Tom presented at the first of the revived EFF-Austin monthly meetings, June 1st at the Flying Saucer. He presented an overview of Internet identity and authentication issues, including some history, going back to Microsoft’s Passport and the .net initiative called Hailstorm, which were about authentication and storing an individual’s information – and which were ultimately not broadly adopted. Tom compared Facebook Connect to Passport/Hailstorm – they’re proprietary services, and they’re efficient, but not resilient. He talked about the evolution of a commons-based approach (Identity Commons) via the Internet Identity Workshop, and Kaliya Hamlin’s concept of user-centric identity – which is about the “Freedom to be who you want to be online – the right to anonymity and pseudonymity,” methods for identify validation and sharing the information you specifically want to share (vs having the data taken from you), and having an ability to control and curate the information about you that appears online. He also brought up the important question of ownership of a personal identifier – who can you trust? How do we avoid being locked into a (commercial) provider of identity/authentication services (like Facebook). A couple of important concepts here: Federation, which is the OpenID model, and delegation, which is the model used in OAuth (used by Twitter) and Facebook Connect. Tom talked about the question whether User-Centric identity is dead. One next step, the OpenID Connect project, isn’t user-centric, but the National Institute for Standards and Technology, there’s a new National Strategy for Trusted Identities in Cyberspace that is intended to be designed based on a user-centric federation model. (Tom’s slides are at http://effaustin-identity.heroku.com/#1.
Identity as if PEOPLE mattered…
Why should you care about the Internet Identity Movement? What makes it a BIG DEAL? How identity is handled online has always been a huge issue, and is a big issue for your privacy and online experience.
Back by popular demand! EFF-Austin’s resuming monthly public meetings on Internet and cyber liberties topics of interest.
Our very special guest speaker is coder extraordinaire Tom Brown, just returned from Internet Identity Workshop #12
The IIW is an open space workshop focused on user-centric digital identity. Attendees at IIW12 included many more people traveling from overseas and representation from the U.S. government with the emerging NSTIC initiative. We will have a conversation about the good, bad and ugly of NSTIC and the relationship and progress of protocols supporting user-centric identity including OpenID, OAuth and OStatus and derivatives like OpenID Connect and OAuth 2.0.
Bio: Tom Brown is an open source software developer who can be found on github.com as herestomwiththeweather. Tom has added OpenID, OAuth and OpenTransact to popular open source ruby projects and has attended most of the identity workshops since IIW7. Tom co-founded SuperBorrowNet, Inc. and maintains the oscurrency project in use by the Austin Time Exchange, the Bay Area Community exchange and emerging community exchanges in Oregon, Canada and Ireland.
Jay Unger’s IIW11 slides are a very helpful introduction to the 36 page National Strategy for Trusted Identities in Cyberspace document produced by Deloitte last year. Also, during the session, Jay shared some things he had heard from the Department of Homeland Security such as “expect the ecosystem to be private sector led” and suggested that this initiative was leading towards commerce (“reading between the tea leaves”). It seems Jay was right and it seems to me that the main catalyst here, although not clearly defined as a vision, was stated in the White House blog post on NSTIC this week.
we can…cut costs for businesses and government by reducing inefficient identification procedures.
Think about how much money businesses and government could save for each customer it can convert from doing things by phone and mail versus online. “Money is what jumpstarts this” is among my notes from the IIW session.
So, it seems a good question to ask about trusted identities is “trusted by who?” If the goal is to reduce costs which is desired by business and government, who truly needs to trust them are we, the people. This seems to be a matter of changing our perception about the security of doing our business online. Of course, there will still be security vulnerabilities and privacy compromises. We just need to perceive that NSTIC is fixing those. Therefore, I agree with Kaliya Hamlin’s sentiment that We Shouldn’t Freak Out About NSTIC.
Update 1/11: Here is the video of last Friday’s Stanford Institute for Economic Policy Research event with Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard Schmidt and ID Commons post-event conference call notes. To keep updated with these calls, check here.
IIW11 was held November 2-4, 2010. IIW12 is is May 3-5, 2011 in Mountain View, California.