Analysis of “pseudonyms” in SAML 2.0 & Liberty Alliance
Paul Madsen (whose name is far from a unique identifier in a Google context:-) just commented the following observation in response to my most recent post on the subject of user identification: Continue reading
A primer on user identification – Part 4 of 4
Today, the fourth part of the primer on user identification. In this final installment we examine how technological advances of the past decade are currently impacting the way user identifiers are generated and processed, and what this means for privacy and security. Continue reading
A primer on user identification – Part 3 of 4
The second part of this primer on user identification examined the privacy and security implications of self-certified user identifiers for both user and relying parties. In short, self-generated identifiers provide privacy and security for users vis-à-vis relying parties, but offer no security for relying parties vis-à-vis users. Here we examine the other traditional approach to user identifiers: certified user identifiers. Continue reading
A primer on user identification – Part 2 of 4
Yesterday’s first part of this primer on user identification clarified the contextual nature of user identifiers and how relying parties use them for one or more purposes. As well, it pointed out how the lack of connectivity and computerization have historically lead to a reliance on single-domain user identifiers, which are designed to be relied on only within a single trust domain – that is, by only one or a few relying parties that mutually fully trust each other. Continue reading
An elaboration on the first Design Principle of Identity
A week and a half ago, I posted the first of ten design principles for identity that cryptographers specializing in the design of identity applications generally accept as fundamental design principles for identity architectures. The first principle is that “the technical architecture of an identity system should minimize the changes it causes to the legacy trust landscape among all system participants.” Today, some elaboration on this principle. Continue reading
A primer on user identification – Part 1 of 4
In order to fully appreciate how digital identity management relates to privacy and security, especially in federated contexts, it is essential to analyze one of the core building blocks of any identity management architecture: user identifiers. Many misconceptions exist about what constitutes user identification; this confusion is probably the most underrated cause of many poorly constructed identity architectures. In an attempt to help create some order in the chaos, this blog posting is the first of a short series on the important topic of user identification. Continue reading
On the lesson that Liberty Alliance can learn from the ChoicePoint scandal
ChoicePoint, a Georgia-based company that spun off in 1997 from Equifax and has since acquired numerous personal data collection and processing companies, is making a highly profitable business out of selling personal information on Americans to hundreds of companies and government organizations. Continue reading
The first Design Principle of Identity
Microsoft’s Kim Cameron, presumably at least in part based on the lessons learned from where Passport was successful and where it was not, has recently been promoting seven “laws of identity”. Continue reading
On the convergence between identity management and privacy imperatives
Walking home last night through the fresh Montreal winter snow, it occurred to me how Passport and Liberty Alliance have, completely unintentionally and indirectly, been doing a wonderful service to privacy. Continue reading
On e-government, Liberty Alliance, and the tracking of cattle
Parents and various civil liberties groups (the ACLU, EFF, and EPIC) have urged a public school district in California to stop the use of RFID-enabled badges that automatically transmit identity information to a central campus computer whenever a student passes under a scanner. Continue reading
On the compliance of e-government architectures with the laws of identity
Over at one of my favorite blogs, the Ideal Government blog, e-government expert and privacy advocate William Heath wonders whether the Austrian ID card complies with Kim Cameron‘s laws of identity. Continue reading
More on Credentica’s upcoming SDK for unidirectional identifiers
In a previous post I briefly referred to an upcoming SDK for “unidirectional identifiers” (to stick with Kim Cameron’s terminology) that my colleagues and I at Credentica have been working on. Today I am taking the opportunity to say a bit more about these “next-generation” user identifiers. Continue reading
On the legality of SAML-like mechanisms in government-to-citizen contexts
The Joint Committee on Human Rights of the Parliament of the United Kingdom has published a report that seriously questions the compatibility of the ID Cards Bill of the UK with the European Convention on Human Rights. Continue reading
Announced integration of the Belgian national ID chipcard with MSN Messenger
The Belgian State Secretary and Microsoft yesterday jointly announced an alliance to integrate Belgium’s national identity chipcard (the “eID card”) with MSN Messenger. Continue reading
Regarding Kim Cameron’s “unidirectional” identifiers
Like many in the blogging community who concern themselves with identity management, I have been taking notice of Kim Cameron’s laws of identity. Continue reading
About digital identity management, airplanes, and flying bicycles
Lately, the interest in software tools that enable individuals to self-manage and share self-asserted identity information seems to be picking up where it left off after the collapse of the Internet bubble. Continue reading
On Infomediaries and Identity Providers
In 1999, Hagel III and Singer, in their book “Net Worth: Shaping Markets When Customers Make the Rules,” introduced and elaborated on the notion of “infomediaries.” Continue reading
-
Archives
- March 2008 (1)
- February 2008 (1)
- November 2007 (1)
- October 2007 (1)
- August 2007 (2)
- June 2007 (7)
- May 2007 (2)
- April 2007 (2)
- February 2007 (1)
- November 2006 (1)
- October 2006 (1)
- September 2006 (1)
-
Categories
-
RSS
Entries RSS
Comments RSS