Planet OpenID

December 14, 2014

Kaliya Hamlin

Internet Identity Workshop #20 is in April !!

IIW is turning 20 !

That is kind of amazing. So much has evolved in those 10 years.
So many challenges we started out trying to solve are still not solved.

I actually think it would be interesting as we approach this milestone to talk about what has been accomplished and what we think is yet to be accomplished.

I am working on organizing a crowd funding campaign to support completing an anthology that I have outlined and partially pulled together. I will be asking for your support soon. Here is the post on my blog about it.

In the mean time tickets for IIW are up and for sale! You can also order a special T-shirt we are designing especially for the occasion.

by Kaliya Hamlin, Identity Woman at December 14, 2014 11:31 PM

Kaliya Hamlin

ID Anthology – the community “cannon”

A few years ago I pulled together the start of a community anthology.
You could think of it as a cannon of key blog posts and papers written in the Identity Gang and circulated around the Internet Identity Workshop and other conferences back in the day like Digital Identity World.

I think with IIW coming into its 10th year and #20 and #21 happening this year the time is right to make a push to get it cleaned up and actually published.

We need to make the important intellectual and practical work done thinking and outlining digital identity that this community has done .  I also have included works that highlight key issues around user-centrism and identity that originated from outside the community of the identerati.

I am working on organizing a crowd funding campaign to raise a small amount to work with a professional editor and type setter get the needed copyright clearances so we can have a “real” book.

In the mean time I have this outline below of articles and pieces that should be included.

I would love to hear your suggestions of other works that might be good to include. It may also be that we have So many that choose to do more then one volume. For this first one my focus is more on early works that were foundational to a core group early on – essays and works that we all “know” and implicitly reference but may not be known or accessible (because they are 6-10 years ago in blogosphere time and that is eons ago) or may not even be on the web any more.

You could comment on this blog. You could use the hashtag #idanthology on twitter. You could e-mail me Kaliya (at) Identitywoman (dot) net. Subject line should include IDAnthology

The book would be dedicated to the community members that have died in the last few years (I am open to including more but these are the ones that came to my mind).

  • Nick Givitosky
  • RL “Bob” Morgan
  • Bill Washburn
  • Eno Jackson

Digital Identity Anthology

Context and History from the User-Centric Identity Perspective

edited by Kaliya “Identity Woman”

Forward, Preface, Introduction – TBD

Openning Essay – by Kaliya

Contextualizing the Importance of Identity

Protocols are Political – Excerpts from Protocol: How Control Exists after Decentralization

Identity in Social Context

Identity in Digital Systems

The “Words” – taking time to contextualize and discuss the meaning of words with broad meaning often used without anchoring the particular meaning the author is seeking to convey.

Identity
Trust
Reputation
Privacy
Security
Federation

Pre-Identity Gang Papers

Building Identity and Trust into the Next Generation Internet (10 page summary)

Accountable Net (summary or key points)

Cluetrain Manifesto by Doc Searls et al. (some key highlights)

The Support Economy (some key excerpt?)

Identity Gang Formation

Andre Durand’s talk at DIDW way back in the day.

Blog post of Kaliya and Doc meeting at SBC (now ATT ) park in SF -

Dick’s Identity 2.0 talk.

Phil’s Posts

Johannes – early Venn

The Community Lexicon

Laws of Identity + Responses

The Laws of Identity

4 More Laws (by Fen Labalme)

Verifiable, Minimal and Unlinkable (by Ben Laurie)

Axioms of Identity

Key Identity Gang Ideas + Posts

On The Absurdity of “Owning One’s Identity

Law of Relational Symmetry

The Limited Liability Persona

Identity Oracles  (Bob Blakley)

Identity Spectrum version 1 version 2    (Kaliya)

Onion Diagram (by Johannes)

Venn of Identity (Eve Mahler)

Claims and Attributes

Context and Identity

Signaling Theory

Agency Costs

Social Protocols

 What is Trust?

The Trouble with Trust and the Case for Accountability Frameworks

Trust and the Future of the Internet

User-Centric ID and Person-hood.

At Crossroads: Personhood and Digital Identity in the Information Society

The Properties of Identity

The Privacy Frame

Ann Covukian’s Take

Daniel Solove’s work

Taxonomy of Privacy

Model Regime of Privacy

Understanding Privacy

The Future of Reputation

Nothing to Hide

Identity and Relationships

A Relationship Layer for the Web, Burton Group Paper

Privileged and Not Gender and Other Difference

Genders  and Drop Down Menus

Designing a Better Drop-Down Menu for Gender

Disalienation: Why Gender is a Text Field on Diaspora

“Gender is a Text Field” (Diaspora, backstory, and context)

NymRights

There were many posts that arose out of the NymWars that began with Google+ turning of people’s accounts in July of 2012 – I have to go through and pick a good selection of those from BotGirl, Violet Blue and others.

Personal Data Concepts and Principles

Vendor Relationship Management Community,

The Support Economy

Exploring Privacy:

LumaScape of Display Advertising

My Digital Footprint (By Tony Fish)

Personal Data the Emergence of a New Asset Class, WEF Report

Rethinking Personal Data: Strengthening Trust

The Paradox of Choice: Why More is Less

Visions and Principles for the Personal Data Ecosystem (Kaliya)

PDX Principles (Phil Windley)

Control and Protocol

Its Not so Simple Governance and Organizational Systems Theory

Accountable Net

Visa the Original “Trust Framework”

Life organizes around identity form When Change is out of Control. and Using Emergence to take Social Innovation to Scale.

Intervening in Systems

Closing Essay

Appendix 1: Information Practices the Evolution of FIPPs

Drawing on this work.

Appendix 2: Bills of Rights

“The” Words

by Kaliya Hamlin, Identity Woman at December 14, 2014 11:25 PM

Kaliya Hamlin

A Preliminary Mapping of the Identity Needs in People’s Life Cycles

This start of a paper and idea for an interactive Exercise to be done at the ID360 Conference was written by myself and Bill Aal. It was submitted to the 2014 ID360 Conference put on by the Center for Identity at the University of Texas at Austin.

Over people’s life cycles there are many different “identity events” that occur. While considering how people interact with an identity ecosystem the whole range of lifecycle events must be considered not just those in mid-life career people.  We present a draft Field Guide to the different stages of life naming different key events and contextualizes what identity needs they might have. We also explore a user centric view of the hat looks at the digital lifecycle from the perspective of our needs as people in a social context. This may be contrasted with a view of the digital life cycle from governmental, civil society or business perspectives. We end with exploring the implications of going beyond the tension between privacy rights and institutional desires for security and authentication.

This paper builds on some of the key concepts of the paper also submitted to ID360 by Kaliya Hamlin entitled The Field Guide to Identity: Context, Identifiers, Attributes, Names and More

The first part of the paper draws  the key concepts from that paper and go on to articulate to ask critical questions that are particular to the Digital Life Cycle. It is an attempt to layout a research program for a user centered view of the digital life cycle.

The second part of the paper charts key life stages and identity events along with community and institutional interactions that are likely.  We would like to work with the organizers of the conference to have a interactive wall sized paper map available in the conference center as the event is happening to both consider each phase from the individual’s point of view and the institutions and potentially contextualize the contributions of different papers/presentations on the map.

Key concepts:

Identity is socially constructed and contextual.

More and more at earlier and earlier ages, we are given identifiers by the state, medical institutions and educational institutions that signify who we are in the social field.
How do our identities evolve through an interaction between our bio/social roots and the institutional identifiers we are assigned?

When are we recognized as a person?

Do we think of ourselves as our drivers license, or library card identifiers??Does our online representation play out in the development as human identities?

Self as a Part of Something Greater

We are defined by who we are, connected to our identities as part of something greater.
Do online identities support that sense of being part of a larger whole?

Context of Observation

The context of observation matters for shaping our identities. It defines the scope of our freedom expression our ability to make choices about context. There are three different types of observation that are quite different.

Being Seen – a mutual act. I see you, You see me. We see each other.  ?How do digital social networking identities help us see each other?

Being Watched – This is where one is observed but it is not known by the person who is looked at.  There may be interaction between actors, but there is less of an  “I- thou” quality. How do we know when we are being watched?   In small society social interactions, we grow up being watched and knowing that we are being cared for.
How do our online identities help us be seen as we mature?

Being Stalked – This is what happens when the watching shifts from an appropriate happenstance window of time and space to  watching over time and space – to following and monitoring our behavior without our knowledge. Recent attention to government surveillance and corporate access to our most intimate online interactions gives rise to anxiety over privacy/anonymity.
How do we create principles that allow for control over the stalking?

Self in Mass Society

The self is shaped differently by living in a mass society.
The first systems of mass identity were paper and bureaucratic record keeping of the state as way to give abstract identity to citizens to provide them services and to control their movement. It is vital to remember that we are not our government issued paperwork.

We are people with our own identities, our own relational lives in our communities. We must not mistake how identity in mass society operates for what it is a system, a set of technologies to manage identity in mass society.
How can we create systems of digital identity that recognize and support our having continuity across governmental, educational and medical systems, that protect our first amendment and privacy rights?

Self in Communities

Communities provide the middle ground in between the Small Society and Mass Society modalities of Identity. Communities of interest, communities of practice and geography give us the affordance to move between different contexts and develop different aspects of ourselves. This type of contextual movement and flexibility is part of what it mean to live in cities and particularly large cities, where people in one context would not necessarily share other contexts. We need to work to ensure the freedom to move between communities is not implicitly eroded in the digital realm. One key way to do this is to build digital systems that people have the capacity to use non-corelateable identifiers (pseudonyms) across different contexts they do not want linked.

Self in relationship to Employers

The power relationship between an employee and an employer is quite clear.  This power relationship is NOT the same of an individual citizen’s relative to their government or the power relationship of a person relative to communities they participate in. There is a tension between the employers rights and responsibilities and the individual employees rights and responsibilities.
For example, should an employer have the “right” to access an employee’s private social network activities, or surveillance of their life outside the workplace?
What are the digital assets that are uniquely the employer or employee?
How can standards apply across the business world??

Other areas we wish to explore:

  • Self in Relation to Peers
  • Self in Relation to the Education System
  • Self in Relationship to the Medical System and Social Services
  • Self in Relation to the State

Power and Context

The Self in a Small society is embedded in a social mesh one can not escape. There is no “other place” and one is defined in that society and because it is so small one can not leave. The self in a Mass society is in a power relationship with the state. Where one has rights but one also must use the identification system they issue and manage to interact and connect with it.

The self in community gets to navigate a myriad of different communities ones each with its own social constructions and how power operates and flows within it. (egalitarian, religions, social)communities, work places (traditional owner – worker | worker owners | holocracy).  These communities, needs and responsibilities change over a person’s lifetime.
How can consistent, yet user centered identity frame works support this development?

Where to Start

The start of all our conversations about people’s identity comes from being embodied being in a social context.  Online digital identifiers and systems at their best should support the unfolding of our identities, help us access institutional and government services, as well as help those systems provide better service.

Contexts in which Identity Lifecycle issues arise:

We are at the beginning stages of exploring how from a person’s perspective, their online identities can evolve.  This is in the process of being refined by looking at the identity needs of the individual, the state and businesses and where those interests might clash.  This is a long term research project that we are initiating  The idea is to go  beyond the usual clashes of privacy and personal rights vs big data.  Etc/

This is the beginning of a research project that we are just initiating.
We invite the collaboration of the ID360 and other professional and academic communities.

Person’s View Institutional View
Pre-Birth
Prenatal Screening
Birth
Naming
National Identity Number
Community Acknowledgement
Enrollment in Mass Society
Medical Info
Adoption
Kid
School
After-School
Camp
Sports
Arts
Online social networks
Gaming
Medical
Biometrics
RFID Tags
Teen
Self Expression / Identity Exploration Online
School ID
Drivers License
Banking Info
Medical
Sports
Social Networking
Work related
Student
University/Trade School
Student Loan
Social Identity
Adult
Economic Realm
Consumer
Worker
Owner
Owner of major items such as
Car/Home
Social Identity
Computers / Portable Devices
Financial
Community Realm
Political affiliation
local, state/provincial and national government, rights and responsibilities
(Taxation, licensing, relation to court systems, permits etc)
Voting Eligibility, residential status, citizenship, entitlement programs
Religious Affiliation
Interest Groups
Service Groups
Special Needs
Mental Disabilities
Physical Disabilities
Relational
Married
Partnered
Parental
Divorce
Blended Families
Elder
Retirement
Deteriorating Mental /Physical Condition
Death
Post Death Digital Life

by Kaliya Hamlin, Identity Woman at December 14, 2014 10:12 PM

December 13, 2014

Nat Sakimura

ザ・クリスマス・ソングをフルートで吹いてみた

今年もお世話になった方々へ、クリスマス・カードにかえて…。

The Christmas Song はMel Torme & Robert Wellsが1944年の夏の暑い日[1]に、寒い時のことを思えば少しは涼しくなるかと書いた曲です。その頃はまだエアコンとかなかったので、精神的エアコンを目指したわけですね。わずか40分で書いたこの曲は、ナット・キング・コール(Nat “King” Cole)の歌で大ヒットし、もっともよく演奏されるクリスマス・ソングの一つになりました。

「栗は暖炉で炙られている。鼻は冬将軍に弾かれている。」で始まるこの歌は、こどもが目を輝かせてプレゼントを待って眠れなく、トナカイが空を飛べるところを隠れて見つけてやろうと考えているところなどを描写する、とても心温まる歌です。

1歳から92歳までの子供に、この簡単な言葉を贈ろう。
何度も色々な言い方で言い古されてきた言葉だけど、『あなたにメリー・クリスマス』。

相変わらず一発録り[2]なので色々瑕疵がありますが…。お楽しみください。Merry Christmas!

[1] 日本はその頃、「鬼畜米英」で全く余裕もなく総力戦をやっていたわけで、彼我の余裕の違いがまざまざと。

[2] それだけじゃなくて、そもそもジャズを勉強したことないし、結構ジャズをされる方からしたら変な演奏だと思います。6日前にこの楽譜(めちゃモテ・フルート「ザ・クリスマス・ソング」)をゲットした時は、どう弾いたものか途方にくれたくらいですから。ジャズとクラシックだと語法も何も違いますからね…。

by Nat at December 13, 2014 03:00 PM

December 12, 2014

Kaliya Hamlin

We must understand the past to not repeat it.

Please see the prior post and the post before about how we got to discussing this.

We can not forget that the Holocaust was enabled by the IBM corporation and its Hollerith machine.  How did this happen? What were these systems? How did they work? and particularly how did the private sector corporation IBM end up working a democratically elected government to do very horrible things to vast portions of its citizenry? These are questions we can not ignore.

In 2006 Stefan Brands gave a talk that made a huge impression on me he warned us and audience of very well meaning technologists that we had to be very careful because we could incrementally create a system that could lead to enabling a police state. It was shocking at the time but after a while the point he was making sunk in and stuck with me. He shared this quote (this slide is from a presentation he gave around the same time)

Stefan

It is the likability that is the challenge.

We have to have the right and freedom NOT to be required to use our “real name” and birthdate for everything.

This is the defacto linkable identifier that the government is trying to push out over everything so they can link everything they do together.

Stephan proposes another Fair Information Principle.

Stefan6

I will share more of Stephan’s slides because I think they are prescient for today.

Stephan’s slides talk about User-Centrism technology and ideas in digital identity – ideas that have virtually no space or “air time” in the NSTIC discussions because everything has been broken down (and I believe intentionally so) into “security” “standards” “privacy” “trust frameworks” silos that divide up the topic/subject in ways that inhibit really tackling user-centrism or how to build a working system that lives up to the IDEALS that were outlined in the NSTIC document.

I have tried and tried and tried again to speak up in the year and a half before the IDESG and the 2 years since its existence to make space for considering how we actually live up to ideals in the document.  Instead we are stuck in a looping process of non-consensus process (if we had consensus I wouldn’t be UN-consensusing on the issues I continue to raise).  The IDESG are not taking user-centrism seriously, we are not looking at how people are really going to have their rights protected – how people will use and experience these large enterprise federations.

Yes everyone that is what we are really talking about…Trust Framework is just a code word for Enterprise Federation.

I went to the TSCP conference a big defence/aerospace federation (who was given NSTIC grants to work on Trust Framework Development Guidance) where this lovely lady Iana from Deloitte who worked on the early versions of NSTIC and potential governance outlines for IDESG – she said very very clearly “Trust Frameworks ARE Enterprise Federations” and it was like – ahhh a breath of fresh clear honest air – talking about what we are really talking about.

So back to the Stephan Brands re-fresher slides on user-centric ID so we don’t forget what it is.

Stefan5

Stefan4

Stefan2

Stefan3

Stefan2

Look at these, take them seriously.

by Kaliya Hamlin, Identity Woman at December 12, 2014 07:31 PM

Kaliya Hamlin

Faith and the IDESG

Since becoming involved in the IDESG, I have become concerned that we do not have people of religious faith – with that as their primary “identity” within the context of participating in the organization. Let me be clear about what I mean, we have many people of many faiths involved and I am not disrespecting their involvement. We also don’t have people who’s day job is working for faith institutions (that they would take time out from to “volunteer” on this effort to explicitly bring in a faith perspective). Someone from say the National Council of Churches would not be a bad thing to have given that one of groups of people who today have consistently sue against “identity systems” are Christians objecting to ID systems put into public schools to track children students. With this proactive faith stance involved the systems we are seeking to innovate reduces the risk of rejection via law suite. I also think the views of those from Jewish, Muslim Sikh, Budhist, Hindu and other faiths should be proactively sought out.

Another Tweet from the Tampa meeting….

Tampa15

by Kaliya Hamlin, Identity Woman at December 12, 2014 05:46 AM

Kaliya Hamlin

Dear IDESG, I’m sorry. I didn’t call you Nazi’s.

The complaint  by Mr. Ian Glazer was that I called my fellow IDESG colleagues Nazi’s. He was unsatisfied with my original statement about the tweet on our public management council mailing list.  Some how this led to the Ombudsman taking on the issue and after I spoke with him in Tampa it was followed by a drawn out 5 week “investigation” by the Ombudsman before he issued a recommendation.  During this time I experienced intensive trolling about the matter on twitter itself.

Here is the tweet that I authored while pondering theories of organizational dynamics in Tampa and without any intent to cause an association in the mind of a reader with IDESG, NSTIC, nor any person or persons in particular note that I did not reference anyone with a @____ or add any signifying hashtags e.g., #idesg or #nstic in this tweeted comment.

Tampa11

I own that the tweet was provocative but it was It was not my intent to cause harm to anybody or to the IDESG organization and wider identity community.

I in no way intended to imply that any member of the IDESG has any intention remotely similar to those of the NAZI party of Germany.

I in no way intended to imply that the content of the meeting of the IDESG related to the content of the meeting I referenced in the tweet.

I am very sorry if the tweet had an emotionally negative impact on people on the management council and particularly those of with Jewish Heritage.

I fully acknowledge that referencing anything relative to the Nazi era is triggering. It touches on our collective shame and surfaces vulnerability it is very hard to look at.

I also believe that we have to actually be prepared to do so. If we don’t examine the past we can’t be sure we will not repeat it. [Please click to see my my next post for this to be further expounded upon]

I’m sorry I didn’t say something along these lines sooner.

One should not feed the internet trolls and I didn’t.

I was in a process were I felt it was inappropriate to speak about this more until the Ombudsman’s process had run its course.

I think that we all need to keep in mind our roles as Directors of the IDESG when we interact with the public and with each other.

The whole process left my and my attorney puzzled. My attorney wrote a letter to the Management Council/Board of Directors with a whole bunch of questions and now that this is posted we look forward to their answers to those questions.

by Kaliya Hamlin, Identity Woman at December 12, 2014 05:42 AM

December 11, 2014

Kaliya Hamlin

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 1 Intro + What is Identity

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Introduction

I was attending a day long think tank called Forces Shaping the Future of Identity hosted by the Office of the Director of National Intelligence and facilitated by the Institute for the Future. A man in the audience pipped up “Are we going to Define what we mean by Identity?” I smiled :).  One can’t go very far in a conversation about identity before someone asks “that” question. It always is asked when space is opened up to discuss the topic.
I have been engaged with communities of technology professionals and with forward looking civil society organizations circling around the question what is Identity for over 10 years. The simple one-liner comprehensive definition that I use is Identity is socially constructed and contextual. However it’s just one line.  This paper is a Field Guide covering core concepts along with a visual language to represent them so we can talk about it in a meaningful way across the whole lifecycle from cradle to grave, both online and off and in other times.  It builds on the model we used for the Field Guide to Trust Models that I co-wrote last year for the ID360 Conference.

Part 2: Names, Part 3: Identifiers  Part 4: Name Space, Attributes and Conclusion.

This is Part 1:

What is Identity?

Identity is socially constructed and contextual.

Our sense of self arises first from our social interactions with our family of origin.  Humans are unique animals in that 80% of our brain growth happens outside of the womb in the first three years of life. Our family of origin is within the context of a community and in this age broader society that ultimately reaches to be global in scope.
The names we have, identifier systems, attributes that are articulated all depend on our context and from there the social constructions that define these.

Sense of Self

We are told who we are by our family – they give us a name and share with us who we are.

When does it begin? When people recognize you?

When are we recognized as a person?  Different cultures have different traditions.
I have had a connection with the 3HO Sikh community. When a woman is 120 days pregnant there is a celebration to welcome the spirit of the child into the community. Women who give birth in that tradition stay at home and don’t go out for 40 days after the child is born.

Self as a Part of Something Greater

We are defined by who we are connected to. Our identities as part of something greater. Children seek to understand their environment to understand where they fit in. An example from my childhood is one my first memories.  I remember a Canada Day Celebration we attended in Hastings Park. Being Canadian is to be mutli-cultural. The day had different ethnic communities performing on a stage different folk dances while dressed in traditional dress. At some point they handed out Canadian flags on 30 centimeter (12 inch) flag poles with a stand made out of shiny gold colored plastic in a box. It symbolizes this point in time where I understood myself to be part of something bigger to be part of the nation I was born in along with understanding some key values.

Projection of Self

We begin to understand who we are by projecting ourselves into these contexts we find ourselves and learning from the response – shaping ourselves.
There is an African saying/word –  Ubuntu – I am because you are. We are the authors of each other.

Context of Observation

The context of observation matters for shaping our identities. It defines the scope of our freedom expression our ability to make choices about context.
There are three different types of observation that are quite different.

Being Seen – a mutual act. I see you, You see me. We see each other.

Being Watched – this is where one is observed but it is not known by the observee. However it is known to the observee that they might be watched for example walking down one’s street, one knows that one could be seen by any of one’s neighbors looking out their window. One also knows that being inside of one’s own home prevents one from being watched. When walking into a store one knows that the storekeeper will see us, watch us in the store and we know that when we leave the store they will not be able to watch us. When we return to the same store they will likely recognize us (because we are returning in the same body) and know something about us based on prior interactions. In time a relationship of knowing might develop.
It should be noted that our bodies in physical space give away attributes about us that we can not proactively hide. Because we live in a society that is full of implicit bias the experiences of different types of people is different in the world.  Banaji’s work on implicit bias is a starting point. Following the Trayvon Martin verdict the president gave a speech where he said that before he was president he regularly was shadowed while shopping in stores because he was stereotyped. My partner had this happen to him this fall while shopping at Old Navy and it was not the first time.

Being Stalked – This is what happens when the watching shifts from an appropriate happenstance window of time. To watching over time and space – to following and monitoring our behavior without our knowledge.

Self in Small Society

I have often heard it said that with the advent of what appears to be ubiquitous digital identity and the fact that we can be “seen” is just like it was when we lived in small societies.

In small societies it is said that there is no privacy – everyone knows everyone’s business. Their is another layer there is a relational human connection that weaves the people in this context together.

They know each other, they can understand when they are seen and know they are being watched as the move about town.

In a a small society you also know when you are not being watched when you are in your own home with your blinds drawn.

A mesh-network of relationships that form over life and inter-generationally that inform identity and role in the society.

Self in Mass Society

The self of is shaped by living in a mass society.

We developed systems using the technology of paper and bureaucratic record keeping of the state as way to give abstract identity to citizens to provide them services. This began first with the pensions given to civil war veterans. In the 1930’s a system was developed to support people paying for and getting Social Security benefits. The advent of cars as machines that people operate gave rise to the development of licensing of people to be able to drive the vehicles. These all assigned people numbers by the state so they can present themselves to the state at a future time and be recognized. It is vital to remember that we are not our government issued paperwork. We are people with our own identities, our own relational lives in our communities. We must not mistake how identity in mass society operates for what it is a system, a set of technologies to manage identity in mass society.

Self in Communities

Communities provide the middle ground in between the Small Society and Mass Society modalities of Identity. Communities of interest, communities of practice and geography give us the freedom to move between different contexts and develop different aspects of ourselves. This type of contextual movement and flexibility is part of what it mean to live in cities and particularly large cities. Where people in one context would not necessarily share other contexts. The freedom to move between different contexts exists in the digital real. The internet enabled those in more remote locations to also participate in communities of interest and practice well beyond what they could access via their local geography. We need to work to ensure the freedom to move between communities is not implicitly eroded in the digital realm. One key way to do this is to ensure that people have the freedom to use non-corelateable identifiers (pseudonyms) across different contexts they do not want linked.

Self in relationship to Employers

The power relationship between an employee and an employer is quite clear. The employer does the vetting of potential new employees. They are hired and given access to the employers systems to do work for them. When the employee was no longer working for a company because of any number of reasons – retirement, resignation, termination – the employer revokes the employees ability to access those services. This power relationship is NOT the same of an individual citizen’s relative to their government or the power relationship of a person relative to communities they participate in. In both cases the person has an inherent identity that can not be “revoked”.

Power and Context

The Self in a Small society is embedded in a social mesh one can not escape. There is no “other place” and one is defined in that society and because it is so small one can not leave.

The self in a Mass society is in a power relationship with the state. Where one has rights but one also must use the identification system they issue and manage to interact and connect with it.

The self in community gets to navigate a myriad of different ones each with its own social constructions and how power operates and flows within it. (egalitarian, religions, social) communities, work places (traditional owner, worker | worker owners | holocracy).

Abstraction

The start of all our conversations about people’s identity comes from being embodied beings. The beauty of the digital realm is that we can abstract ourselves from our bodies and via digital identities interact via digital media. This gives us the freedom to connect to communities beyond those we could access in our local geographic location.

Atoms and Bits

Atoms and Bits are different. The difference between them is still not well understood.

  • “Atoms” Physical things can only be in one place at one time.
  • “Bits” Can be replicated and be in two or more places at once.

Physical Body

Atoms – We each have only one physical body. Our physical bodies can only be in one physical place at once. It is recognizable by other humans we meet and interact with. Because it is persistent we can be re-recognized and relationships can grow and evolve based on this. When we move between contexts in physical space – we can be recognized in different ones and connections made across them. We also have social norms, taboos and laws that help us maintain social graces.

Digital Representation

Bits – When we create digital representations of ourselves we get to extend ourselves – our presences to multiple places at the same time. We can use a digital identity that is strongly linked to the identity(ies) and contexts we use/have in the physical world. We also have the freedom to create a digital representation that steps out of the identity we occupy in the physical realm.

We can be an elf or an ork in a online game.
We can cloak our gender or choose to be a different gender.
We can cloak our race or choose to be a different one when we represent ourselves online.
We can interact on a level playing field when in the physical realm we are confined to a wheel chair.

These identities we create and inhabit online are not “fake” or “false” or “not real”. They are representations of the self. The digital realm is an abstraction and gives us the freedom to articulate different aspects of ourselves outside of the physical world.

Digital Dossier

In the digital realm because it is en-coded means that our our movements around digital space leave trails, records of the meta-data generated when we click, type, post a photo, pay for a song do basically anything online. We leave these behind and the systems that we interact with collect them and reconstruct them to develop a digital dossier of us. This behavior if it happened in the world of atoms in the physical space would be considered stalking. We have a stalker economy where our second selves are owned by corporations and used to judge us and target things at us.

Power in Space & Relationships

The freedom of people to transend aspects of identity from the physical world is disruptive to some of default power dynamics.

Disrupting Privilege

The push back against Google+’s requirement for the use of “real names” was lead by women and others who use the freedom of the digital realm to step out of the bias they experience in the physical world.

The people who were pro-real name were largely white men from privileged positions in the technology industry and implicitly through the support of the policies wanted the default privileges they enjoyed in the physical realm to continue into the digital.

Shape of Space

In the physical world we understand how different physical spaces work in terms of how big they are, how many people are in them, what the norms and terms and conditions are. We know that based on these we have a social understanding.

The challenge in the digital world is that the space is shaped by code and defined by the makers of the contexts. These contexts can change at their will. As has happened repeatedly with Facebook’s changing settings for who could see what personal information. This instability creates mistrust particularly by vulnerable people in these systems.

The commercial consumer web spaces currently have a structure where they collect so much information about us via their practices of stalking us digitally. They have enormous power over us.

by Kaliya Hamlin, Identity Woman at December 11, 2014 09:53 PM

Kaliya Hamlin

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 2: Names

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Part 1: Intro + hat is Identity?   Part 3: Identifiers  Part 4: Name Space, Attributes and Conclusion.

This is Part 2:

Names

Names are what we call ourselves and what others call us. They are a special kind of identifier because they are the link between us and the social world around us. We present ourselves using names so people know how to refer to us when talking to others or call us when they are talking to us. They convey meaning and have power.

Digital devices can also have names are defined by the administrators of these devices. Places have names given to them by people in a given context these help us refer to a geographic location. It should be noted that the names first nations (indian or native american) people had for places are different then the ones that the American’s colonized their land used.

Given Names

These are the names our parents give us when we are born. In America we have a naming convention of a first name and last name. This convention originates from ___ when states were seeking to impose control.

Name structure in various cultures

Different cultures have very different naming conventions. In Hong Kong their is a convention of an english first name written in English and a Chinese character written last name. In Mayanmar everyone has a first name.

Meaning in Wisdom Traditions

Different wisdom traditions ascribe different ways to interpret and ascribe meaning in names.

NickName

These arise when people start to refer to us by a different name then the name we might give ourselves. We can take these on and they can become our name. They might arise from our families, from school, from sports teams, social clubs, work places. In these different contexts, the name that we are referred to may have nothing to do with the name our our birth certificate and the people using the name to refer to us.

Name on Government Issued Paperwork

We have a convention in the liberal west of registering names with the state. This originated out of several practices in the last several hundred years. One key aspect of this is to both provide services to citizens but also to control citizens.

Pen Name / Stage Name

A name used by artists for their artistic expression and authorship. It does not match the name on government issued paperwork and is often used to obscure the link between such authorship and government paperwork names so that they are free to express themselves artistically.

Autonym

A name that one uses to refer to themselves. An example is that when Jorge Mario Bergoglio became pope he chose to become Pope Francis.

Pseudonym

A name that one uses to interact in various contexts that may be linked one’s name on one’s government issued paperwork. Bob is clearly linked to the name Robert or Barb to Barbara or Liz to Elizabeth on government issued paperwork. It is important to note that many non-european languages also have examples of these.

Mononym

This is name consisting of a single word. Examples include Stilgarian and Sai. Madona or Cher are examples of Pseudonymous, Mononym, Stage Names

Handle

A name that one uses to represent ones digital identity in online contexts. It arose in computer culture when people needed to have a user name within a computer system. This is closely related to Screen names.

Screen Name

The name that one chooses to have displayed on screen. In a system like World of Warcraft the service knows identity information of their clients who pay monthly to access their service. They choose to support those player presenting to the other players on the system and forums a “screen name” that reflects their gaming persona or character name.

Name Haystack

Different Names have different qualities of hiding in the haystack of the similar or the same names. Some people have huge name – haystacks where tens of thousands people have the same name – Mike Smith, Joe Johnston, Mohamed Husain, Avi Blum, Katherine Jones. Mike Garcia who works for NIST said that there were 17 different Mike or Michael Garcia’s. People use pseudonyms to help manage the fact that name-haystacks exist making them more or less identifiable depending on the size of theirs.

Roles

RBAC – Roll Based Access Control is based on managing the rights and privileges for digital systems based on roles. When a person gets a role assigned to them the inherit the privileges.

Community groups also have different roles that might have . Earn role from getting a degree.

Titles, Given and Created

There is a history of titles being pasted down.

Eastern Wisdom Traditions pass them down from guru to student creating lineage’s.

I have had conversations with friends about who the next “Identity Woman” might be. This identity that I have constructed to hold an aspect of my self – work focused on people’s rights around their digital selves. I could see at some point handing this identity over to someone else who wants to continue the torch over.

Collective Single Identity

Theses identities are co-created by two or more people. They are managed and maintained and people jointly act together to create a persona.

by Kaliya Hamlin, Identity Woman at December 11, 2014 09:52 PM

Kaliya Hamlin

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 3: Identifiers

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Part 1:  Intro + hat is Identity?   Part 2: Names   Part 4: Name Space, Attributes and Conclusion.

This is Part 3:

Identifiers

For people Names are a special class of Identifiers. They are both self-asserted by people and are used to refer to them and acknowledge them in social context.

System Identifiers

In systems, bureaucratic, digital and techno-bureaucratic identifiers are alpha numeric string pointers at/for people in systems.

This may seem simple but their are many different types and a person with a record in a system will likely have more then one type. To get these different types of identifiers I will share different examples.

Persistent Correlateable Identifiers

This type of identifier is re-used over time within contexts and across multiple contexts.

Examples

Student Number - When I enrolled at my university I was assigned an 8 digit student number. This number was persistent over my time as a student at the school. When interacting with school institutions I was asked to share this number so that activity could be linked together across different facets of the institution.

Social Security Number – This number is issued by the federal government to those born in the US as part of the standard process for being born. It is meant to help those who submit money to the SSN system and when they retire be able to collect money from the system.

Phone Number - People today often have a personal number that they use across many different contexts. It is common place to ask for a phone number to be able to contact a person. What people don’t know is that those are used to look people up in data broker services. The phone number is used to link together activity across contexts.

E-mail Address - Many people have one personal address and use it These are often used across different contexts. What people don’t know is that those are used to look people up in 9data broker services like RapLeaf.

Directed Identifiers

A directed identifier is created to support individuals using different identifiers in different contexts. The purpose of this is to inhibit the ability to link records across contexts.

Examples

The British Columbia eID System – This system enrolls citizens and issues a card to them. When the card is used to access different government systems by the citizens. It does not use one identifier for the citizen. Rather for each system it uses a different identifier for the system – an identifier directed for a particular system.

Defacto Identifiers

By combining a name names, and key attributes together systems use this combination to create a defacto identifier which uniquely identifies a person often in the context of a whole society. An example is the us of “name” “birth date” and “birth place”. It seems innocent enough to be asked for one’s name, birthdate and place but this becomes a persistent correlateable identifier to link and track activity across many systems. The creation of defacto identifiers that are persistent and correlateable limits people’s ability to control how they present in different contexts.

Opaque Identifiers

An opaque identifier is one that does not give away information about the subject it identifies.

Examples of Opaque Identifiers

The BC Government eID program has at its core an opaque identifier on each card – it points to their card record. It is just a number with no meaning. If they loose their card a new opaque identifier is issued for their next card.
Examples of Non-Opaque Identifiers

National Identity Number in South Africa contains a lot of information it is a 13-digit number containing only numeric characters, and no whitespace, punctuation, or alpha characters. It is defined as YYMMDDSSSSCAZ:

  • YYMMDD represents the date of birth (DoB);
  • SSSS is a sequence number registered with the same birth date (where females are assigned sequential numbers in the range 0000 to 4999 and males from 5000 to 9999);
  • C is the citizenship with 0 if the person is a SA citizen, 1 if the person is a permanent resident;
  • A is 8 or 9. Prior to 1994 this number was used to indicate the holder’s race;

• Z is a checksum digit.

The US Social Security Number is created via a formula and so the number gives away information about the person it identifiers.

Phone numbers give away information about the metro region that a person was issued the number from.

End-Point

Some identifiers that represent people are also end-points to which messages can be sent.

Physical Address

It is often forgotten in conversations about digital identity that we had a system of end-points for people before networks known as a mailing address. They system of mailing addresses was developed and is maintained by the US postal service.

Network Address

Phone Number – Now with cellular phones people have their own phone numbers (not just one for a household or their workplace as a whole). This permits both voice calls being made, text messages and MMS Multi-Media messages. The name space for phone number originates from the ITU-T. They are globally unique. They are also recyclable.

E-mail Address – These addresses permit people to send messages to the address they have. They are globally unique. The name space for domain names resides with ICANN. They are also recyclable.

Device Identifier

Many digital devices have unique identifiers. Activity on digital networks can be linked together by tracking these activity originating from particular devices even if people using them .

Non-End-Point

These are identifiers that do not resolve in digital or physical networks.

Document Identifiers

Documents like birth certificates have serial numbers that identify the document.

Document Validation Systems

These systems are used to look up which documents are infact valid. When properly constructed they don’t give away any information about the person. Those using the system type in the serial number of the document and information it contains and the system simply returns a Yes/No answer about weather it is valid or not.

Beacons

A beacon actually broadcasts from a digital device a persistent correlateable identifier to any device that asks for it. It creates a form of tracking people and their devices in the physical world.

Examples

RFID chips, cellular phones, laptop computers

Polymorphic

These systems generate different identifiers depending on context.

Examples

The BC eID system way of using one card that then supports the use of different identifiers depending on context.

Time Limited & Revocable

Some identifiers are created and point at a person but are revocable. An example is a phone number that is after one stops paying one’s phone bill for a month is re-assigned to another person. An employee at a company may have an employee number that is revoked (no longer valid) once employment is terminated. A passport number is an identifier that has a time limit it is good for 5 or 10 years. A landed immigrant card (green card) in the US is only good for 10 years.

Un-Revocable

These identifiers are persistent and are not revoked. Examples include Social Security Numbers.

Identifier Issues

Identifier Recycling

Some identifiers are in systems where identifiers that point at one person can be discontinued (they stop paying their phone bill or using their e-mail address) and then the identifier can be re-assigned to a different user.

Delegation (Acting on Behalf of Another)

This functionality is critically to a variety of user populations. Elders who want to delegate access to their accounts children. Service professionals who have contractual relationships with clients such as an accountant managing access to financial & tax records. Most systems are designed with an assumption that people themselves are the only one accessing accounts. This creates a problem when people want to delegate access they have to turn over their own credentials so the person they are delegating to “pretends” to be the actual user.

Stewardship (Care-Taking – Oversight)

Their is another role that is slightly different then delegation when someone turns over a power of attorney like function for a particular account/set of functions. Stewardship of identity is the type of relationship a parent has for a child’s identity or the type of care needed to help the mentally disabled with their interactions online.

The Mesh of Pointers

We end-up with a way that identifiers work together as a web of pointers towards a particular individual.

by Kaliya Hamlin, Identity Woman at December 11, 2014 09:52 PM

Kaliya Hamlin

The Field Guide to Identity: Identifiers, Attributes, Names and More. Part 4: Name Spaces, Attributes, Conclusion

This paper is still being worked on. I submitted it to the 2014 ID360 Conference hosted by the Center for Identity at the University of Texas at Austin and was sent to present it there until I had to back out because I was still sick from attending the NSTIC meeting in San Jose 2 weeks before. Another version will be submitted for final publication – so your comments are welcome.

Part 1: Intro + What is Identity?   Part 2: Names   Part 3: Identifiers

This is Part 4:

Name Spaces

Different identifier systems work differently some originate from physical space and others operate purely in the digital realm.

Local

A great example of a local name space in the physical world is a school classroom. It is not uncommon in american classrooms that when there is a name space clash – that is two people have the same name in the same space – they take on different names to be identifiable within that context. Take for example those with the names “Stowe” “Fen” and “Chris” – each is one part of the name Christopher : Chris – Stowe – Fer. When they were in grade school each took on a different part of the name and it stuck with them.

Global

These names spaces mean that identifiers within them are unique and global. Phone numbers, domain names and thus e-mail addresses.

Private

Some private name spaces seem like global name spaces but they are run by private companies under privately decided terms and conditions. Examples include skype handles, twitter handles,

International Registry

These are identifiers in a global space that are registered and managed globally an example is domain names.

Attributes

Self Asserted

These are attributes that people self defined. They include things that are subjective like “favorite color” or “name”

Inherent

These arise from the individual and typically do not change (such as birth date) and are not as morphable. Sex and ethnic identity are things that people have and display in the physical world that don’t (typically) change throughout one’s life.

Ascribed

These are attributes that are given to us by others or by systems. This may include names that are imposed on us by social convention and or power relationships.

Assigned

These are attributes that are given to us by others or by systems.

Examples:

Social Security Numbers are assigned by the Social Security Administration.

Conclusion

Identity is a big topic and outlining the core concepts needed to understand it was the purpose of this paper. We need to think about how the systems that manage identity are structured. Are they designed to have power over people, supporting people having power with one another or enabling power to be networked between us to create something greater then ourselves. These questions are relevant across the whole life-cycle of identity from cradle to grave.

by Kaliya Hamlin, Identity Woman at December 11, 2014 09:51 PM

Nat Sakimura

「同意なんて本当はいらないんじゃない?」 – WirelessWire News(ワイヤレスワイヤーニュース)

私のことが、ワイヤレスニュースに出ていました。

「同意なんて本当はいらないんじゃない?」 – WirelessWire News(ワイヤレスワイヤーニュース).

若干補足をすると、僕が言いたかったのは、

  1. 「明示的な同意」というのは、既にそれが必要な段階で同意すべきものでは無い(何故なら、それは、直接的業務に不必要なデータを取得しようとしているということだから)ので「いらない」。基本的には「暗黙の同意」ベースにすべきだ。
  2. いたるところにカメラのある社会でのべつくまなくデータを垂れ流して歩いている現代人に対しては、取得は時・ところかまわずリアルタイムでずっと起き続けてしまう。つまり、従来に比べて「観測による取得」の比重が増える。この場合、「取得前の同意」というのは破綻していて、「利用前の同意」にシフトせざるを得ない。
  3. 「推測による取得(プロファイリング)」には、本人にとってメリットのあるもの、デメリットのあるもの両方ある。基礎データが取得されていることを本人が知っていて、データのオプトアウトも容易で、かつメリットが有る確率がデメリットの確率に比べて格段に高いならば、そのように「良くしてもらう」ことは本人の期待の範囲として、「暗黙の同意」がある範囲として扱って良いのではないか?一方、デメリットのほうが当該個人について出てしまった場合、企業は少なくとも通知し利用の同意を取らなければならない。

です。 「同意」が要らないなんて言ってないからねw。

by Nat at December 11, 2014 03:36 AM

December 04, 2014

Nat Sakimura

千本桜から小林幸子から和楽器バンドから伝統音楽への流れ

今日流れてきた記事に『小林幸子が示した「干され芸能人」が生き残るための道』というのがあった。芸能界を干された小林幸子がNico動でボカロ曲を歌って復活してきているという話で、ある意味従来モデルの終わりの始まりが示唆されていて面白い記事だった。

そこから、「さちさちにしてあげる♪」→「紅一葉を哀愁感たっぷりで歌ってみた」→「千本桜 【カウントダウンLIVE】」とたどった。

千本桜 」は、2011年黒うさPが作詞・作曲・編曲し、ボーカルに音声合成ソフト「初音ミク」を使用してインターネット上で公開した楽曲で、カラオケなどでも非常に流行っている曲だという[1]。(私は聞いたことなかったが。)オリジナルは、こんな感じ。

動画の完成度に驚かされるが、歌は流石に小林幸子の方が良いなぁと思いつつ下を見たら、「和楽器バンド」というのが見えた。それが、これ。しびれますね[2]。

始まりは和楽器だけ。そしてボーカルの歌い出しから明らかに邦楽をやっている人だというのが分かる。ちょいと調べたら、2012年のコロンビア全国吟詠コンクールの優勝者らしい。すぐに洋楽器も重ねられて低音も補われ、普通のロックとしても聴きやすく成っていて、「これなら世界に出られるんじゃない?」という感じ。ぜひ、クールジャパンで売りだして欲しいところだ[3]。

by Nat at December 04, 2014 05:39 PM

December 01, 2014

Kaliya Hamlin

Field Guide to Internet Trust Models: The Sole Source

Sole Source

A Sole Source is an organization that acts as identity provider (IdP) and relying party (RP) for itself. This organization issues all identities that it recognizes, and only trusts identities that it has issued.

An organization like this does not federate identities at all. Because it does not connect to anything else, this model is sometimes referred to as a Silo, an Identity Island, or a Standalone Domain. The service provider performs its own verification and dictates governance, privacy, and technical terms to all participants.
There is minimal – if any – negotiation between the requester and the service provider. The service provider manages the entire account lifecycle from creation through retirement.

Examples
Historically, this has been the most common identity model because it can be implemented simply and gives the service provider the most control. Large, consumer-facing services like eBay, Facebook, and Yahoo! were created with sole source identity, although many are adopting newer models as internet technology has evolves. Internal corporate services are often sole source, and only accept identities issued by the organization.

The Sole Source identity model

Financial services, and health insurance, are likely to remain sole source identity providers until a strong, multifactor identity gains momentum with consumers and liability questions are settled. There have been several attempts to do this, but none has yet achieved critical mass.

Being a sole source provider does not guarantee account security, as end users may simply give their account login and password to a third party. Tricking users into giving up account information is a common tactic used by “phishing” sites and other criminals, but legitimate services like Mint.com (a US-based financial service provider) also ask for credentials in order to combine information from sites that do not provide APIs.

When to Use
A service that maintains particularly confidential information or valuable assets, or that operates in an uncertain environment. If proper operation and risk management requires a high level of assurance, then consider being a sole source.

Advantages
The service provider can authenticate requesters to whatever level of assurance it desires before issuing an identity and does not depend upon third parties.

Disadvantages
The service provider bears the full management cost of the identity life cycle. The requirement to create a new identity may discourage potential users of the service. The service must provide a product attractive enough to justify asking the requester to create and manage a new account.

Ability To Scale
When the service provider does not need to integrate with any other services or when it is in a position to dictate terms, a sole source trust model can scale to very large systems. The requirement to create and remember new identity can be a barrier to growing the number of active users.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 05:20 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Centralized Token Issuance, Distributed Enrollment

A special case peer-to-peer network. Participants want to establish trusted identities that can be used securely for ongoing, high-value communication among organizations. A trusted, central provider issues identity tokens which are then enrolled independently by each service provider. Service providers are not required to cooperate or accept one another’s enrollments.

Examples: The most common examples are RSA SecurID and SWIFT 3SKey. Hardware tokens are issued by a trusted provider, which are then used to authenticate individual identities.

Each service will require the user to enroll separately, but once the user has registered they can use the token for future interactions.

When the requester wants to use a service, they’re authenticated using the token.

When to use: Strong Authentication across a range of business entities who may have different enrollment requirements.

Advantages: Can provide a high level of identity assurance to institutions spread across legal and national boundaries.

Disadvantages: Can be expensive and complex to implement. Depends upon the existence of a trusted third party who can issue and ensure the security of hardware tokens. Hardware tokens can be lost.

Ability to scale: Can scale to large networks.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:49 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Pairwise Agreement

Two institutions want to trust identities issued by one another, but there is no outside governance or policy framework for them to do so. They negotiate a specific agreement that covers only the two of them. Each institution trusts the other to properly manage the identities that it issues.

Examples: A pairwise agreement can specify governance, security and verification policies, or specific technical methods.

Businesses might negotiate pairwise agreements with large supplier. Educational institutions may craft specific research agreements.

When to Use: Business or institutional partners want to grant one another access to confidential systems or information, but no standard contracts or umbrella organizations exist.

Advantages: Organizations can grant one another access to scarce resources and confidential information. Highly customized for the specific situation and participants.

Disadvantages: Time consuming and complex to negotiate, expensive. Difficult to scale.

Ability to Scale: Pairwise federations do not scale well, because each additional party will need to make a custom agreement with every other party.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:46 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Introduction

This is the first in a series of posts that cover the Field Guide to Internet Trust Models Paper. The paper was presented at the University of Texas at Austin ID360 Conference in 2013.

This paper was collaboration between myself and Steve Greenberg. I had an outline of all the Trust Models and worked with Steve Greenberg for several months to shape it into the paper.

The full papers is downloadable [Field-Guide-Internet-TrustID] (see the bottom of this post for a link to a post on each of the models).

The decreasing cost of computation and communication has made it easier than ever before to be a service provider, and has also made those services available to a broader range of consumers. New services are being created faster than anyone can manage or even track, and new devices are being connected at a blistering rate.

In order to manage the complexity, we need to be able to delegate the decisions to trustable systems. We need specialists to write the rules for their own areas and auditors to verify that the rules are being followed.

This paper describes some of the common patterns in internet trust and discuss some of the ways that they point to an interoperable future where people are in greater control of their data. Each model offers a distinct set of advantages and disadvantages, and choosing the appropriate one will help you manage risk while providing the most services.

For each, we use a few, broad questions to focus the discussion:

  • How easy is it for new participants to join? (Internet Scale)
  • What mechanisms does this system use to manage risk? (Security)
  • How much information the participants require from one another how strongly verified?

(Level of Assurance -not what I think assurance is…but we can talk – it often also refers to the strength of security like number of factors of authentication )

Using the “T” Word
Like “privacy”, “security”, or “love”, the words “trust” and “identity”, and “scale” carry so much meaning that any useful discussion has to begin with a note about how we’re using the words.
This lets each link the others to past behavior and, hopefully, predict future actions. The very notion of trust acknowledges that there is some risk in any transaction (if there’s no risk, I don’t need to trust you) and we define trust roughly as:
The willingness to allow someone else to make decisions on your behalf, based on the belief that your interests will not be harmed.
The requester trusts that the service provider will fulfill their request. The service provider trusts that the user won’t abuse their privileges, or will pay some agreed amount for the service. Given this limited definition, identity allows the actors to place one another into context.

Trust is contextual. Doctors routinely decide on behalf of their patients that the benefits of some medication outweigh the potential side effects, or even that some part of their body should be removed. These activities could be extremely risky for the patient, and require confidence in the decisions of both the individual doctor and the overall system of medicine and science. That trust doesn’t cross contexts to other risky activities. Permission to prescribe medication doesn’t also grant doctors the ability to fly a passenger airplane or operate a nuclear reactor.

Trust is directional. Each party’s trust decisions are independent, and are grounded in the identities that they provide to one another.

Trust is not symmetric. For example, a patient who allows a doctor to remove part of their body should not expect to be able to remove parts of the doctor’s body in return. To the contrary, a patient who attempts to act in this way would likely face legal sanction.

Internet Scale

Services and APIs change faster than anyone can manage or even track. Dealing with this pace of change requires a new set of strategies and tools.

The general use of the term “Internet Scale” means the ability to process a high volume of transactions. This is an important consideration, but we believe that there is another aspect to consider. The global, distributed nature of the internet means that scale must also include the ease with which the system can absorb new participants. Can a participant join by clicking “Accept”, or must they negotiate a custom agreement?

In order to make this new world of user controlled data possible, we must move from a model broad, monolithic agreements to smaller, specialized agreements that integrate with one another and can be updated independently.

A Tour of the Trust Models

The most straightforward identity model, the sole source, is best suited for environments where the data is very valuable or it is technically difficult for service providers to communicate with one another. In this situation, a service provider issues identity credentials to everyone it interacts with and does not recognize identities issued by anyone else. Enterprises employing employees, financial institutions, medical providers, and professional certifying organizations are commonly sole sources. Because this is the most straightforward model to implement, it is also the most common.

Two sole sources might decide that it’s worthwhile to allow their users to exchange information with one another. In order to do so, they negotiate a specific agreement that covers only the two of them. This is called a Pairwise Agreement and, while it allows the two parties to access confidential resources, the need for a custom agreement makes it difficult to scale the number of participants. This is also a kind of federated identity model, which simply means that a service accepts an identity that is managed someplace else.

As communication technology became more broadly available, the number of institutions who wanted to communicate with one another also increased. Groups of similar organizations still wanted to issue their own identities, but wanted their users to be able to interact freely with one another. The prospect of each service having to negotiate a custom agreement with every other service was daunting, so similarly chartered institutions came up with standard contracts that allow any two members to interact. These groups are called Federations, and there are several different kinds. Federation agreements and membership are managed by a Contract Hub.

When the federation agreement limits itself to policy, governance, and common roles, but leaves technical decisions to the individual members, it’s referred to as a Mesh Federations. Individual members communicate form a mesh, and can communicate directly with one another using whatever technology they prefer.

Alternatively, a Technical Federation defines communication methods and protocols, but leaves specific governance and policy agreements to the members. In some cases, the technical federation may also route messages between the members.

As the number of services has increased, so has the problem of managing all of those usernames and passwords. Users might decide to reuse an existing identity rather than creating a new one. In recent years, some organizations have made identities that they issue available to other services. Service providers accept these identities because it lowers the cost of user acquisition. When the same entity provides identities for both the requester and the service provider, it is referred to as a Three Party Model.

If the requester and the service provider have provider have separate but compatible identity providers, it is called a Four Party model. This is present in highly dynamic models, such as credit card processing,

Peer-to-peer networks are for independent entities who want to identity assurance, but who lack a central service that can issue identities to everyone. To get around this, the participants vouch for one another’s identities.

Individual contract wrappers are an innovation to enable complex connections between services where the terms and conditions of using the data are linked to the data.

Common Internet Trust Models

Sole source: A service provider only trusts identities that it has issued.

Pairwise Federation: Two organizations negotiate a specific agreement to trust identities issued by one another.

Peer-to-Peer: In the absence of any broader agreement, individuals authenticate and trust one another.

Three-Party Model: A common third party provides identities to both the requester and the service provider so that they can trust one another.

“Bring your Own” Portable Identity: In the absence of any institutional agreement, service providers accept individual, user-asserted identities.

“Winner Take All” Three Party Model: Service provider wants to allow the requester to use an existing identity, but only accepts authentication from a single or very limited set of providers.

Federations: A single, standard contract defines a limited set of roles and technologies, allowing similar types of institution to trust identities issued by one another.

Mesh Federations: These share a common legal agreement at the contract that creates permissible interoperability.

Technical Federations:  These share a common technical hub responsible for making the interoperability happen.

Inter-Federation Federations: This is what happens when one federation actually inter-operates with another federation.

Four-Party Model: An interlocking, comprehensive set of contracts allows different types of entity to trust one another for particular types of transaction.

Centralized Token Issuance, Distributed Enrollment: A shared, central authority issues a high-trust communication token. Each service provider independently verifies and authorizes the identity, but trusts the token to authenticate messages.

Individual Contract Wrappers: Manage how personal data is used rather than trying to control collection. Information is paired contract terms that governs how it can be used. Compliance is held accountable using contract law.

Open Trust Framework Listing: An open marketplace for listing diverse trust frameworks and approved assessors.

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:39 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Peer-to-Peer Trust and Identity

Peer-to-Peer Identity

When no central identity provider or governance agreement is present, participants assert their own identities and each individual decides who they trust and who they do not. Each participant is a peer with equal standing and each can communicate with anyone else in the network.

Examples: The most familiar peer-to-peer network is probably e-mail. An internet host can join the e-mail network with little more effort than updating its DNS entry and installing some software. Once a host has joined the network, individual e-mail addresses are easily created with no requirement for approval by any central authority. This flexibility and ease of account creation helped spur the growth of the internet, but also allows spam marketers to create false emails.

The best known secure peer-to-peer identity networks on the Internet have been implemented using public key cryptography, which allows participants to trust messages sent over insecure channels like email. Products like PGP and it’s open source counterpart gpg are the most common implementations of public key messaging tools.

When To Use: No central identity provider is available but network participants can exchange credentials.

Advantages: No dependence on a central identity provider. No formal agreement needed to join the network. Participants can assert any identity that they want. Secure peer-to-peer technologies can provide a high degree of confidence once identities have been exchanged. Peer-to-peer models are very flexible, and can support a wide range of trust policies.

Disadvantages: No governing agreement or requirement to implement any policies. Secure deployment requires a high degree of technical sophistication and active management. Individually verifying each participant can be labor intensive. Tracking identities that have been revoked can be complex and error prone.

Ability to Scale: If security requirements are low, peer-to-peer networks can grow very large because new members can join easily. Higher levels of security can be complex to deploy and operate, and can impose a practical limit on the size of the network.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:39 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Three Party Model

Three Party Model

A trusted third party provides identities to both the requester and service provider. In order to interact with one another, both must agree to trust the same identity provider.

Examples: Google, Facebook, American Express, Paypal, Amazon, iTunes App Store

There are two broad types of Three Party Model. If one (or both) of the parties insists on a particular identity provider, we refer to it as a Winner Take All network because other identity providers are locked out. If only technical methods are specified and the requester is free to specify any identity provider they like, we refer to it as a Bring Your Own Identity network.

When to Use: An identity provider may choose to offer a three party model when it can provide identities more efficiently than the requester or service provider can on their own. Requesters and service providers may choose to implement a three party network for access to an existing market.

Advantages: Separates identity management from the service being provided. In cases where a shared third party is available, this model simplifies the process of exchanging trusted identities. Malicious actors can be identified and isolated from the entire network. Requesters can use a single identity with many service providers, and service providers can trust requesters without having to verify each one.

Disadvantages: Because participants can only interact if they have been authenticated by a single identity provider, that provider wields substantial power. The identity provider effectively controls the requester’s ability to use services and the services’ ability to work with requesters.

For instance, a requester who loses their account with the identity provider also loses all of the services where they used that identity. If you use your Facebook to sign in to other products then you also lose those other products if your Facebook account is closed.

Ability to Scale: Very difficult to get started because a three party network is not interesting to service providers until it has users, but only attracts users if it has interesting services. Once they are established and functioning, however, a successful three party network can grow extremely large.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:37 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Bring Your Own Identity

A special case of the three party model where the service provider specifies the technical methods that it will accept, but allows the requester to choose any identity service they like. The service provider does not set details for identity verification or authentication and simply assumes that the requester has chosen one that’s good enough for their purposes. The service provider and requester agree to terms, the requester and the identity provider agree to terms, but the service provider does not make any agreement with the identity provider.

Examples: The most common Bring Your Own Identity technologies are SAML, OpenID, and email address verification.

When to Use: The service provider does not want to bear the cost of managing the requester’s identity, or wants to simplify account creation and sign-in.

Advantages: The requester can use an existing identity rather than having to create a new one for this service. If the requester chooses a good identity provider, the service gets the benefit of higher security with no additional cost.

Disadvantages: The account is only as secure as the authenticating service. The service provider depends on the user to select a trustworthy identity service.

Designing a user interface that allows the user to specify an identity provider has proved to be difficult. Consumers don’t generally have the experience to know a good identity provider from a bad one so, in practice, they depend upon seeing a familiar brand. When OpenID was first introduced, supporting sites attempted to help by listing a large set of brands so that the user could choose a familiar one. The resulting products ended up so festooned with logos that they were likened to NASCAR cars, and ended up being more confusing than helpful.

Ability to Scale: Very high.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:36 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Winner Take All

3Party

“Winner Take All” Three Party Model

A special case of the three party model where the service provider wants to allow the requester to use an existing identity, but only accepts authentication from a defined set of providers. Participants sign an agreement with the identity provider, which also allows them to talk to one another.

Examples: Apple completely controls the channel between app vendors and iPhone users, deciding which applications are available and which users are allowed to use them. Spotify and Zynga games depend upon Facebook for authentication.

When to Use: The service provider wants to take part in a large, established channel, or requires a high level of assurance.

Advantages: The requester can use an existing identity, which lowers the amount of effort required to use a new service. The service provider gets access to the users of an identity network without having to manage the accounts itself. Some identity providers offer higher security than the service could practically provide on its own.

Large three-party model identity providers like Facebook, Google, and PayPal dedicate substantial resources to security.

Disadvantages: Because participants can only interact if they have been authenticated by a single identity provider, that provider wields substantial power. The identity provider effectively controls the requester’s ability to use other company’s products. For instance, a requester who loses their account with the identity provider also loses all of the services where they used that identity. If you use your Facebook to sign in to other products then you also lose those other products if your Facebook account is closed.

Conversely, a service provider that depends on a single third party identity provider leaves themselves open to the third party deciding to change its terms.

Ability to Scale: Difficult to get started because it is only interesting to service providers when it has consumers, but only interesting to consumers if it can offer interesting services. Once they are established and functioning, however, a successful identity provider can build a very large network.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:36 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Federations

Federations

A Federation provides a standard, pre-negotiated set of contracts that allow organizations to recognize identities issued by one another. A federation agreement might specify user roles, governance, security and verification policies, or specific technical methods. The federation is organized around a Contract Hub, which is responsible for the agreements. Organizations with similar goals or structure create a standard agreement rather than negotiating individually.

When to Use: A large number of organizations can agree upon roles and governance, and can create a standard contract.

Advantages: Organizations can recognize identities that one another issue without having to negotiate individual agreements with every party.

Disadvantages: Not customized for individual member organizations. Because of the need to create an agreement that a large number of parties can agree to, the federation might be limited to lowest common denominator roles.

Ability to Scale: Very high.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:35 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Mesh Federation

Mesh Federation

A Mesh Federation provides a legal and policy umbrella so that institutions can interact with one another but does not specify technical methods. Each member organization issues digital identities for its people and the federation agreement provides the legal framework for them to use one another’s resources. The federation agreement might specify governance, policy, or roles, but the member institutions are free to implement using whatever technologies they like. This is referred to as a mesh because participating services connect directly with one one another in order to authenticate identities. For contrast, a federation network that provides a central identity clearing house is referred to a Technical federation (discussed below).

Examples: Mesh federations were pioneered by educational institutions. Universities already had a culture of cooperation and realized that the interest of students and research goals of faculty were best served by the free flow of information. NRENS (National Research and Education Networks) around the world include InCommon in the US, SurfnNET in the Netherlands, and JISC/Janet in the UK.

When to use: Large institutions wish to share resources and can agree on roles and governance, but do not need a central point for authenticating identity.

Advantages: Federation participants don’t need to negotiate custom agreements with every other member.

Disadvantages: Because of the need to gather broad adoption, mesh federations may be limited to the most common roles and might not cover complex use cases.

Ability to Scale: Because the mesh federation provides a standard contract, it scales to a large number of members.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:35 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Inter-Federation Federations

[Image Coming]

Inter-Federation Federations

When organizations are unable to communicate directly with one another because of legal limits or national boundaries, existing federations can negotiate inter-federation federations which allow members of different federations to interact with one another.

Examples: REFEDS, eduGAIN, and Kalmar2 are inter-federation programs for research institutions and higher education.

When to use: Institutions are unable to form direct relationships with one another because of legal or national boundaries, but have existing federations that can negotiate on their behalf.

Advantages: Federations can act as agents, negotiating for members to simplify the complexity of getting agreement among a large number of institutions.

Disadvantages: The complexity of negotiating inter-federation agreements slows the process and may limit the interactions that are covered.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:34 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Four Party Model

Four-Party Model

A four-party model provides a comprehensive set of interlocking legal contracts that detail roles, responsibilities, and technical methods. In order to take part in the network, each party must agree to one of the contracts in a given framework. Identity providers specialize in providing support for particular roles.

Examples: The credit card networks, such as Visa and Mastercard, are implemented as four party networks. These represent a large collection of individuals and institutions, each of which must routinely trust participants they’ve never encountered before.

Parties of all types continually join and leave the network, making it impractical for any single organization to track them all. By creating a standard set of well defined roles that work together, the Visa and Mastercard enable risk assessors to specialize.

Because of the vast difference in the size of the entities involved (anywhere from an individual person to a multi-national corporation), and the complexity of governing law, no single contract could be both complete and understandable by all parties.

To solve this problem, the network created a comprehensive, interlocking set of contracts that lay out all of the roles that entities can play. For each role, the appropriate contract specifies the interactions and responsibilities. The network design allows for multiple identity providers, each of whom can specialize in managing risk for a particular set of users. Risks are managed at the system level.

When to use: Closed network where all parties can be expected to sign a contract to join.

Advantages: Enables a network where participants of different sizes can interact smoothly with one another. Allows for specialization of risk management in a complex, constantly changing network where participants frequently join and leave.

Disadvantages: Depends upon the ability to create comprehensive contracts. Risk management can impose substantial costs on the network.

Ability to scale: Four party models can scale to a large number of participants.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:33 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Individual Contract Wrappers

Individual Contract Wrappers

When providing information to a service, the requester also provides terms for how that information can be used. Service providers agree to honor those terms in exchange for access to the data, and compliance is enforced through contract law. Terms might include an expiration date, limits on whether the data can be re-sold, or whether it can be used in aggregate form. This model is the mirror image of the Sole Source.

Examples: Personal.com offers a service that provides end users with a place to store personal data. Service providers agree to abide by a set of agreements in order to use this data.

When to use:

Advantages: Provides an incentive for the requester to provide clear, correct, and up-to-date information. In exchange for accepting limits on how the data can be used, the service provider gains access to better quality and more complete data.

Disadvantages: Emerging technology with evolving standards, not widely supported yet.

Ability to scale: It has a high ability to scale but it is almost a reverse architecture of the Sole Source and some of the same challenge.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:33 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Open Trust Frameworks

A Trust Framework is a specification that describes a set of identity proofing, security, and privacy policies. The framework is authored by subject matter experts, and is written with the intent that compliance can be assessed. The framework also lists the qualifications that an assessor must have in order to judge compliance.

A Framework Listing Service provides a publicly visible location where trust frameworks can be published and tracked. The listing service sets guidelines for acceptable frameworks and accredits assessors to verify that services implement the frameworks properly.

Examples: The Open Identity Exchange (OIX), Kantara Initiative, and InCommon operate framework listing services. A Framework Creator authors a trust framework that specifies identity validation policies and publishes it to a Framework Listing Service. The framework may also specify the qualifications required in order to be a valid assessor of the policy.

When to use: This should be used by networks who share a common set of technology and policy needs but are not in the business of creating technology networks or accrediting compliance.

Advantages: Standard, publicly available specifications that are designed by subject matter experts. Assessors can verify that the frameworks are implemented properly.

Disadvantages: Not broadly supported, evolving model.

Ability to scale: Because each component can be independently updated, a network based on open trust frameworks could potentially scale to be very large.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:32 AM

Kaliya Hamlin

Field Guide to Internet Trust Models: Technical Federation

In addition to contract terms, a Technical federation also provides a central service that acts as a clearinghouse for identity operations. It routes authentication requests from the service back to the requester’s chosen identity provider, translating protocols as needed. The existence of a central service lowers the technical and administrative costs of participating in the network. For contrast, a federation network where the participants connect directly with one another rather than going through a central clearinghouse is called a Mesh.

Examples: WAYF provides federated single sign-on to Denmark’s higher education, research institutions, and libraries.

When to Use: A large entity is available to act as an identity clearing house.

Advantages: Encourages use of digital identity by providing a central clearinghouse for authentication. Service providers only need to integrate with a single identity provider. Requesters can choose from a variety of identity providers.

Disadvantages: Requires substantial investment that may only be available to very large institutions or states.

Ability to Scale: Can scale to support national identity programs.


The full papers is downloadable [Field-Guide-Internet-TrustID] Here is a link to introduction of the paper and a at the bottom of that post is a link to all the other models with descriptions.  Below are links to all the different models.

Sole source, Pairwise FederationPeer-to-Peer,

Three-Party Model 1) “Bring your Own” Portable Identity 2) “Winner Take All” Three Party Model:

Federations 1) Mesh Federations 2) Technical Federations 3) Inter-Federation Federations

Four-Party Model, Centralized Token Issuance, Distributed Enrollment, Individual Contract Wrappers, Open Trust Framework Listing

by Kaliya Hamlin, Identity Woman at December 01, 2014 04:32 AM

November 29, 2014

Nat Sakimura

マッサンの主題歌「麦の唄」とソ連国歌が似ている?

今放映中のNHK朝ドラ「マッサン」の主題歌は、中島みゆき作曲の「麦の唄」という曲である。某所でこれがソビエト連邦国歌に似ているという話を聞いたので、早速調べてみました。いや、マッサン見てないので、曲も全然知らなかったんですよね。

で、まず、「麦の唄」のサビの部分:

http://www.sakimura.org/wp-content/uploads/2014/11/c61ad03f5ac8486779fcef1b32d39685.m4a

mugi-no-uta

確かになんか聞いたことがあるような。どこでだろう、と思ったら、どうやらソビエト連邦国歌=ロシア連邦国歌のサビの部分がよく似ているようです。これです:

http://www.sakimura.org/wp-content/uploads/2014/11/russian-anthem.m4a

Russian_Anthem

なるほど、確かに似ていますね。最初の2小節はほぼ一緒と言っても良い。とはいえ、2小節だけですからねぇ…。でも、サビなので、印象に残るのでしょうね。

でわでわ。

by Nat at November 29, 2014 03:05 PM

November 21, 2014

Nat Sakimura

IDMからIRMへ~変わるアイデンティティーの地平

本日(2014/11/21)14:15より、品川インターシティにて行われた第6回OpenAMコンソーシアムセミナーで、基調講演をやってまいりました。

題して

「IDMからIRMへ
変わるアイデンティティーの地平」
IDMからIRMへ

by Nat at November 21, 2014 06:00 AM

November 11, 2014

Nat Sakimura

XACML v3.0 Privacy Policy Profile Version 1.0 パブリック・レビュー

eXtensible Access Control Markup Language (XACML) のCommittee Specification Draft (CSD) の15日間のパブリックレビューピリオドが、11/12から始まります。

この規格案は、プライバシーポリシーをXACMLで表すためのものです。

期間は11/12 0:00 UTC ~11/26 23:59 UTCです。

対称の文書のURLは以下のとおり:

Editable source (Authoritative):
http://docs.oasis-open.org/xacml/3.0/privacy/v1.0/csprd03/xacml-3.0-privacy-v1.0-csprd03.doc

HTML:
http://docs.oasis-open.org/xacml/3.0/privacy/v1.0/csprd03/xacml-3.0-privacy-v1.0-csprd03.html

HTML with inline tags for direct commenting:
http://docs.oasis-open.org/xacml/3.0/privacy/v1.0/csprd03/xacml-3.0-privacy-v1.0-csprd03-COMMENT-TAGS.html

PDF:
http://docs.oasis-open.org/xacml/3.0/privacy/v1.0/csprd03/xacml-3.0-privacy-v1.0-csprd03.pdf

コメントは、OASISのコメント機能を使って送信可能です。

送信されたコメントは以下から参照可能です。

http://lists.oasis-open.org/archives/xacml-comment/

送信された全てのコメントは、OASIS Feedback Licenseによって提出されたとみなされます。詳しくは以下の[3][4]をご参照ください。

========== Additional references:

[1] OASIS eXtensible Access Control Markup Language (XACML) TC
http://www.oasis-open.org/committees/xacml/

[2] Previous public reviews:

* 15-day public review, 23 May 2014: https://lists.oasis-open.org/archives/members/201405/msg00019.html

* 60-day public review, 21 May 2009: https://lists.oasis-open.org/archives/members/200905/msg00006.html

[3]http://www.oasis-open.org/policies-guidelines/ipr

[4] http://www.oasis-open.org/committees/xacml/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#s10.2.3
RF on Limited Terms Mode

by Nat at November 11, 2014 09:05 PM

Kaliya Hamlin

Quotes from Amelia on Systems relevant to Identity.

This is coverage of at WSJ interview with Amelia Andersdotter the former European Parliament member from the Pirate Party from Sweden. Some quote stuck out for me as being relevant

If we also believe that freedom and individualism, empowerment and democratic rights, are valuable, then we should not be constructing and exploiting systems of control where individual disempowerment are prerequisites for the system to be legal.

We can say that most of the legislation around Internet users protect systems from individuals. I believe that individuals should be protected from the system. Individual empowerment means the individual is able to deal with a system, use a system, work with a system, innovate on a system—for whatever purpose, social or economic. Right now we have a lot of legislation that hinders such [empowerment]. And that doesn’t necessarily mean that you have anarchy in the sense that you have no laws or that anyone can do whatever they want at anytime. It’s more a question of ensuring that the capabilities you are deterring are actually the capabilities that are most useful to deter. [emphasis mine].

This statement is key  “individuals should be protected from the system” How do we create accountability from systems to people and not just the other way around. I continue to raise this issue about so called trust frameworks that are proposed as the solution to interoperable digital identity – there are many concerning aspects to the solutions including what seems to be very low levels of accountability of systems to people.

The quotes from Ameila continued…

I think the Internet and Internet policy are very good tools for bringing power closer to people, decentralizing and ensuring that we have distributive power and distributive solutions. This needs to be built into the technical, as well as the political framework. It is a real challenge for the European Union to win back the confidence of European voters because I think a lot of people are increasingly concerned that they don’t have power or influence over tools and situations that arise in their day-to-day lives.

The European Union needs to be more user-centric. It must provide more control [directly] to users. If the European Union decides that intermediaries could not develop technologies specifically to disempower end users, we could have a major shift in global political and technical culture, not only in Europe but worldwide, that would benefit everyone.

by Kaliya Hamlin, Identity Woman at November 11, 2014 08:14 PM

November 09, 2014

OpenID.net

Errata to OpenID Connect Specifications Approved

Errata to the following specifications have been approved by a vote of the OpenID Foundation members:

An Errata version of a specification incorporates corrections identified after the Final Specification was published.

The voting results were:

  • Approve – 46 votes
  • Disapprove – 0 votes
  • Abstain – 0 votes

Total votes: 46 (out of 194 members = 24% > 20% quorum requirement)

The original final specification versions remain available at these locations:

The specifications incorporating the errata are available at the standard locations and at these locations:

— Michael B. Jones – OpenID Foundation Board Secretary

by Mike Jones at November 09, 2014 07:28 PM

OpenID.net

Implementer’s Draft of OpenID 2.0 to OpenID Connect Migration Specification Approved

The following specification has been approved as an OpenID Implementer’s Draft by a vote of the OpenID Foundation members:

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification.

This Implementer’s Draft is available at these locations:

The voting results were:

  • Approve – 44 votes
  • Disapprove – 1 votes
  • Abstain – 1 votes

Total votes: 46 (out of 194 members = 24% > 20% quorum requirement)

— Michael B. Jones – OpenID Foundation Board Secretary

by Mike Jones at November 09, 2014 07:26 PM

October 21, 2014

OpenID.net

Notice of Vote for Errata to OpenID Connect Specifications

The official voting period will be between Friday, October 31 and Friday, November 7, 2014, following the 45 day review of the specifications. For the convenience of members, voting will actually open a week before Friday, October 31 on Friday, October 24 for members who have completed their reviews by then, with the voting period still ending on Friday, November 7, 2014.

If you’re not already a member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration.
A description of OpenID Connect can be found at http://openid.net/connect/. The working group page is http://openid.net/wg/connect/.

The vote will be conducted at https://openid.net/foundation/members/polls/86.

– Michael B. Jones, OpenID Foundation Secretary

by Mike Jones at October 21, 2014 05:43 AM

OpenID.net

Notice of Vote for Implementer’s Draft of OpenID 2.0 to OpenID Connect Migration Specification

The official voting period will be between Friday, October 31 and Friday, November 7, 2014, following the 45 day review of the specification. For the convenience of members, voting will actually open a week before Friday, October 31 on Friday, October 24 for members who have completed their reviews by then, with the voting period still ending on Friday, November 7, 2014.

If you’re not already a member, or if your membership has expired, please consider joining to participate in the approval vote. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration.

A description of OpenID Connect can be found at http://openid.net/connect/. The working group page is http://openid.net/wg/connect/.

The vote will be conducted at https://openid.net/foundation/members/polls/81.

– Michael B. Jones, OpenID Foundation Secretary

by Mike Jones at October 21, 2014 05:38 AM

October 18, 2014

Nat Sakimura

オンラインサービスにおける消費者のプライバシーに配慮した情報提供・説明のためのガイドラインを策定しました(METI/経済産業省)

検討委員会の委員としてお手伝いしたガイドラインが発表されました。

経産省「オンラインサービスにおける消費者のプライバシーに配慮した情報提供・説明のためのガイドライン
meti-20141017

これは、一昨年のIT融合フォーラム パーソナルデータワーキング・グループの検討結果と、それに引き続き昨年度行われた事業者事前相談の試行を通じて作成された『消費者への情報提供・説明を充実させるための「基準」』を受けて策定されたものです。消費者からパーソナルデータの提供を受ける場合に、どのように通知したらよいか、目的や提供範囲の変更に際してはどうすべきか、などをまとめています。

このような取組は各国で始まっており、特にオンラインの場合はあまりバラバラになると事業者の対応が大変になるので、国際的な調和も求められます。その一環として、ISO/IECにもこれを提出する予定になっており、10月20日から始まるISO/IEC JTC1 SC 27/WG 5 メキシコ会合で、Study Periodの提案が行われることになっています。

この辺りはまた別途ご報告もうしあげます。

(メキシコシティにて)

by Nat at October 18, 2014 11:08 PM

Nat Sakimura

消費者の金融取引の安全性向上のための大統領令発布 – クレジットカードのICカード化や政府サイトの多要素認証対応など

2014年10月17日付で、消費者の金融取引の安全性向上のための大統領令[1]が発布されました。

Executive Order   Improving the Security of Consumer Financial Transactions   The White House

主な内容は以下の3つです。

  • Section 1. 政府への支払いの安全性向上 — 2015年1月以降に導入される決済端末は、より安全な標準規格にもとづいたものになります。具体的にはICチップ対応になります。
  • Section 2. Identity窃盗被害者救済の向上 — 典型的な事例における救済にかかる時間を大幅に短縮するための対策が3つあげられています。
  • Section 3. 政府サイトのアクセスの安全性向上 — 個人情報へのアクセスにあたっては、NSTIC[2]に沿った形で、多要素認証と適切な身元確認への対応が求められます。政府機関は18ヶ月以内にこれに対応しなければなりません。

日本や欧州では、クレジットカードはICチップ付きが主流になっていますが、米国ではまだまだ普及には程遠い状況です。この大統領令のSection 1は、この状況を改善するためのものです。政府機関でのクレジットカードの決済がICチップベースになることで、クレジットカード発行者がICチップ付きのものを発行するようになるための呼び水となることを狙っています。

おりしも同日 Daily Telegraph に

Sorry Mr President; your credit card has been declined
Barack Obama’s card rejected at trendy New York restaurant Estela

という記事が出ました。オバマ大統領がニューヨークのEstelaというレストランで支払いをしようとしたら支払いができなかったという記事です。磁気ストライプだと複製が簡単なので、クレジットカード会社は過去の取引のパターンを使ったリスクベース認証を行っているのですが、オバマ氏は大統領になってからほとんどカードを切ることが無くなったので、このレストランでの支払いが異常な取引としてフラグが上がってしまったわけですね。同記事曰く、

「どうもあんまりカードを使わないものだから、不正行為が行われていると思われたようだね。ミッシェルがカードを持っていて良かったよ。」

「ウェイトレスに、これまでちゃんと支払いをしていると説明したんだけどね。こんなことになってしまった。」

オバマ大統領はロブ・コードレイ米消費者金融保護局長に、クレジットカード顧客を保護するためのもっと簡便な方法が導入される必要が有ることを、この事例は指し示していると語った。

彼は、欧州では普通になっているのに米国ではそうではないICカード決済システム[3]を褒め称えた。

(出所)Rosa Prince: “Sorry Mr President; your credit card has been declined”, Daily Telegraph, 2014/10/17

仕込み記事乙、という感じでありますが、それだけ本気ということでしょう。ちなみに、この話は、AP電/Fox Newsなんかにも出ています。セキュリティの話しじゃみんな読まないけど、オバマ大統領がカード使えなかった!という俗な話にすればみんな読むだろうという読みのもと、メディア戦略うまいですね。

アイデンティティ窃盗はだいぶ前から社会問題になっていました。Section 2は、それに対する対策ですね。具体的な対策と言うよりは、対策を立てなさいという命令ですが。

そしてSection 3.が、政府サイトへのアクセスで、本人が個人情報にアクセスしたりするときのセキュリティレベルを上げ、それによってプライバシーの保護を向上させるというものです。ホワイトハウス筋から事前に聞いていたところによると、これもSection 1.と同じで、民間に対する呼び水にすることを狙っているそうです。今後、これに対応するためにSP800-63の改定もあり得るようです[4]。18ヶ月と切ってあるのは、FCCXのインプリがそれまでに済むということですかね。

ちょうど発表が私の東京→メキシコの移動に重なってしまって、記事を書くのがちょっと遅くなりましたが、まだ日本ではこれが第一報になるのかな…。

ではでは!

(メキシコシティにて)


[1] Executive Order –Improving the Security of Consumer Financial Transactions, http://www.whitehouse.gov/the-press-office/2014/10/17/executive-order-improving-security-consumer-financial-transactions

[2] National Strategy for Trusted Identity in Cyberspace

[3] chip-and-pin payment system

[4] 現行のSP800-63だと多要素認証はLoA3になるが、LoA3の身元確認を要求するのは多分酷なので、LoA2で多要素認証を要求するようになるとか、あるいは、クレデンシャルのレベルと身元確認のレベルを分離させるとかするんじゃないでしょうか。

【関連記事】

by Nat at October 18, 2014 10:29 PM

October 17, 2014

OpenID.net

The Name is the Thing: “The ARPU of Identity”

The name is the thing. The name of this Open Identity Exchange White Paper, the “ARPU of Identity”, is deliberate. ARPU, Average Revenue Per User, is one metric telcos use to measure success. By deliberately using a traditional lens that telcos use, this paper puts emerging Internet identity markets into a pragmatic perspective. The focus of the white paper is on how mobile network operators (MNOs) and other telcos can become more involved in the identity ecosystem and thereby improve their average revenue per user, or ARPU. This perspective continues OIX’s “Economics of Identity” series, or as some call it the “how do we make money in identity” tour in the emerging Internet identity ecosystem. OIX commissioned a white paper reporting the first quantitative analysis of Internet identity market in the UK, where HMG Cabinet Office hosted workshops on the topic at KPMG’s headquarters in London and at the University of Washington’s Gates Center in Seattle.

The timing of this paper on business interoperability is coincidental with work groups in the OpenID Foundation developing the open standards that MNOs and other telco players will use to ensure technical interoperability. GSMA’s leadership with OIX on pilots in the UK Cabinet Office Identity Assurance Program and in the National Strategy on Trusted identity in Cyberspace offer opportunities to test both business and technical interoperability leveraging open standards built on OpenID Connect. The timing is the thing. The coincidence of white papers, workshops and pilots in the US, UK and Canada with leading MNOs provides a real-time opportunity for telcos to unlock their unique assets to increase ARPU and protect the security and privacy of their subscribers/citizen.

In my OpenID Foundation blog, I referenced Crossing the Chasm, where Geoffrey A. Moore argues there is a chasm between future interoperability that technology experts build into standards and the pragmatic expectations of the early majority. OIX White Papers, workshops and pilots help build the technology tools and governance rules needed for the interoperability to successfully cross the “chasm.”

Several OIX White Papers speak to the “supply side” how MNOs and others can become Identity Providers (IDPs), Attribute or Signal Providers in Internet identity markets. Our next OIX White Paper borrows an industry meme (and T-Shirt) for its title, “There’s No Party Like A Relying Party”. That paper speaks to the demand side. Relying Parties, (RPs) like banks, retailers and others rely on identity attributes and account signals to better serve and secure customers and their accounts rely on technical, business and legal interoperability.

By looking at the “flip sides” of supply and demand, OIX White Papers help us better understand the ARPU, the needs for privacy and security and the economics of identity.

Don

by Don Thibeau at October 17, 2014 01:49 PM

OpenID.net

Crossing the Chasm of Consumer Consent

This week Open Identity Exchange publishes a white paper on the “ARPU of Identity”.   The focus of the white paper is on how MNOs and telecommunications companies can monetize identity markets and thereby improve their average revenue per user, or ARPU.   Its author and highly regarded data scientist, Scott Rice, makes a point that caught my eye. It’s the difficulty in federating identity systems because consumer consent requirements and implementations vary widely and are a long way from being interoperable. It got my attention because Open Identity Exchange and the GSMA lead pilots in the US and UK with leading MNOs with funding in part from government. The National Strategy on Trusted identity in Cyberspace and UK Cabinet Office Identity Assurance Program are helping fund pilots that may address these issues. Notice and consent involves a governmental interest in protecting the security and privacy of its citizens online. It’s a natural place for the private sector to leverage the public-private partnerships Open Identity Exchange has helped lead.

Notice and consent laws have been around for years.  The Organization for Economic Co-operation and Development, or OECD, first published their seminal seven Privacy Guidelines in 1980.  But in 1980, there was no world wide web nor cell phone.  Credit bureaus, as we know them today, didn’t exist; no “big data” or data brokers collecting millions of data points on billions of people.  What privacy law protected then was very different than what it needs to protect now.  Back then, strategies to protect consumers were based on the assumption of a few transactions each month, not a few transactions a day.  OECD guidelines haven’t changed in the last 34 years. Privacy regulations and, specifically, the notice and consent requirements of those laws lag further and further behind today’s technology.

In 2013 (and updated in March of this year), OIX Board Member company Microsoft, and Oxford University’s Oxford Internet Institute (OII) published a report outlining recommendations for revising the 1980 OECD Guidelines.  Their report makes recommendations for rethinking how consent should be managed in the internet age.  It makes the point that expecting data subjects to manage all the notice and consent duties of their digital lives in circa 2014 is unrealistic if we’re using rules developed in 1980.  We live in an era where technology tools and governance rules assume the notice part of “notice and consent” requires the user to agree to a privacy policy.  The pragmatic choice is to trust our internet transactions to “trusted” Identity Providers (IDPs), Service Providers (SPs) and Relying Parties (RPs). The SPs, RPs, IDPs, government and academic organizations that make up the membership of Open Identity Exchange share at least one common goal: increasing the volume, velocity and variety of trusted transactions on the web.

The GSMA, Open Identity Exchange and OpenID Foundation are working on pilots with industry leading MNOs, IDPs and RPs to promote interoperability, federation, privacy and respect for the consumer information over which they steward.  The multiple industry sectors represented in OIX are building profiles to leverage the global adoption of open standards like Open ID Connect. Open identity standards and private sector led public-private partnership pilots help build the business, legal and technical interoperability needed to protect customers while also making the job of being a consumer easier.

Given the coincidence of pilots in the US, UK and Canada over the coming months, it is increasingly important to encourage government and industry leaders and privacy advocates to build on interoperability and standardization of consumer consent and privacy baked into standards like OpenID Connect brings to authentication.

Don

by Don Thibeau at October 17, 2014 01:47 PM

October 16, 2014

OpenID.net

Crossing the Chasm In Mobile Identity: OpenID Foundation’s Mobile Profile Working Group

Mobile Network Operators (MNOs) worldwide are in various stages of “crossing the chasm” in the Internet identity markets. As Geoffrey A. Moore noted in his seminal work, the most difficult step is making the transition between early adopters and pragmatists. The chasm crossing Moore refers to points to the bandwagon effect and the role standards play as market momentum builds.

MNOs are pragmatists. As they investigate becoming identity providers, open standards play a critical role in how they can best leverage their unique technical capabilities and interoperate with partners. The OpenID Foundation’s Mobile Profile Working Group aims to create a profile of OpenID Connect tailored to the specific needs of mobile networks and devices thus enabling usage of operator ID services in an interoperable way.

The Working Group starts with the challenge that OpenID Connect relies on the e-mail address to determine a user’s OpenID provider (OP). In the context of mobile identity, the mobile phone number or other suitable mobile network data are considered more appropriate. The working group will propose extensions to the OpenID discovery function to use this data to determine the operator’s OP, while taking care to protect data privacy, especially the mobile phone number. We are fortunate the working group is led by an expert in ‘crossing the chasm’ of email and phone number interoperability, Torsten Lodderstedt, Head of Development of Customer Platforms at Deutsche Telekom who is also an OpenID Foundation Board member.

The Working Group’s scope is global as geographic regions are typically served by multiple, independent mobile network operators including virtual network operators. The number of potential mobile OPs a particular relying party needs to setup a trust relationship with will likely be very high. The working group will propose an appropriate and efficient model for trust and client credential management based on existing OpenID Connect specifications. The Foundation is collaborating with the Open Identity Exchange to build a trust platform that combines the “rules and tools” necessary to ensure privacy, operational, and security requirements of all stakeholders.

Stakeholders, like service providers, may likely have different requirements regarding authentication transactions. The OpenID Connect profile will also define a set of authentication policies operator OP’s are recommended to implement and service providers can choose from.

This working group has been setup in cooperation with OpenID Foundation member, the GSMA, to coordinate with the GSMA’s mobile connect project. We are fortunate that David Pollington, Senior Director of Technology at GSMA, and his colleagues have been key contributors to the Working Group’s charter and will ensure close collaboration with GSMA members. There is an importance coincidence of the GSMA and OIX joint leadership of mobile identity pilots with leading MNOs in the US and UK. All intermediary working group results will be proposed to this project and participating operators for adoption (e.g. in pilots) but can also be adopted by any other interested parties. The OIX and GSMA pilots in the US and UK can importantly inform the OIDF work group standards development process. That work on technical interoperability is complemented by work on “business interoperability.” OIX will publish a white paper tomorrow, “The ARPU of Identity”, that speaks to the business challenges MNOs face leveraging the highly relevant and unique assets in Internet identity.

The OpenID Foundation Mobile Profile Working Group’s profile builds on the worldwide adoption of OpenID Connect. The GSMA and OIX pilots offer an International test bed for both business and technical interoperability based on open standards. Taking together with the ongoing OIX White Papers and Workshops on the “Economics of Identity”, “chasm crossing” is within sight of the most pragmatic stakeholders.

Don

by Don Thibeau at October 16, 2014 03:45 PM

October 15, 2014

Nat Sakimura

東大は5位から28位に! トップはハーバード大学。ダイヤモンド「使える人材輩出大学」ランキングを再計算してみた [0]

電車の中でFacebookを見ていたら、週刊ダイヤモンド(10/18)に掲載された「使える人材を排出した大学ランキング」が流れてきた[1]。まだ雑誌自体をゲットしていないので、アンケートの詳細が分からないが、添付されていた画像によると、使える大学、使えない大学それぞれ上位5校を問い、1位5点、2位4点、…、5位1点で集計し、

「使える(A)」ー「使えない(B)」

を計算し、これでランキングをとったものらしい。その結果がこれだ。

(出所)10/18発売週刊ダイヤモンド「使える人材を輩出した大学ランキング」

(出所)10/18発売週刊ダイヤモンド「使える人材を輩出した大学ランキング」

全く良くわからないランキングだ。

まずもって、順位という序数を基数変換してそれらを足しあわせた数字が何を意味するのかよくわからない上、その数字の引き算をしてランキングする意味がますますわからない[2]。が、そんなことを嘆いていてもしかたがないので、もうちょっとマシなランキングということで、

「使える比率」=「使える(A)」/(「使える(A)」+「使えない(B)」)

を求めて、ランキングを計算してみた。それが、表1。

表1 ー 改訂版使える人材排出大学

Rank ダイヤモンド
ランキング
大学名 使える
(A)
使えない
(B)
ダイヤモンド
得点
(A)-(B)
(A)率
1 25 ハーバード大学 24 0 24 100.00%
2 28 国際教養大学 16 0 16 100.00%
3 6 東京工業大学 496 79 417 86.26%
4 11 国際基督教大学 209 41 168 83.60%
5 4 一橋大学 580 115 465 83.45%
6 27 広島大学 22 5 17 81.48%
7 1 慶応義塾大学 2170 536 1634 80.19%
8 9 東北大学 250 62 188 80.13%
9 7 大阪大学 374 108 266 77.59%
10 3 京都大学 1041 328 713 76.04%
11 10 東京理科大学 256 81 175 75.96%
12 13 神戸大学 163 52 111 75.81%
13 24 津田塾大学 50 18 32 73.53%
14 2 早稲田大学 1838 684 1154 72.88%
15 22 電気通信大学 57 22 35 72.15%
16 30 京都工芸繊維大学 18 7 11 72.00%
17 14 北海道大学 144 59 85 70.94%
18 29 小樽商科大学 21 9 12 70.00%
19 21 東京外国語大学 65 28 37 69.89%
20 12 同志社大学 231 105 126 68.75%
21 16 名古屋大学 113 52 61 68.48%
22 17 関西学院大学 140 82 58 63.06%
23 20 九州大学 110 66 44 62.50%
24 8 明治大学 520 322 198 61.76%
25 25 千葉大学 68 44 24 60.71%
26 22 横浜国立大学 123 88 35 58.29%
27 15 上智大学 230 165 65 58.23%
28 5 東京大学 1596 1161 435 57.89%
29 19 中央大学 217 171 46 55.93%
30 18 筑波大学 103 82 21 55.68%
31 30 立教大学 139 128 11 52.06%
32 44 関西大学 108 138 -30 43.90%
33 60 青山学院大学 166 307 -141 35.10%
34 61 日本大学 239 457 -218 34.34%
35 43 南山大学 18 46 -28 28.13%
36 55 成蹊大学 41 114 -73 26.45%
37 62 法政大学 125 348 -223 26.43%
38 35 京都産業大学 11 31 -20 26.19%
39 50 國學院大學 23 67 -44 25.56%
40 56 近畿大学 38 119 -81 24.20%
41 58 獨協大学 27 116 -89 18.88%
42 34 成城大学 6 26 -20 18.75%
43 51 専修大学 12 62 -50 16.22%
44 49 お茶の水女子大学 10 53 -43 15.87%
45 41 埼玉大学 6 33 -27 15.38%
46 54 東海大学 14 78 -64 15.22%
47 48 東洋大学 9 51 -42 15.00%
48 37 群馬大学 4 27 -23 12.90%
49 59 学習院大学 22 151 -129 12.72%
50 57 明治学院大学 13 95 -82 12.04%
51 53 駒沢大学 8 64 -56 11.11%
52 39 鳥取大学 2 26 -24 7.14%
53 52 帝京大学 4 55 -51 6.78%
54 40 高崎経済大学 2 28 -26 6.67%
55 33 宇都宮大学 0 20 -20 0.00%
56 32 関東学院大学 0 20 -20 0.00%
57 36 明星大学 0 21 -21 0.00%
58 38 茨城大学 0 24 -24 0.00%
59 42 亜細亜大学 0 28 -28 0.00%
60 45 文教大学 0 37 -37 0.00%
61 47 国士舘大学 0 39 -39 0.00%
62 46 名城大学 0 39 -39 0.00%

ダイヤモンドランキングでは25位に低迷していたハーバード大学がめでたくトップに躍り出た。

まぁ、いずれにせよなんだかよくわからない数字ではあるのだが…。ご参考まで。

週刊ダイヤモンド、買いに行くか…。

[0] ブログアップしてから『東大は5位から29位に! 「使える人材輩出大学」ランキングを再計算してみた』http://blogos.com/article/96472/ というBLOGOSの記事が目に入った。手元の計算だと、東大は28位だったので、あえてタイトルを真似っ子バージョンに改定してみた。元のタイトルは、『ダイヤモンド「使える人材排出大学ランキング」←ダメでしょ』

[1] 『【速報】 仕事で使える大学ランキングの「ワースト1」発表』http://netgeek.biz/archives/23399

[2] 「使える/使えない」というのが、おそらくその職場にいる人達の中での相対評価であろうことから、それを同じ座標において比較することも意味がよくわからないが、それはおいておいたとしても。

by Nat at October 15, 2014 12:06 PM

October 06, 2014

Nat Sakimura

ドビッシー – Syrinxの謎

1913年に書かれたSyrinx(シランクス)は、全てのフルート奏者のかけがいのないレパートリーであるといえるでしょう。フルート独奏のための知られた曲というのは、これ以前は1763年のC.P.E.バッハのイ短調ソナタまで遡らなければならないほど当時は珍しいものでした。そのような状況のもとで書かれたこの曲は、様々な感情を単旋律で豊かに表現し、その後のフルート音楽の可能性を大きく切り開いた転換点となりました。

SyrinxはGabriel Moureyの戯曲「Psyché」の劇中音楽として書かれました。劇の間、ステージの外で演奏されることを想定され、元々は「パンの笛」と題されて云々という話は、Wikipediaの記事を参照していただきましょう[1]。

さて、今日のトピックは、この曲にまつわる謎です。いくつかの謎が提示されています。

  1. 当初は小節線無しで書かれていたのを、マルセル・モイーズ[2a]が書き足して、これが現在に伝わっているという説がある。
  2. 献呈をうけたルイ・フルーリ[2b]が校訂したJOBERT版の楽譜では最後から二小節目のロ音にアクセントが書いてある(譜例1)が、これは本来ディミュニエンドであったことが、自筆の楽譜(譜例2)が発見されて分かった。

まず一つ目の謎ですが、これはマルセル・モイーズが語ったことが出所となっているようです。1991年に書かれた記事[3]によると、この曲はある午後のパーティーでモイーズの見ている前で、小さな彫刻のそばにあったピアノにドビッシーがつかつかと行って 書いたもので、その晩モイーズによって初演されたというのです。その楽譜には小節線もフレーズも何もなく、それらはあとからモイーズが書き足したとのこと。ところがその楽譜は、ドビッシーが周りの人に賞賛されている間に「楽譜を自分のものにしてしまうので有名なあるフルート奏者」のポケットの中に消えてしまって、そのフルート奏者が亡くなって未亡人が楽譜の処分のためにモイーズのところに持ち込むまで行方不明になっていたものだとのことです。

この説は批判が多く、ジャン・ピエール・ランパルは、これのことをモイーズの思い違いとして、冒頭で述べた戯曲の劇中音楽としてかかれ、Louis Fleuryに献呈され、初演されたと[4]の翌月に語っているようです。これが、フランスでの通説で、現在でもこちらが支持されているようです。そうすると、「小節線がなかった」というのは都市伝説ということになるようです。しかしながら、私は後述の理由によって、あながちこのストーリーは嘘では無いかもしれないと思っています。

2つ目の謎ですが、献呈をうけたルイ・フルーリが校訂したJOBERT版(1927)以来、世に出回っている多くの楽譜が実際アクセントになっています(譜例1)。

(譜例1)シランクスの最後の部分。終わりから2小節目の「ロ音」にアクセントがついている。

Debussy - Syrinx

(出所)Editions JOBERT [5]

実際、多くの演奏で、この音にアクセントをおいています。ジャン・ピエール・ランパルで聞いてみましょう。

ところが、1993年に発行された自筆の楽譜とされるもの(譜例2)では、これが明らかにディミュニエンドになっています。

(譜例2)自筆とされる楽譜のファクシミリ

(譜例2a)最後の部分の拡大

Debussy - Syrinx Handwritten

この「ロ音」のアクセントは、うとうととして意識が霞んでいくというテキストに合わず、謎の部分だったわけですが、これがディミュニエンドならば、まさにピッタリ来る感じです。この日曜に指摘され、譜例2を見て思わず「なるほど〜」と感心至極となりました。

音で聞くとこんな感じですね。

エマニュエル・パユ、上手いですねぇ。やっぱ、こうじゃなくちゃ!と思いきや…ことはそう単純ではないようです。譜例2(および譜例2a)には右ページの右下にドビッシーのサインらしきものが有ります。これが曲者なのです。ドビッシーの書簡などを見たことのある方なら、「あれ?」と思われるかもしれません。ドビッシーの自筆の署名はこんな感じです。

Debussy Autograph

(図1)ドビッシーの署名[6]

はい。全然違いますね。実際筆跡分析をすると、この楽譜はドビッシーの手になるものでも、献呈されたフルーリーのものでも無いようです[7]。

さて困りました。せっかく決め手になったと思われる「自筆手書き譜」が、偽物の可能性が出てきてしまったわけですから。

こうして、自筆譜が失われてしまったこの曲の真相は永遠に闇の中になってしまったわけですが、一筋の光明があるとすれば、それは、同時代人であるモイーズの演奏が残っていることでしょう。

この演奏だと、アクセントではなくディミュニエンドになっていますね…。しかし、こうなって来ると、なぜフルーリーがアクセントとして校閲したのかが問題になります。年をとって目が見えなかったとかあるのでしょうか?出版は1927年ですから、フルーリーは…あれ、もう亡くなってますね…。亡くなられたのが1926年ですから。ということは、モイーズが揶揄していたフルート奏者とはフルーリーのことだったのでしょうか?そもそも、モイーズの説明はとても具体的ですよね。ある午後のパーティーで小彫刻の横にあったピアノで作曲したとか…。はたしてわざわざそんなディテールまで、モイーズほどの人が嘘をつく必要があるか?謎は深まります。さらに、もしもあの「自筆譜」の「Claude Debussy」との「署名」は、単に誰作かをモイーズが書き留めたものだったら?モイーズの筆跡をぜひ見たくなってきますね[10]。秋の夜長にますます謎は深まっていきます[8]。

まぁ、ほんとうのところは分かりませんが、私としてはより曲想にあっているディミュニエンド説を採りたいと思います。

[1] シランクス http://ja.wikipedia.org/wiki/シランクス

[2a] Marcel Moyse (1889年5月17日 – 1984年11月1日) 非常に高名なフルート奏者。現代フルート奏法の父といわれる。 http://ja.wikipedia.org/wiki/マルセル・モイーズ

[2b] Louis Fleury (1878年 – 1926年)フランスのフルート奏者。

[3] Marcel Moyse recalled, “Debussy was asked to compose some music inspired by a statuette of a shepherd playing his pipe. On the afternoon of the party, Debussy strolled over to the piano adjacent to the statuette and rapidly wrote his little Syrinx. He handed me the manuscript to perform that evening. The composition lacked even a bar line or phrase marking; all markings on the manuscript were mine. The little work was almost lost to flutists when Debussy showed the manuscript to another flutist who was singularly adept in appropriating manuscript copies of flute works from the library. The manuscript conveniently found itself in the flutist’s coat pocket while Debussy was engaged in conversation with admirers. After the thieving flutist died, his widow, in need of money, called me to her assistance in disposing of the deceased’s collection of flute music. In the collection was, of course, the original and only copy of Syrinx.” Performance Guide: Interpreting Syrinx by Roy E. Ernst and Douglass M. Green. Flute Talk February 1991

[4] Flute Talk March 1991

[5] Debussy, C.: Syrinx, Editions JOBERT (1927, Renewed 1954)

[6] Fraser’s Autographs: Claude Debussy  ちなみに、2014/10/5段階で、£2250の値段がついています。

[7] http://www.flutetunes.com/tunes.php?id=163 もっとも、素人目には楽譜部分の筆跡はそれっぽいので、名前だけを後から誰かが書き入れたのかもしれない。ひょっとして、マルセル・モイーズが?

[8] もう一つ謎が有ります。Jane F. Fulcherの「Debussy and His World」P.138によると、フルーリーが生前出版した本に含まれる「シランクス」の断片は、われわれが今日知っている「シランクス」とは大幅に異なるらしいのです。ひょっとすると、フルーリーに献呈された劇中音楽「シランクス」と、現在われわれが「シランクス」として知っている曲「Psyché」は、別の曲なのかもしれません。

[9] 『ドビッシーと「シランクス」と自筆稿』は参考になります。http://www.ne.jp/asahi/jurassic/page/talk/pahud/syrinx.htm

[10] 1972年、80歳過ぎの時の筆跡は http://www3.tokai.or.jp/satou/flute/ にある。ドビッシーと違って、順方向に斜めっている筆跡で、その限りにおいては、(譜例2a)に合致する。

by Nat at October 06, 2014 04:04 PM

October 02, 2014

Nat Sakimura

英国のプライバシー・シールのパブコメは今日締め切りです!

英国ICOがプライバシー・シールの「スキーム」のパブコメが今日締め切られます。英国英語の「スキーム」は、米国英語の「トラスト・フレームワーク」に当たります。たとえば、米国では Identity Trust Framework というところを、英国では Identity Scheme といいます。英国人に言わせると、「フレームワーク」というのは建築の骨組みのことで、こういう場合に使うのはとても変らしいのです。

プライバシー・シールは、その企業が良いプライバシー標準を維持、コミットして維持していることの「お墨付き」として与えられるものです。ICOは、応募の中から最低1つのプライバシー・シール・スキームを、英国政府からは独立した期間として設置するようです。詳細は以下のとおり。

A privacy seal scheme acts as a ‘stamp of approval’ highlighting an organisation’s commitment to maintaining good privacy standards. The ICO will be endorsing at least one privacy seal scheme, operated by an independent third party in the UK. The ICO’s endorsement is conditional on the scheme’s operator achieving official accreditation by the UK Accreditation Service (UKAS). The ICO will invite proposals for a privacy seal scheme in the Autumn 2014, with a view to selecting a proposal in early 2015. The ICO is aiming to launch the first round of endorsed schemes in 2016.

This consultation provides an opportunity for organisations to provide their views on the framework criteria that proposals for schemes will be assessed against. This will inform the final version of the framework criteria, which will be published with the invitation for proposals.

Framework criteria document (pdf)
Consultation document (doc)

The consultation closes on Friday 3 October.
(SOURCE) http://ico.org.uk/about_us/consultations/our_consultations

パブコメの送り方

パブコメは10/3までに、用紙をダウンロードして記入し、consultations@ico.org.uk に送ってください。なお、個人として送る場合、2000年の情報自由法によって、個人情報が公開されることがあるのはご理解くださいとのことです。

by Nat at October 02, 2014 04:38 PM

Nat Sakimura

無料Wi-Fiと引き換えに「第1子捧げます」、英実験で同意続々

実験は、英ロンドン(London)の国会議事堂に近い金融街にあるカフェで行われた。無料Wi-Fiホットスポットに接続した市民は、まず利用規約への同意を求められたが、その中の「ヘロデ(Herod)条項」には「利用者は、第1子を永久にわれわれの手にゆだねることに同意しました」と書かれていた。だが、実験が行われた短時間の間に6人がこの利用規約に「同意」したという。

引用元: 無料Wi-Fiと引き換えに「第1子捧げます」、英実験で同意続々 写真1枚 国際ニュース:AFPBB News.

いや、まぁ、経産省のパーソナルデータWGとかでもずっと指摘してきたことだが…。だれも読まないことわかってるのに、「同意」ボタンを押させるのって、なんか変だよね。

おんなじことは、英国のico.なんかも考えているらしく、前コミッショナーのRichard Thomas氏は、「英国は嘘つきの集まりだ。みんな読んでもいないのに『読みました』ボタンを押す。」と言っていたと今日、副コミッショナーのDavid Smith氏から聞いた。上記引用の「ヘロデ条項」もひとしきり話題になった。

そろそろみんな、同意の取り方を真面目に考えなおしたほうが良いと思いますよ。

市民を守るという観点から重要なのは、何でもかんでも網羅的にポリシーとか通知文とかに書くことではない。実質的な理解を得ることが重要なのだから、今の在り方はそろそろ考えなおしたほうが良いと思いますが、どうですかね。

by Nat at October 02, 2014 01:15 PM

September 25, 2014

Nat Sakimura

Shell Shock: UNIX系のソフト「bash」に重大バグ、システム乗っ取りも

米国土安全保障省のコンピューター緊急対応チーム(US―CERT)は、Linuxを含むUNIXベースのOSや米アップル のマックOS・X(テン)が影響を受ける危険性があるとの警告を発表した。

サイバーセキュリティー会社、トレイル・オブ・ビッツによると、「ハートブリード」ではパスワードやクレジットカード情報などの個人情報が盗まれる恐れはあったが、bashと異なりシステムを乗っ取ることはできなかった。

引用元: UNIX系のソフト「bash」に重大バグ、システム乗っ取りも | マネーニュース | 最新経済ニュース | Reuters.

これはねぇ、あかんやつですね。特にCGIとか要注意。

噂によると、zshもダメらしいので、shell呼び出ししてるようなスクリプトはちゃんと中身すぐに見たほうが良いですねぇ…。

詳しいことは、こちらのブログがオススメです→ bashの脆弱性がヤバすぎる件

曰く、

CGIはパラメータを環境変数として格納しています(*2)から、HTTPリクエストヘッダをいじって

User-Agent: () { :; }; rm -rf /

とかやるとゾクゾクするかもしれません。わたしは実証していませんが。

引用元: bashの脆弱性がヤバすぎる件

いやー、怖すぎる。

ちなみに、この対策の為にbashを抜く作業のことを「抜歯」と言うそうです。上手いな。

【参考資料】

by Nat at September 25, 2014 06:04 PM

Nat Sakimura

マイナンバーの通知カード及び個人番号カード等に関する省令案に関するパブコメが出ています

「通知カード及び個人番号カード並びに情報提供ネットワークシステムによる特定個人情報の提供等に関する省令(仮称)案に対する意見募集」[1][2]が出ています。2014年10月22日までです。

マイナンバー法における、通知カードの様式・再交付手続、個人番号カードの様式・有効期間・再交付手続、情報提供ネットワークシステムによる特定個人情報の提供の方法・送信事項・記録事項などが対象です。

たとえば、通知カードの様式は次のようになっています。

別紙様式第1(第9条関係)

通知カード案

これ、デジタル読み取りできるようにして欲しいですよね…。OCRするにしても、外字とか字形の似た字とか間違いますからね。デジタル署名付きのQRコードとかで入れてくれると良いのですがねぇ…。そうすれば、改ざん検知もできるし…。

[1] http://www.soumu.go.jp/menu_news/s-news/01gyosei02_02000065.html

[2] http://search.e-gov.go.jp/servlet/Public?CLASSNAME=PCMMSTDETAIL&id=145208416&Mode=0

by Nat at September 25, 2014 05:32 PM

Kaliya Hamlin

Facebook so called “real names” and Drag Queens

So, Just when we thought the Nym Wars were over at least with Google / Google+.

Here is my post about those ending including a link to an annotated version of all the posts I wrote about my personal experience of it all unfolding.

Facebook decided to pick on the Drag Queens – and a famous group of them the Sisters of Perpetual Indulgence.  Back then I called for the people with persona’s to unite and work together to resist what Google was doing. It seems like now that Facebook has taken on the Drag Queens a real version of what I called at the time the Million Persona March will happen.

One of those affected created this graphic and posted it on Facebook by Sister Sparkle Plenty:

MyNameIs

Facebook meets with LGBT Community Over Real Name Policy  on Sophos’ Naked Security blog.

EFF covers it with Facebook’s Real Name Policy Can Cause Real World Harm in LGBT Community.

Change.org has a petition going. Facebook Allow Performers to Use Their Stage Names on their Facebook Accounts.

by Kaliya Hamlin, Identity Woman at September 25, 2014 02:16 PM

September 23, 2014

Kaliya Hamlin

We “won” the NymWars? did we?

Mid-July,  friend called me up out of the blue and said “we won!”

“We won what” I asked.

“Google just officially changed its policy on Real Names”

He said I had  to write a post about it. I agreed but also felt disheartened.
We won but we didn’t it took 3 years before they changed.

They also created a climate online where it was OK and legitimate for service providers to insist on real names.

For those of you not tracking the story – I along with many thousands of people had our Google+ accounts suspended – this posts is an annotated version of all of those.

This was the Google Announcement:

When we launched Google+ over three years ago, we had a lot of restrictions on what name you could use on your profile. This helped create a community made up of real people, but it also excluded a number of people who wanted to be part of it without using their real names.

Over the years, as Google+ grew and its community became established, we steadily opened up this policy, from allowing +Page owners to use any name of their choosing to letting YouTube users bring their usernames into Google+. Today, we are taking the last step: there are no more restrictions on what name you can use.

We know you’ve been calling for this change for a while. We know that our names policy has been unclear, and this has led to some unnecessarily difficult experiences for some of our users. For this we apologize, and we hope that today’s change is a step toward making Google+ the welcoming and inclusive place that we want it to be. Thank you for expressing your opinions so passionately, and thanks for continuing to make Google+ the thoughtful community that it is.

There was lots of coverage.

Google kills real names from ITWire.

Google Raises White Flag on Real Names Policy in the Register.

3 Years Later Google Drops its Dumb Real Name Rule and Apologizes in TechCrunch.

Change Framed as No Longer Having Limitations Google Offers Thanks for Feedback in Electronista

Google Stops Forcing All Users to Use Their Real Names in Ars Technica

The most important was how Skud wrote a “real” apology that she thought Google should have given:

When we launched Google+ over three years ago, we had a lot of restrictions on what name you could use on your profile. This helped create a community made up of people who matched our expectations about what a “real” person was, but excluded many other real people, with real identities and real names that we didn’t understand.

We apologise unreservedly to those people, who through our actions were marginalised, denied access to services, and whose identities we treated as lesser. We especially apologise to those who were already marginalised, discriminated against, or unsafe, such as queer youth or victims of domestic violence, whose already difficult situations were worsened through our actions. We also apologise specifically to those whose accounts were banned, not only for refusing them access to our services, but for the poor treatment they received from our staff when they sought support.

Everyone is entitled to their own identity, to use the name that they are given or choose to use, without being told that their name is unacceptable. Everyone is entitled to safety online. Everyone is entitled to be themselves, without fear, and without having to contort themselves to meet arbitrary standards.

As of today, all name restrictions on Google+ have been lifted, and you may use your own name, whatever it is, or a chosen nickname or pseudonym to identify yourself on our service. We believe that this is the only just and right thing to do, and that it can only strengthen our community.

As a company, and as individuals within Google, we have done a lot of hard thinking and had a lot of difficult discussions. We realise that we are still learning, and while we appreciate feedback and suggestions in this regard, we have also undertaken to educate ourselves. We are partnering with LGBTQ groups, sexual abuse survivor groups, immigrant groups, and others to provide workshops to our staff to help them better understand the needs of all our users.

We also wish to let you know that we have ensured that no copies of identification documents (such as drivers’ licenses and passports), which were required of users whose names we did not approve, have been kept on our servers. The deletion of these materials has been done in accordance with the highest standards.

If you have any questions about these changes, you may contact our support/PR team at the following address (you do not require a Google account to do so). If you are unhappy, further support can be found through our Google User Ombuds, who advocates on behalf of our users and can assist in resolving any problems.

BotGirl chimed in with her usual clear articulate videos about the core issues.

And this talk by Alessandro Acquisti surfaced about. Why privacy matters

Google has learned something from this but it seems like other big tech companies haven not.

by Kaliya Hamlin, Identity Woman at September 23, 2014 11:43 PM

September 18, 2014

Nat Sakimura

車輪は丸くなったのか〜ID関連標準の成熟度と動向

ID&ITのサイトは仮題のままですが、明日、ANAホテルで「車輪は丸くなったのか〜ID関連標準の成熟度と動向」というタイトルで30分ほどスピーチさせていただきます。セッション番号は GE-05 です。外タレ、ナット・サキムラとしてです。

お申し込みはこちら→ http://nosurrender.jp/idit2014/registration.html

内容は、3月までガートナーのIdentity関連のアナリストだったイアン・グレイザーから独自に入手したCloud Identity Summit基調講演のスライドのネタを下敷きにして、彼の考え、私の考え、はたまた、元米国大統領サイバーセキュリティー特別補佐官のハワード・シュミット氏との朝食会で話したことなどを交えながら、認証、認可、属性、プロビジョニング、の国際標準の状況を「今使えるのか」という観点も含めながら紹介します。

外タレとしてなので、同時通訳を要求したのですが、予算厳しきおり認められませんで、一人同時通訳による日本語でお届けいたしますw。はい。それじゃぁ「外タレ」じゃなくて「ヘタレ」ですね。それでも果敢に最初のスライドは英語で入りますんで、生ぬるい笑いをお願いします (_o_)。

Do we have a round wheel yet?

by Nat at September 18, 2014 12:58 PM

September 17, 2014

OpenID.net

General Availability of Microsoft OpenID Connect Identity Provider

Microsoft has announced the general availability of the Azure Active Directory OpenID Connect Identity Provider.  It supports the discovery of provider information as well as session management (logout).  On this occasion, the OpenID Foundation wants to recognize Microsoft for its contributions to the development of the OpenID Connect specifications and congratulate them on the general availability of their OpenID Provider.

Don Thibeau
OpenID Foundation Executive Director

by Don Thibeau at September 17, 2014 02:45 PM

OpenID.net

Review of Proposed Errata to OpenID Connect Specifications

The OpenID Connect Working Group recommends the approval of Errata to the following specifications:

An Errata version of a specification incorporates corrections identified after the Final Specification was published. This note starts the 45 day public review period for the specification drafts in accordance with the OpenID Foundation IPR policies and procedures. This review period will end on Friday, October 31, 2014. Unless issues are identified during the review that the working group believes must be addressed by revising the drafts, this review period will be followed by a seven day voting period during which OpenID Foundation members will vote on whether to approve these drafts as OpenID Errata Drafts. For the convenience of members, voting may begin up to two weeks before October 31st, with the voting period still ending on Friday, November 7, 2014.

These specifications incorporating Errata are available at:

The corresponding approved Final Specifications are available at:

A description of OpenID Connect can be found at http://openid.net/connect/. The working group page is http://openid.net/wg/connect/. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote.

You can send feedback on the specifications in a way that enables the working group to act upon your feedback by (1) signing the contribution agreement at http://openid.net/intellectual-property/ to join the working group (please specify that you are joining the “AB+Connect” working group on your contribution agreement), (2) joining the working group mailing list at http://lists.openid.net/mailman/listinfo/openid-specs-ab, and (3) sending your feedback to the list.

A summary of the errata corrections applied is:

  • All – Added errata set number to the titles.
  • All – Updated dates for specs containing errata updates.
  • Core – Changed the RFC 6749 references from Section 3.2.1 to Section 2.3.1 in the “client_secret_basic” and “client_secret_post” definitions.
  • Fixed #954 – All – Added “NOT RECOMMENDED” to the list of RFC 2119 terms.
  • All – Updated references to pre-final IETF specs.
  • All – Replaced uses of the terms JWS Header, JWE Header, and JWT Header with the JOSE Header term that replaced them in the JOSE and JWT specifications.
  • Fixed #921 – Core 3.1.2.1 – “Authorization Request” should be “Authentication Request”.
  • Fixed #926 – Core – Typo in Self-Issued ID Token Validation.
  • Fixed #920 – Core – Attack identified against self-issued “sub” values.
  • Core – Authorization Code validation is not done when using the response type “code token” because the validation process requires an ID Token.
  • Fixed #925 – Registration – Typos (“jwk” vs “jwks”) in “jwks” client metadata parameter definition.

— Michael B. Jones – OpenID Foundation Board Secretary

by Mike Jones at September 17, 2014 01:05 AM

OpenID.net

Review of Proposed Implementer’s Draft of OpenID 2.0 to OpenID Connect Migration Specification

The OpenID Connect Working Group recommends approval of the following specification as an OpenID Implementer’s Draft:

An Implementer’s Draft is a stable version of a specification providing intellectual property protections to implementers of the specification. This note starts the 45 day public review period for the specification drafts in accordance with the OpenID Foundation IPR policies and procedures. This review period will end on Friday, October 31, 2014. Unless issues are identified during the review that the working group believes must be addressed by revising the drafts, this review period will be followed by a seven day voting period during which OpenID Foundation members will vote on whether to approve these drafts as OpenID Implementer’s Drafts. For the convenience of members, voting may begin up to two weeks before October 31st, with the voting period still ending on Friday, November 7, 2014.

This specification is available at:

A description of OpenID Connect can be found at http://openid.net/connect/. The working group page is http://openid.net/wg/connect/. Information on joining the OpenID Foundation can be found at https://openid.net/foundation/members/registration. If you’re not a current OpenID Foundation member, please consider joining to participate in the approval vote.

You can send feedback on the specifications in a way that enables the working group to act upon your feedback by (1) signing the contribution agreement at http://openid.net/intellectual-property/ to join the working group (please specify that you are joining the “AB+Connect” working group on your contribution agreement), (2) joining the working group mailing list at http://lists.openid.net/mailman/listinfo/openid-specs-ab, and (3) sending your feedback to the list.

— Michael B. Jones – OpenID Foundation Board Secretary

UPDATE: The working group has removed outdated non-normative text about XRIs and implementation considerations and made the “openid2_realm” request parameter REQUIRED. The originally posted version is available at the location below to facilitate comparison between the original version and the current version with the correction applied:

by Mike Jones at September 17, 2014 12:59 AM

September 15, 2014

Nat Sakimura

IT&ID 2014に出演します

IT & ID 2014

9/17(水)に大阪、9/19(金)に東京で開催される『IT&ID 2014』に、外タレの枠で出演します。

General Session [GE-05] です。さて、お約束の「** is DEAD」は出るのか?!

[GE-05]

デジタル・アイデンティティの標準化動向とそのゴール

標準化が進む認証・認可プロトコルやプロビジョニングAPI。現時点で実際のシステム、サービスとして十分に活用できるレベルの標準化技術はどの技術でしょうか。また、どこまでも続く標準化作業のゴールはどこにあるのでしょうか。

OpenIDファウンデーションの議長である崎村氏がわかりやすく解説します。

講師:

OpenID Foundation

Chairman

Mr. Nat Sakimura

 大阪 9/17 15:40~16:10 : ROOM A & B
 東京 9/19 15:50~16:20 : ROOM A & B

外タレ枠ですが、日本語でやりますのでご心配なく。

また、例年通り、クロージングパネルにも登場します。General Session [GE-07]です。

[GE-07]

日本IT業界の特殊性と対応

スマホだけではなく、クラウドでも BYODにしてもその特殊性が目立ち始めた日本の IT市場。特殊性の原因とこの特殊性を認識した上で IT部門や SIerはどう対処すべきか、毎年恒例のメンバーでパネルディスカッションしていただきます。

パネリスト:

株式会社 企
株式会社TNC

代表取締役 クロサカ タツヤ 氏

OpenID Foundation 理事長
Kantara Initiative 理事
株式会社 野村総合研究所 オープンソースソリューション推進室 上席研究員

崎村 夏彦 氏

国際大学GLOCOM

客員研究員 楠 正憲 氏

モデレータ:

一般社団法人 OpenIDファウンデーション・ジャパン

コミュニティ・リード 山中 進吾 氏

 大阪 9/17 16:40~17:40 : ROOM A & B
 東京 9/19 16:50~17:40 : ROOM A & B

無料ですから、ぜひ参加登録の上、お越しください。

[参加登録はこちら]

by Nat at September 15, 2014 11:38 PM

September 12, 2014

Nat Sakimura

InstagramなどのAndroidアプリにプライバシー上の欠陥、研究者が指摘

unhcfregまぁみんな薄々知っては居たことですが、アプリ開発者のセキュリティ・プライバシーに関する認識は、とてもずさんなようです。

CIOマガジン[1]とPCWorldが報じたところによると[2] InstagramやViberなどのAndroidアプリにプライバシー上の欠陥があることが見つかりました。今回報告したのは、ニュー・ヘイブン大学のフォレンジック研究センター(UNHcFREG)です。それによると、画像をアクセス制御無しでサーバに保存していたりなど、かなり残念なことになっています。

また、これらのアプリの問題として、セキュリティの問題を報告しようとしても、開発者に連絡がつかないというのもあるようです。てか、これもずっと知られていたことですけどね。@nov とか、多くのメジャーアプリで苦労してましたから。

UNHcFREGは、この件に関して5本のビデオをYoutubeで紹介しています。参考になると思います。

[1] http://itpro.nikkeibp.co.jp/atcl/idg/14/481709/091000017/?ST=cio-appli&P=2

[2] http://www.pcworld.com/article/2603900/popular-android-apps-fail-basic-security-tests-putting-privacy-at-risk.html

by Nat at September 12, 2014 02:11 AM

September 11, 2014

Nat Sakimura

500万件にも及ぶGmailのユーザー名とパスワードが流出?!

怪しさ満点の記事が流れてきた。曰く

500万件にも及ぶGmailのユーザー名とパスワードが流出

TheDailyDotによると、ロシアのBitcoinフォーラムに、500万件にも及ぶGmailのユーザー名とパスワードがリークされたと伝えています。

流出経路は不明ですが、流出したのは、英語、ロシア語、スペイン語を話し、Gmail、Google+などGoogleサービスを利用するユーザーに関する情報のようです。
(出所)MACお宝鑑定団のBlog:『500万件にも及ぶGmailのユーザー名とパスワードが流出』[1]

まぁ、ちょっと待て。もしGoogleからだとすると、500万件は少なすぎる。10億ユーザも居るのよ。もしデータベースにアクセスできたのだとしたら、0.5%しかとって行かないというのはあり得ない。さらに、言語特定があるのも怪しさ満点。おそらく、フィッシングによるものだろう。と、思って元記事であるTheDailyDot [2] を見に行ったら、案の定Googleの談話として、多くは既に存在しないか停止されている非常に古いアカウントのもので、おそらくフィッシングされたものという旨のことが書いてあった。そこから、更に元記事のロシア語のフォーラム[3] を見に行くと、「状況から見てフィッシングされたもの」との記載有り。なんだ、最初は冷静じゃん。それが、再配信されるにしたがって、過激になっていったのね。

センセーショナリズムはイカンよ!

なお、isLeaked.com で漏れたかどうかテストできると記事中にあるが、isLeaked.com がまともなところであることを確認してからテストしたほうが良いと思いますよ、老婆心ながら。ちなみに、Googleの公式ブログによると、有効なメアド・パスワードの組合せは2%に満たなかったそうだ[4]。

[1]MACお宝鑑定団のBlog:『500万件にも及ぶGmailのユーザー名とパスワードが流出』http://www.macotakara.jp/blog/news/entry-24544.html (2014/9/11取得)

[2] TheDailyDot:”5 million Gmail passwords leaked to Russian Bitcoin forum”, http://www.dailydot.com/crime/google-gmail-5-million-passwords-leaked/ (2014/9/11 取得)

[3] А теперь и gmail.com: в сеть выложена база на 5 000 000 адресов http://habrahabr.ru/post/236283/

[4] http://googleonlinesecurity.blogspot.jp/2014/09/cleaning-up-after-password-dumps.html

[*] なお、ちなみに日経BPの記事は流石にちゃんとしてた。 http://itpro.nikkeibp.co.jp/atcl/news/14/091100836/

by Nat at September 11, 2014 02:28 PM

Nat Sakimura

想像力の無い日本:『「全盲なら乗るなよ」「相当イラつくのは確か」川越線での全盲女子負傷 加害者への同調がツイッターで続出』

engelleri kaldır remove barriers   YouTubeまったくひどい話だ。

JR川越線で全盲の生徒が乗客から暴力を受けてけがをした事件[1]はみなさんの記憶にあたらしいと思うが、このNaverまとめ[2]によると、なんとツイッター上ではにわかに加害者の肩をもつ発言が台頭してきているという。曰く、「自業自得」「被害者ヅラするな」など。せっかく日本も「障害者の権利に関する条約」を批准[3]したという年に、こういう光景を眼前にするのは信じがたい思いだ。

町村先生のブログ、Matimulog「美しくない日本、炸裂」[4]にもあるが、この傾向は障害者にだけではなく、例えばマタニティ・マークをつけている人とかにも現れているようだ[5]。「同調圧力」の裏返しとして、「違う存在」「マイノリティ」への攻撃性として顕在化しているようだ。

相手の立場にたって考えることができないわけで、これはある意味想像力の欠如の現れとも言えよう。そしてこうした想像力の欠如は、とても恐ろしいことなのだ。日本をかつて戦争に駆り立てていったのも、こうした想像力の欠如による、同質性の強制に負うところが大きいように思える。

一つ良い動画を紹介しよう[6]。自分がマイノリティの側だったらどうなるのかということを教えてくれる動画だ。

「違う存在」に対して「いらついている」想像力の働かない人たちは、この動画を見たら、少しは分かってもらえるようになるのだろうか…。

[1] 『全盲女子生徒:足蹴られケガ つえで転倒の腹いせか 川越』 毎日新聞http://mainichi.jp/select/news/20140910k0000m040094000c.html (2014年09月09日 20時49分)

[2] 「全盲なら乗るなよ」「相当イラつくのは確か」川越線での全盲女子負傷 加害者への同調がツイッターで続出http://matome.naver.jp/odai/2141040600248450501 (2014/9/11取得)

[3] 外務省:『日本と国際社会の平和と安定に向けた取組』http://www.mofa.go.jp/mofaj/gaiko/jinken/index_shogaisha.html (2014/9/11取得)

[4] 『美しくない日本、炸裂』http://app.m-cocolog.jp/t/typecast/30148/31412/80603640

[5] 実際、私の友人の妊婦も突き飛ばされたりなどしているらしく、電車は怖いと言っている。

[6] Facebookで、N先生に教えていただきました。

by Nat at September 11, 2014 01:24 PM

Nat Sakimura

Googleの第一回「忘れられる権利」の公開討論会終了

全7回行われる予定のGoogleのAdvisory Council主催の「忘れられる権利」公開討論会の第一回が、去る9日、マドリッドで行われた。ロイターによると[1]、スペインから8人の専門家が出席して討論会が行われ、同国のプライバシー専門家協会のトップなど数人は、大衆の情報アクセスに影響を及ぼす判断をグーグルのような民間企業に委ねることの是非を質問したとのこと。

GoogleのAdvisory Councilは、シュミット会長とドラモンド最高法務責任者に、

  1. Luciano Floridi オックスフォード大学教授(情報哲学で有名)
  2. Silvie Kaufmann 仏ル・モンド紙 編集主幹
  3. Lidia Kolucka-Zuk 元ポーランド大統領補佐官
  4. Frank La Rue 国連高等弁務官事務所・言論の自由の推進に関する特別ラポータ
  5. José-Luis Piñar 元29条委員会副委員長
  6. Sabine Leutheusser-Schnarrenberger 元ドイツ法務大臣
  7. Peggy Valcke KUルーベン大学教授
  8. Jimmy Wales Wikimedia財団創始者

の8名を加えた10名で構成される。

今回の一連の討論会に関しては、EU当局は歓迎しているものの、フランスの当局であるCNILの長官であるIsabelle Falque-Pierrotin氏などは、参加者がオープンでなく、Googleが決めるために、それを通じて議論を誘導しうるとして批判的だ。

一連の討論会の内容は報告書にまとめられ、来年グーグルに提出される。

次回会合は10日にローマで開かれる。

[1] http://jp.reuters.com/article/marketsNews/idJPL3N0RB12P20140910

Advisory Council – Google Advisory Council

by Nat at September 11, 2014 12:19 PM

September 09, 2014

Nat Sakimura

Googleが「忘れられる権利」の公開討論会を欧州で7回開催

BBCニュースの報道[1]によると、Googleは「忘れられる権利」についての公開討論会を、9月9日のマドリッドを第一回として、11月4日までに合計7回、欧州各国の首都で行う予定だ[2]。8月までにGoogleは9万件の削除依頼を受けており、その約半数は実際に削除されているが、残りの半数は不適切な申請として退けている。人々の「知る権利」との兼ね合いもあるので、単純に削除するわけには行かないのが悩みどころだ。

そこで、Googleは、この「忘れられる権利」と「知る権利」のバランスをどう取っていくかということの討論会を行い、検討してきたいというわけだ。討論会は、Googleが設置したAdvisory Councilによって運営され、議長は同Councilから出る。同Councilは、Wikimedia財団の創始者のJimmy Walesや、かつてプライバシー当局に勤めていたり、プライバシー関係の裁判に関わった裁判官によって構成されている。

9月15日から始まる、「忘れられる権利」を各検索エンジンにどのように整合性をもって適用していくかということに関するEU各国のデータ保護当局の会合の直前に始まるこの討論会を、EU当局はこの動きを歓迎しているとのこと。一方、フランスの当局であるCNILの長官であるIsabelle Falque-Pierrotinは、批判的で、ロイターの取材[3]に対して、「彼らはオープンで倫理的であると見られたいのでしょう。しかし、CouncilのメンバーはGoogleによって選任され、だれが聴衆として参加できるか、どのような結論が出るかは彼らが決めるのです」と述べている。

[1] http://www.bbc.com/news/technology-28344705
[2] https://www.google.com/advisorycouncil/
[3] http://www.reuters.com/article/2014/09/08/us-google-privacy-idUSKBN0H308I20140908

Advisory Council – Google Advisory Council

by Nat at September 09, 2014 12:19 AM

September 05, 2014

Nat Sakimura

ロシアのデータ保護規則の重要な変更点

kremlin-300x228ACCの8月29日の記事[1]によると、去る7月22日、ロシアの改正データ保護法に大統領が署名しています。同法は、2016年9月1日に全面施行されます。

重要な変更点として、ロシア人のデータの保管及び処理は、ロシア国内で行わなければならず、違反者は、ロシアの通信当局であるRoskomnadzorが作る違反者レジストリに登録され、最終的にはwebブロッキングされるとのことです。

手続きは、Hogan Lovelsの記事[2]によると以下のようになります。

  1. まず裁判所が、そのサイトが違反をしているかどうかを認めます。
  2. 違反が認められると、RoskomnadzorがWebサイトをホスティングしている事業者に違反の通知をします。
  3. ホスティング業者は1日以内にサイト提供者に連絡しなければなりません。
  4. そこから1日以内にサイト提供者は是正をしなければなりません。
  5. もし是正がされなかった場合は、ホスティング事業者はそのWebサイトへのアクセスを制限しなければなりません。

これは、ロシア向けのビジネスを行っている企業や、ロシアにオペレーションを持っている企業に影響を与えます。これには、ロシア人の登録を許すWebサイトなども含まれるように読めます。これまでは、ロシアにプレゼンスが無い企業はRoskomnadzorの管理対象外だったようですが、今回の法制でロシア国内にデータを留めることになると、自動的にロシアにある種のプレゼンスができてしまうからです。

実際Webサイトがこれをやろうとすると、まずロシア国内のクラウド事業者かなにかと契約して、コピーサイトを立て、ユーザがメインサイトに来たら、IPアドレスなどからロシアからのアクセスであることを検出してロシアサイトに飛ばして、以後そちらで処理するなどが必要になると思われます。データも二重管理になりますし大変です。また、「ロシア人」というのですから、海外にいるロシア人も対象になるのでしょう。その場合は国籍を聞く必要も出てきそうですがが、日本だと国籍が機微情報だったりするので悩ましいところです。「私はロシア人ではありません。」というようなチェック・ボックスでも作るんでしょうか…。

ロシアからすると、ひょっとするとこうした法制を敷けば、二重管理を嫌うWebサイトがロシアのクラウドに引っ越してくるというような目論見があるのかもしれませんが、どうですかね。単にロシア・パッシングになる気もします。あるいは、本当は医療データとかゲノムデータとかそういうものを対象に考えていたのが、いつの間にか一般化されてしまったような形でしょうか。

有識者によると、この法律は外国企業のロシアへの投資に影響が大きく、施行前におそらく修正されるだろうとのことですが、いずれにせよ該当する企業は、どのように対応していくか、少なくとも動向をウォッチするべき時期に来ていると言えるでしょう。

なお、今回の改正では新たな罰金は導入されていないので、既存のものが適用されます。金額はRUB10,000[2]ですので、3万円弱ですね。これは大したことありません。EUのように全世界の売上の5%とかいわれると厄介なので、そういう変更が行われないように切に願います。

いずれにせよ、もう少し調べて、新しいことが分かったら、またここで報告いたします。

[1] http://www.lexology.com/library/detail.aspx?g=a6877256-b7bc-4278-b984-d364ad150bf4

[2] http://www.hldataprotection.com/2014/07/articles/international-eu-privacy/russia-enacts-new-online-data-laws/

by Nat at September 05, 2014 02:10 AM