • Self in Relation to the State

Power and Context

The Self in a Small society is embedded in a social mesh one can not escape. There is no “other place” and one is defined in that society and because it is so small one can not leave. The self in a Mass society is in a power relationship with the state. Where one has rights but one also must use the identification system they issue and manage to interact and connect with it.

The self in community gets to navigate a myriad of different communities ones each with its own social constructions and how power operates and flows within it. (egalitarian, religions, social)communities, work places (traditional owner – worker | worker owners | holocracy).  These communities, needs and responsibilities change over a person’s lifetime.
How can consistent, yet user centered identity frame works support this development?

Where to Start

The start of all our conversations about people’s identity comes from being embodied being in a social context.  Online digital identifiers and systems at their best should support the unfolding of our identities, help us access institutional and government services, as well as help those systems provide better service.

Contexts in which Identity Lifecycle issues arise:

We are at the beginning stages of exploring how from a person’s perspective, their online identities can evolve.  This is in the process of being refined by looking at the identity needs of the individual, the state and businesses and where those interests might clash.  This is a long term research project that we are initiating  The idea is to go  beyond the usual clashes of privacy and personal rights vs big data.  Etc/

This is the beginning of a research project that we are just initiating.
We invite the collaboration of the ID360 and other professional and academic communities.

Person’s View Institutional View
Prenatal Screening
National Identity Number
Community Acknowledgement
Enrollment in Mass Society
Medical Info
Online social networks
Self Expression / Identity Exploration Online
School ID
Drivers License
Banking Info
Social Networking
Work related
University/Trade School
Student Loan
Social Identity
Economic Realm
Owner of major items such as
Social Identity
Computers / Portable Devices
Community Realm
Political affiliation
local, state/provincial and national government, rights and responsibilities
(Taxation, licensing, relation to court systems, permits etc)
Voting Eligibility, residential status, citizenship, entitlement programs
Religious Affiliation
Interest Groups
Service Groups
Special Needs
Mental Disabilities
Physical Disabilities
Blended Families
Deteriorating Mental /Physical Condition
Post Death Digital Life

by Kaliya Hamlin, Identity Woman at December 14, 2014 10:12 PM

December 13, 2014

Nat Sakimura



The Christmas Song はMel Torme & Robert Wellsが1944年の夏の暑い日[1]に、寒い時のことを思えば少しは涼しくなるかと書いた曲です。その頃はまだエアコンとかなかったので、精神的エアコンを目指したわけですね。わずか40分で書いたこの曲は、ナット・キング・コール(Nat “King” Cole)の歌で大ヒットし、もっともよく演奏されるクリスマス・ソングの一つになりました。



相変わらず一発録り[2]なので色々瑕疵がありますが…。お楽しみください。Merry Christmas!

[1] 日本はその頃、「鬼畜米英」で全く余裕もなく総力戦をやっていたわけで、彼我の余裕の違いがまざまざと。

[2] それだけじゃなくて、そもそもジャズを勉強したことないし、結構ジャズをされる方からしたら変な演奏だと思います。6日前にこの楽譜(めちゃモテ・フルート「ザ・クリスマス・ソング」)をゲットした時は、どう弾いたものか途方にくれたくらいですから。ジャズとクラシックだと語法も何も違いますからね…。

by Nat at December 13, 2014 03:00 PM