February 13, 2003
Identity like it should be - as individual assertion

Interesting things are happening in identity space through the use of FOAF. It's identity done like it should be, namely first and foremost as assertions by an individual - not of an individuals relationship to government or corporate entities.
What is on the table is a person to person identification service for the fastest growing two-way web there is, namely the space of weblogs. An implementation by the always on Ben Trott is already available. So now there is a way to handshake when using a weblog which of course makes your digital space (your weblog) much more lived in. While I work for a company with a technology to do something like that I think it can only happen in the way it is happening now from the ground up from the rightful owners of the information. The organizational push of identity from above is a completely different matter of course.

The second information is published, privacy concerns kick in of course.

And these privacy concerns are not so easy to put to rest. FOAF affords signing and encryption of content with PGP, and that works nicely for point to point connections, but conversely encryption completely screws up your ability to casually meet new people and thus the ability to establish public space. To establish a public space you need (in the digital world) indexing.
And that means you're left with a dilemma: You want to publish information about yourself to establish a public persona, but you want to keep some information private (for obvious reasons).
The technical fix that applies is simple. Establish the notion of a persona (which is a role distinct from the identity) explicitly and provide barriers of privacy by establishing a layered presence around that persona. To simplify your interactions you want these personas to interrelate: The private You can of course act directly on behalf of the amazon shopping You and can sign on behalf of the amazon shopping You, but not vice versa. The amazon shopping You and the google searching You don't know anything about one another, nor should they (or sinister behind the scenes information aggregators will be able to correlate way too many of your online behaviours)
Note that the PGP signing approach is too simplified for this kind of thing. Your PGP public key is as dangerous as a publicly known social security number when it comes to learning things about you by aggregating information from various sources that should have been kept private.

A model like that would mirror the way we organize our physical world. Different relationships you have with different entities afford different rights to know stuff about you and to act on your behalf.

Interestingly for any kind of privacy to remain you need quite oblique namespaces to hold these personas, or the namespaces themselves will give the private person away, just like the PGP key did. The human accessible rememberable space for this kind of technology must be rights based and strictly point to point.
What that means is that the namespace of today cannot be used as a safe public space for individuals. You need new dynamic services with a rights system built in. They can be aggregated in the very loose knit fashion of DNS, (in fact the notion of zones make a lot of sense as something akin to personas) but the descent through zones would have to occur at the client and could not safely be aggregated via a server. What that means for the network intensity of this interaction is unclear to me.

Posted by Claus at February 13, 2003 03:03 PM
Comments (post your own)
Help the campaign to stomp out Warnock's Dilemma. Post a comment.

Email Address:


Type the characters you see in the picture above.

(note to spammers: Comments are audited as well. Your spam will never make it onto my weblog, no need to automate against this form)


Remember info?