Analysis of “pseudonyms” in SAML 2.0 & Liberty Alliance

Paul Madsen (whose name is far from a unique identifier in a Google context:-) just commented the following observation in response to my most recent post on the subject of user identification: Continue reading →

February 28, 2005 Posted by Stefan Brands | General | 1 Comment

A primer on user identification – Part 4 of 4

Today, the fourth part of the primer on user identification. In this final installment we examine how technological advances of the past decade are currently impacting the way user identifiers are generated and processed, and what this means for privacy and security. Continue reading →

February 28, 2005 Posted by Stefan Brands | General | 1 Comment

A primer on user identification – Part 3 of 4

The second part of this primer on user identification examined the privacy and security implications of self-certified user identifiers for both user and relying parties. In short, self-generated identifiers provide privacy and security for users vis-à-vis relying parties, but offer no security for relying parties vis-à-vis users. Here we examine the other traditional approach to user identifiers: certified user identifiers. Continue reading →

February 25, 2005 Posted by Stefan Brands | General | Leave a comment

A primer on user identification – Part 2 of 4

Yesterday’s first part of this primer on user identification clarified the contextual nature of user identifiers and how relying parties use them for one or more purposes. As well, it pointed out how the lack of connectivity and computerization have historically lead to a reliance on single-domain user identifiers, which are designed to be relied on only within a single trust domain – that is, by only one or a few relying parties that mutually fully trust each other. Continue reading →

February 25, 2005 Posted by Stefan Brands | General | 1 Comment

An elaboration on the first Design Principle of Identity

A week and a half ago, I posted the first of ten design principles for identity that cryptographers specializing in the design of identity applications generally accept as fundamental design principles for identity architectures. The first principle is that “the technical architecture of an identity system should minimize the changes it causes to the legacy trust landscape among all system participants.” Today, some elaboration on this principle. Continue reading →

February 25, 2005 Posted by Stefan Brands | General | Leave a comment

A primer on user identification – Part 1 of 4

In order to fully appreciate how digital identity management relates to privacy and security, especially in federated contexts, it is essential to analyze one of the core building blocks of any identity management architecture: user identifiers. Many misconceptions exist about what constitutes user identification; this confusion is probably the most underrated cause of many poorly constructed identity architectures. In an attempt to help create some order in the chaos, this blog posting is the first of a short series on the important topic of user identification. Continue reading →

February 24, 2005 Posted by Stefan Brands | General | 2 Comments

On the lesson that Liberty Alliance can learn from the ChoicePoint scandal

ChoicePoint, a Georgia-based company that spun off in 1997 from Equifax and has since acquired numerous personal data collection and processing companies, is making a highly profitable business out of selling personal information on Americans to hundreds of companies and government organizations. Continue reading →

February 21, 2005 Posted by Stefan Brands | General | 1 Comment

The first Design Principle of Identity

Microsoft’s Kim Cameron, presumably at least in part based on the lessons learned from where Passport was successful and where it was not, has recently been promoting seven “laws of identity”. Continue reading →

February 11, 2005 Posted by Stefan Brands | General | 1 Comment

On the convergence between identity management and privacy imperatives

Walking home last night through the fresh Montreal winter snow, it occurred to me how Passport and Liberty Alliance have, completely unintentionally and indirectly, been doing a wonderful service to privacy. Continue reading →

February 11, 2005 Posted by Stefan Brands | General | Leave a comment

On e-government, Liberty Alliance, and the tracking of cattle

Parents and various civil liberties groups (the ACLU, EFF, and EPIC) have urged a public school district in California to stop the use of RFID-enabled badges that automatically transmit identity information to a central campus computer whenever a student passes under a scanner. Continue reading →

February 10, 2005 Posted by Stefan Brands | General | Leave a comment

On the compliance of e-government architectures with the laws of identity

Over at one of my favorite blogs, the Ideal Government blog, e-government expert and privacy advocate William Heath wonders whether the Austrian ID card complies with Kim Cameron‘s laws of identity. Continue reading →

February 10, 2005 Posted by Stefan Brands | General | 1 Comment

More on Credentica’s upcoming SDK for unidirectional identifiers

In a previous post I briefly referred to an upcoming SDK for “unidirectional identifiers” (to stick with Kim Cameron’s terminology) that my colleagues and I at Credentica have been working on. Today I am taking the opportunity to say a bit more about these “next-generation” user identifiers. Continue reading →

February 8, 2005 Posted by Stefan Brands | General | 1 Comment

On the legality of SAML-like mechanisms in government-to-citizen contexts

The Joint Committee on Human Rights of the Parliament of the United Kingdom has published a report that seriously questions the compatibility of the ID Cards Bill of the UK with the European Convention on Human Rights. Continue reading →

February 4, 2005 Posted by Stefan Brands | General | Leave a comment

Announced integration of the Belgian national ID chipcard with MSN Messenger

The Belgian State Secretary and Microsoft yesterday jointly announced an alliance to integrate Belgium’s national identity chipcard (the “eID card”) with MSN Messenger. Continue reading →

February 3, 2005 Posted by Stefan Brands | General | 3 Comments

Regarding Kim Cameron’s “unidirectional” identifiers

Like many in the blogging community who concern themselves with identity management, I have been taking notice of Kim Cameron’s laws of identity. Continue reading →

February 2, 2005 Posted by Stefan Brands | General | 1 Comment

About digital identity management, airplanes, and flying bicycles

Lately, the interest in software tools that enable individuals to self-manage and share self-asserted identity information seems to be picking up where it left off after the collapse of the Internet bubble. Continue reading →

February 2, 2005 Posted by Stefan Brands | General | 2 Comments

On Infomediaries and Identity Providers

In 1999, Hagel III and Singer, in their book “Net Worth: Shaping Markets When Customers Make the Rules,” introduced and elaborated on the notion of “infomediaries.” Continue reading →

February 1, 2005 Posted by Stefan Brands | General | Leave a comment