Tom presented at the first of the revived EFF-Austin monthly meetings, June 1st at the Flying Saucer. He presented an overview of Internet identity and authentication issues, including some history, going back to Microsoft’s Passport and the .net initiative called Hailstorm, which were about authentication and storing an individual’s information – and which were ultimately not broadly adopted. Tom compared Facebook Connect to Passport/Hailstorm – they’re proprietary services, and they’re efficient, but not resilient. He talked about the evolution of a commons-based approach (Identity Commons) via the Internet Identity Workshop, and Kaliya Hamlin’s concept of user-centric identity – which is about the “Freedom to be who you want to be online – the right to anonymity and pseudonymity,” methods for identify validation and sharing the information you specifically want to share (vs having the data taken from you), and having an ability to control and curate the information about you that appears online. He also brought up the important question of ownership of a personal identifier – who can you trust? How do we avoid being locked into a (commercial) provider of identity/authentication services (like Facebook). A couple of important concepts here: Federation, which is the OpenID model, and delegation, which is the model used in OAuth (used by Twitter) and Facebook Connect. Tom talked about the question whether User-Centric identity is dead. One next step, the OpenID Connect project, isn’t user-centric, but the National Institute for Standards and Technology, there’s a new National Strategy for Trusted Identities in Cyberspace that is intended to be designed based on a user-centric federation model. (Tom’s slides are at http://effaustin-identity.heroku.com/#1.
