the.Inevitable.Org/anism

I had to do a quick post while on wireless in Winnemucca. We’re
on our family holiday trip to the California Bay Area to visit with my
parents and sisters and we stopped overnight in Winnemucca.,
Nevada. The Holiday Inn Express has free wireless Internet … of
course.

It’s pretty wild to continue to see the growth of the Internet … and
the expansion of free wireless service. Even in Winnemucca you
can stay overnight at a Holiday Inn Express … and be ahead of a lot
of the people who didn’t!

Well … I didn’t blog anymore from my cell phone … I was getting too
hammered by snow!  I’ll post some pictures … but I’m now down
and done.  The wind turbine is back up and ready to charge up the
batteries in the shed.  If only we now get some wind … maybe
tonight!

CellPost: Well, the tower is tilted down, and I’m about to solder the new connections. Over all, it’s going pretty smooth.

CellPost: Note to self: Make sure to put cell phone in pocket before hiking up mountain in snow storm!

I am up at my wireless communications shed on the mountain behind my house. It is snowing like crazy, however I have to get my wind turbine replaced. I’ve just made two trips carrying tools, ladder,saw-horses, and the wind turbine. I’ll post pictures later …

I’ve written and rewritten this post too many times … all the way
through Christmas and the New Year. It’s time to post it and get
on to the next …

It is very cool to see all of the people that are joining this
conversation about Identity. And I do like the “lead” that Kim is
taking in driving towards an actual software solution … actual
implementations. I have a few comments on his Fouth Law of
Identity, however I wanted to throw out this Axiom to address his
request:

I would like to hear more of Scott Lemon’s ideas about how philosophical thinkers can help us figure out ways we can write software that intuits - this is my word and perhaps it is too rhetorical - our identity decisions for us… [Kim Cameron’s Identity Weblog]

I’ll throw out my next Axiom … and then some scenarios on how things might occur:

I posit that identity is exchanged in transactions that occur within a context of trust and authentication.

So what does this mean? It means that we are constantly
exchanging identity information throughout each and every day. Most of
these exchanges are so transparent to us … completely implicit and
automatic. The world around us is filled with “providers” and
“consumers”. We ourselves are both … at the same time. We
have, over the years, also developed a keen sense of “awareness” of the
providers of services that we want … or how to find them. We
have also developed a long list of “trusted sources” of services. This
sets up the basic foundation for an identity transaction, and it’s
context.

I move to a new town, and I
want to rent an apartment. I find some apartments that
meet my requirements, and then visit the apartment complex. They
hand me a rental application, and I fill out all of the
information. I give it back to them … a day later they call me
and indicate that I have been accepted as a tenant. I then visit
the apartments again, sign more papers and get the keys.

In this scenario, what exactly is going on with respect to
identity? This is really no different from the Polycomm and Cell
Phone scenario that Kim has been using.

The rental agreement is actually the interesting transaction to
me. It touches on most of the core aspects of identity
transactions. First, a rental agreement is actually a request for
identity information. More importantly, it is a request for pieces of
my identity along with the
references, or communities, that can be used to “authenticate” that
identity
information. They want to know how much money I make, and also
where I am working. They want to know the last three places that I
lived or rented. They can choose to trust the information I
provide, or more likely they will “verify the authenticity” of that
information with my references.

I have the option of locating
trusted sources and gathering background information on the apartment
complex. The apartment complex gives me a rental application to
gather my background identity information and verifying my
“trustworthiness.” In most cases, I simply “trust” the apartment
complex, and do little to look at their reputation. The apartment
complex uses a process to authenticate the identity information that I
have provided with their own trusted sources.

Some of my information is provided with “implicit” references to the
“definitive authorities” of that information. My Social Security
number, or drivers license state and number. Both of these are
understood to represent information that may be authenticated with
government agencies. Likewise, there are attributes that allow the
apartment complex to do a credit check with various credit
agencies. My job however has to be authenticated with
my employer. So when you truly
look at what any paper job application, loan application, etc.
represents, it’s actually a request for identity information along with
the information necessary to provide a context … to authenticate the
information … if so desired.

It would be great to apply for
the apartment on-line, and have the information automatically filled in
- if it is known and recognized - by identity software running on my
PC. If the identity software recognized field names, it would
fill in the appropriate information from my personal identity store
(Personal Directory?), and if it didn’t recognize the names, then it
would allow me to create global or site-specific aliases for the
fields. In addition, I would be able to review the information
being sent, and even temporarily or permanently change what is being
sent.

This is where I see a lot of value for digital identity software to
solve a real-world problem. Yes, single sign-on is one place, but
the world of paper ‘applications’ that request all sorts of redundant
and mundane information is very inefficient and tedious. On top
of that, most of these paper forms are asking us for the same
information, and a lot of past historical information that we are
expected to memorize! What are your last three addresses?
What are your last three jobs? When was your last tetanus
shot? Who is your insurance company?

If I answer the question once, it seems that my own little personal
identity agent could record my answer … so that the next time I am
asked for that information it would be “pre-populated” in the
form. This is exactly what the browser ‘form filling’ solutions
do … so why not expand this extensively?

Once I have completed the
apartment rental application, I probably would not want to always keep
them up to date with this information forever. However, there are
many cases where I *DO* want to keep someone up to date. When
someone asks for my business card, I ought to be able to send it to
them, and tell my personal identity agent to prompt me if I every
change that information. The prompt would be something simple
like “Scott, you just changed your home address … you asked me to
always notify this one group of people (so I already did!), and you
also asked me to prompt you about this group of people … can you
choose the ones that you want it sent to?”

This is really where we wanted to move with digitalMe … and it is far
from the software doing things automatically without instruction.
It is more that during the various identity transactions that we
experience, the identity software would be accumulating a set of
‘rules’ that we design to determine how future transactions might occur.

So this is almost like taking the simple form filling that we have
today, putting a real identity store behind it, and coupling it with a
‘learning’ rules engine similar to the learning firewalls that are
available today. If we then add support for the various identity
protocols that are growing in momentum we have a very flexible tool
that automates much of the work that we do today in these identity
transactions.

I have been following Mono on the C# front, however I know that they
are saying they will also support VB.NET.
It’s supposed to be there for Mono v1.2 … and I believe that it’s
going to provide a lot of momentum for Mono.  It would interesting
to
see this Gambas development environment integrated with the Mono v1.2
VB.NET stuff
…

Gambas 1.0 RC4 (Development). A Basic graphical development environment. [freshmeat.net]

I agree completely with Kim’s Third Law.

The Fewest Parties Law of Identity

Technical identity systems MUST be designed so the disclosure of
identifying information is limited to parties having a necessary and
justifiable place in a given identity relationship.

This is, IMHO, the same thing that caused the failure of
Novell’s digitalMe project … after it was taken over by others in the
company. It’s funny how some people at Novell really thought that
Novell was somehow going to become the de facto source of identity
information in the world.

I kept hearing these funny internal pitches about “billion
user directories” … and silly me I just kept thinking “I would rather
sell hundreds of millions of personal directories, then a couple
of ‘billion user’ directories!” How many “billion user”
communities are there on earth?

I think of a different theory on why these grand schemes
fail. Kim touches on this also. If you try to build the
“one big thing in the sky”, and there is a second group of people that
don’t like you or trust you, then they’ll build their own
version. Which means there will be two. If there are two,
then there will be three or more … and then things start to go in all
directions. It’s funny to see this even occurring in the Open
Source world. People have disagreements and fork a project …
and then it get’s forked again. I’m not saying this is bad at all
… it’s the natural progression. So build to embrace this!

The original digitalMe team was after building community
platforms, and then providing methods to federate … however much of
what we were pursuing was “client-side federation” … allowing the
user to be the federation point, since they exist at the intersection
of all of the communities that they belong to. We figured that we would allow anyone
to create a community … and allow people to choose the communities
that they wanted to belong to, and which ones they would trust.

Part of the reason that I strongly believe in the Third
Law is that this is how the “philosophical” views fall also. When
I participate in an identity transaction, I can choose to limit the
parties involved if I trust the other party or if the information being
exchanged is not too valuable. On the other hand, I might have to
bring in a third or fourth party if we both want to feel secure about
who the other party is, or I want to authenticate the identity
information being exchanged.

In the end … I like Kim’s thoughts …

I agree completely with the line of thought from Dick.  There is
the concept of passing groupings of identity values, passing individual
identity values, and then passing the results of comparisons.  All
of this is greatly enhanced in the digital world.

Identifiers Enable Discrimination.
Kim Cameron posted his Second Law of Identity The Minimal Disclosure
Law of IdentityThe solution which discloses the least identifying
information is the most stable, long-term solution.”The thesis here is
that the more identifying information is released, the more a solution
invites abuse by rogue (and ultimately criminal) elements. We will
return to a more rigorous discussion of these dynamics… [Dick Hardt - Blame Canada]

I really like Dave Kearns and his “no nonsense” attitude. As I
worked at Novell, he often saw right through the crap going on
internally, and asked the tough questions. I’m glad to see him
following this conversation … he was one of the few that understood
the value of a “personal directory” …

He recently commented on my Axioms of Identity
and I have to admit … he brought up a very interesting
perspective. How ever, as he stated, “I can see we’re going to
disagree.”

He indicated that DNA is an interesting form of identity and that:

Your DNA is you. You are your
DNA It is not assigned to you nor can you change it. It is your identity. Everything else is simply a “handle”, a shortcut or nickname for the identity that is you. [The Virtual Quill]

Hmmm … I have been thinking about this for a while. There are two issues that I see where this falls down …

1. DNA is not 100% unique. What? How can that be? Well … identical twins DNA.
I have to admit that one of the coolest things that I heard at a recent
conference was the answer to the question “Do identical twins have
identical finger prints?” The answer is no … even though they
do have identical DNA. So we have a situation where DNA can not
be my identity … or at least is not unique to me … if I am an
indentical twin.

2. There is a more important issue here … and that is that the entire
model and concept of DNA is again “given to me.” Yes, I do have
an interesting trait that some communities measure and discuss as
“DNA”, however there are a large number of places on earth, where there
is no such concept. DNA is something that a certain community of
people on earth say that I
have. However outside of these circles, it means nothing.
If I met up with some people in the jungles of New Zealand who had no
worldly contact, they might listen to my stories about double-helix strings of sugar-phosphates, however it probably would be meaningless to them.

This is again proof of my Second Axiom
… it only exists within the context of a community that gave me that
identity. When I leave that context … it doesn’t exist.
Just like the DNA example … I have a height and weight also … but
only as concepts that a community of people agree on. I am told
that I am as tall as something, and weigh the same as something … and
that I have DNA that is similar to something.

I am flattered by Dave’s comments and the conversation … I look
forward to more of this. I also look forward to discussing more
the concept of a personal directory to store all of this information
… as long as the directory supports enough of the required
functionality.

I had a friend ask me if I was really serious about these “Axioms of Identity” today …

Uh … no.  I mean, yes … I love the conversation and have spent
a lot of time thinking about this problem space.  But no … I’m
not really such a serious person.  I enjoy life too much.

Even the word “posit” I picked up with a friend Bruce Grant at the Accelerating Change Conference
in California last year.  During the first day, person after
person would get up to the microphone and start off by saying “I posit
…” … we both loved it.  We started using it at work all the
time … for the fun of it.

So … yes … I love to think deeply … and at the same time, I’m having fun!

I had a friend that has been doing this for year for the court
systems.  They can take audio and video during court hearings, and
then index all of the content.  You can then search through out
the entire hearing for particulat words, etc.  I agree with
Google’s direction … they are on to something cool …

Coming soon: Google TV? [Slashdot:]

I agree completely with Phil.  Why don’t more people and entities
use RSS to let us know about things.  I have numerous Qwest DSL
lines … let me subscribe to the network status RSS feed!  Let me
subscribe to Open Source Software security/update notices.  Maybe
even my local government.

Using RSS for Service Announcements.

Why don’t Comcast and other ISPs use locality specific RSS feeds
to notify customers of upcoming schedule maintenance windows, customer
service alerts, and so on? For that matter, why can’t I subscribe to an
RSS feed for any product I buy that alerts me to upgrades, and so on?
As far as I know not even “in the RSS groove” companies do this. Create
product specific RSS feeds and display them prominently in the “About”
box, the product page on your Web site, and anytime the software is
downloaded.

[Windley’s Enterprise Computing Weblog]

It’s nice to see some interesting things being done with SVG … it still hasn’t really caught on.

Inkscape 0.40. An SVG-based vector drawing application. [freshmeat.net]

I almost want to start a new blog just about virtualization and
emulations. This is an intersting one that started as a “user
mode Linux” and then went entirely to a Virtual Machine. It
appears to require i386 hardware to create the i386 VMs …

FAUmachine 20041116. A virtual machine that emulates an i386 PC. [freshmeat.net]

I always like to read about software like this.  It is truly
amazing what we are able to do with the growing levels of computing
power.  Instrumentation like this allows you to create higher
abstractions and models of what is going on … allowing for new levels
of improvement.

Pin Dynamic Instrumentation Tool 2.0.8. Software instrumentation of executables for Linux. [freshmeat.net]

I am getting the idea of where Kim is going with the Second Law …
I think. I and I agree completely. The solution that is
going to dominate is the one the consumer perceives as providing the
most control over, and awareness of
, their identity information. Ok … I added the “awareness of”
part. It’s to address one of the questions that Kim had in a
later post. I’ll get to it. I wanted to explore a new angle of this part of Kim’s post:

A solution in which the polycomm has to query my mobile phone for a social security number would be much less stable than one which required the polycomm to query only for the address of an mp3 service.

This makes me think about a lot of questions … and I want to
explore this in an orthogonal direction. I’m more thinking about
the “identity transactions” that are taking place. This actually
leads into my Third Axiom in which all identity is exchanged within
“verified” or “unverified” contexts. Of course it could also be
an “asymmetric” context in which on one party verifies the identity of
the other.

In this scenario, there are two digital devices that are wirelessly
communicating and exchanging information. In many scenarios like
this … the two devices might just trust each others “unverified
identities” and offer services or consume services. We live our lives
using and accepting a lot of “unverified identity” information, however
there are
many scenarios in our lives where “verified identity” is required.

When I walk into a bar, for example, the bartender is no longer as
likely to “take my word for it”. He or she instead wants me to
provide some credentials from a mutually acceptable community that we
both belong to. I could provide a drivers license, a passport, a
military ID, or maybe even my little digital device, that refers the
bartenders little digital device to contact some webservice that exists
at a commonly known namespace.

Of course, it could be that my little digital device contacts the web
service first, indicating that the bartender is going to be requesting
to verify my identity information in a moment. I get a “ticket”
back from the web service that I give to the bartender that allows the
bartender to only make that verification request … and only within a
certain amount of time. The request might be to verify my age, in years …
or better yet that I am simply “older than the legal drinking
age”. (This is something that I thought of when reading Dick Hardt’s post
the other day.) These are all details that the bartender and I have to
agree upon …
or have cool little digital devices that store our identity and
preferences and accelerate the negotiation. (No Kim … not
completely automate … unless I’m comfortable with that …

All of these transactions support the idea that identity comes from
communities. The more important or valuable the transaction, the
more it will require verification … from an authoritative source.
That source will be the community that gave that identity to us,
or one that has a trusted relationship with the community that did.

Casual interactions between cell phones and polycomms … can use
unverified identity. And every now and then you might hear some
very disturbing sounds or music coming from a polycomm!

Speaking of cell phones … the last couple of days I spent some time to hack around in Radio Userland.  I enabled the e-mail-to-weblog feature, and fixed a bug in their parsing … and I now can blog (to my other web log) from my Nokia cell phone!

Fun stuff … now to modify Radio to allow me to specify the blog I want to post to, and I want to get pictures working …

I’ve been working on too many fun projects lately.  I’m involved
in a start-up in the Cell/PDA marketplace, I’m working on embedded
Linux applications for 802.11a/b/g access points, and have been
experimenting with a variety of e-commerce applications.  And now
I’m also captivated by the identity management conversation that has
come up.  I’m going to post a little tonight … I like a lot of
what I’m hearing …

Too little time … too many fun things to play with!

In my quest to follow the evolving world of virtualization and
emulation, I found this posted on Freshmeat … yet another hardware
platform being virtualized in software.

cereal emulation framework 0.93.4. An easily-extensible 8051 emulator. [freshmeat.net]

CellPost: Got it!!

I was able to slowly debug my way through the
Radio Userland code and find the problem! For some reason the parsing
of my message was expecting a slightly different format.

This is my first real post to see if this works. I’m on my way to being able to post to my blog from my cell phone … Cool!

CellPost: 10

——=_Part_3210_4250253.1101945542783
Content-Type: text/plain; filename=3tJG1.txt; name=3tJG1.txt; charset=utf-8
Content-Transfer-Encoding: 7bit
Content-Location: 3tJG1.txt
Content-Disposition: inline; filename=3tJG1.txt
Content-ID:

CellPost: testing again …
——=_Part_3210_4250253.1101945542783–

I am slowly making progress in getting Radio to drop these content-type
headers so that I can do more ‘moblogging’ with Radio Userland. 
I’m going to see if I can complete writing this change, and then see if
I can get Radio to accept the attached .jpg pictures and add them to my
posts …

We’ll see how this progresses …