Internet Infrastructure Ignorance

While at Internet Identity Workshop 2005 this past week, one of the interesting issues that
came up several times related to name spaces.  Specifically, there
were numerous times where people voiced their opinions about how name
spaces “should” map onto the Internet, and they used DNS as an example
of how things “should” be.  The problem is that they demonstrated,
by their words and arguments, that they were ignorant of how DNS
works.  The infrastructure of the Internet has become so
transparent, that it seems to me people have begun to make gross
assumptions about it’s architecture, and this is what is the root of
many of the security and privacy issues that we are seeing today.

I was looking forward to the presentation by Drummond Reed about XRI/XDI.  One of my concerns in any solid digital identity solution is the freedom to choose. 
I am not a big believer in compulsory community membership, but instead
believe that true freedom is represented by our ability to move in and
out of various communities at will, and to create new communities as we
want.  I really like this thought from “The Meaning of Life – Part II“:

There are millions of different social groups in the world, political, economic,
religious, philosophical, and cultural. These groups are all trying to bring
their particular vision into focus and build a life that is related to the
central principles of the group. Each of these groups is an experiment in
progress. As time passes, the ideas that are developed within these groups
either spread to the society as a whole or are abandoned as unworkable. This is
a Darwinian process that develops better ideas in the same way that evolution is
supposed to develop better animals. You can find more information about this
notion of “idea evolution” at the Memes: Introduction site. Even
groups that you personally dislike are working in your behalf, attempting to
build visions of the world that might allow you to interact with the world more
creatively and successfully.

Groups also serve as symbols in the social world. Groups with different
beliefs than your group provide you with viewpoints you wouldn’t have otherwise
considered. They also represent parts of your own mind that you are not focusing
on. However, if you fear those parts of your mind, this representation can
degenerate into projection, which is a bad thing.

What does this have to do with DNS and digital identity?  It is that I want the freedom to NOT
have one name, one identity, or one reference across all
communities.  Yes, there might be some places where I would
benefit from some level of federation.  At Internet Identity Workshop 2005 I actually
saw where OpenID is intended to not only provide Single Sign-On, but
also is specifically designed to cause a level of federation across web
sites.  I DO NOT
want this to be a requirement.  I am ok with it being an option.  It is this flexibility that I
believe will allow a particular solution to become successful and
ubiquitous.

So … I really wanted to hear more about XRI/XDI and i-Names
because I specifically wanted to learn if they were going to try to
“root” the entire name space into one fixed community.  My real
question was:  “Is XRI/XDI yet another Internet ‘tax’ like Domain
Names (DNS), where you have to pay some entity on an annual basis to
use the value of the technology?”  Or, was XRI/XDI simply one
solution that could be “rooted” anywhere, and allow for the emergence
of various communites to use the technology, and have the naming
relative to the community.  To my relief, the latter was
true.  XRI/XDI is based on specified root servers, and so naming
resolution is based on what root servers you choose.  In the end,
what this means is that my i-Name is only relative to the community.  It is not necessarily a globally unique identifier
for me.  It also means that any community can set up their own
root servers, and create name spaces of their own.  In the end
this means that =drummond.reed only refers to Drummond within the context of a particular community!  Bingo!  I like it!

What shocked me was the almost immediate upset expressed by numerous
people at the conference.  They wanted these names to be
absolutely globally unique . .. so that no one would ever be able to
get “my” name, and there would never be any ambiguity about who was
being referred to by an i-Name.  I fully understand the desire,
however what shocked me was the references to DNS as having this
characteristic!  People actually believe that DNS provides an
absolute unique identifier in any context!  The DNS system has
become so transparent, and ubiquitous that people no longer realize
that it is simply one community for naming on the Internet … and
there is nothing locking people into using it.  These people do
not seem to realize that I can set up my own root servers, and resolve
and DNS name to any IP address that I like!  In fact, I’m quite
surprised that the Open Source community has not stepped up to revolt
against the “Intenet tax” imposed by ICANN and re-ignited the efforts
of OpenNIC, AlterNIC, and many of the other early pioneers in creating
a truly free naming system on the Internet.

DNS naming only works because
our servers, workstations and laptops all obey the rules, and the
default configurations imposed on us by our Operating Systems, ISPs,
and DHCP servers.  Anyone who has installed a DNS server could
easily find the default InterNIC root server list in one of the files
on their system …  /var/named/named.ca
on my Fedora Core 4 install.  I could go into my DNS server and
define “www.amazon.com” to be any IP address that I want.  If you
then happened to route through my DNS server (by being on my network)
then you would get *my* name resolution … not InterNICs.  If I
was an ISP, or even an Internet Cafe, there is little that you could
do, and in fact you would most likely just trust
that the DNS server you were using was trustworthy.  Another
common hack used by trojan horses on the net is to modify your local hosts file.  Most all systems have a hosts file that will resolve naming on your local machine without requiring DNS at all!  If I put an entry in your hosts file for “www.amazon.com” then it will never even use DNS to attempt to resolve the name correctly.

There is nothing in DNS that stops me from adding other root servers, and creating my own free
Top Level Domains (TLDs).  It is only because people just fall in
line with the DNS configuration that it works.  It is only because
we allow our machines to automatically join the ICANN community. 
It is only because of our ignorance and lack of education about how all
of this works that we think that DNS names are globally unique in all
situations.  DNS names, and all naming, are the products of
specific communities or contexts.  Although these communities
might grow to be so large that we can’t seem to see anything else,
there still is the something else.  I actually like it that way.

Post-IIW2005 Client-side Identity Management

After getting home from Internet Identity Workshop 2005 there are a number of thoughts on my
mind. Probably the best conversation that I had was with the
group around Mike Shaver from Mozilla.org. He suggested a conversation about what client solutions could be developed to enhance digital identity … and I love client solutions.

The value of a client solution, and the core of this conversation, is
that client solutions can often be created without having to touch the
server! Mike wanted to hear what might be done in the browser –
Firefox – that could enhance digital identity, without any server
integration. My suggestion was – enhance the form filling!

Today we are all familiar with the “form fill” capabilities in the
browsers. They keep track of previous entries in text fields, and
also in username/password fields, on the various web pages and web
forms that we use. The browser is in a unique position to truly
add value to everything that I do … this is greasemonkey++ for digital identity. The browser could begin to keep a local or remote (e.g. LID, LDAP, etc.) store – that I can edit and alter – of all of the bits of my identity that are asked for by web sites. It could allow me to alter the values – on a per site basis
– to custom tailor what I give out to anyone. It would keep track
of what I gave to who. It could even incorporate functionality to
automatically post to web sites when I change my local information …
like when I move to a new home, or job. Mike suggested that a
repository of web forms could emerge as users develop and document the
multitude of sites and their forms and how to interact with them.
That is a grass-roots digital identity solution.

It seems to me that Firefox and Internet Explorer are best positioned
to take on this challenge, and to begin to incorporate truly useful
functionality that would remove much of the tedium of entering personal
information. In addition, they could allow me to stay “in
control” of what I am
giving to web sites and automating much of what I do today when filling
out forms. What is cool is that if Firefox did it, it would have
a huge leg up even if IE failed to adopt and implement the
capabilities. It could really become a killer app for Firefox.

The current implimentations are far too limited. Some of the issues that I have thought of so far are:

  1. There is no easy way to view the information that was stored, to edit these values, and to manage how they are used. I want to delete a mis-typed autofill value, or change a password.
  2. I am not prompted, on a per site basis, if I might want to use a
    previously entered value – even if the form uses a different field
    name. I want to associate a field named “phone” with the values that I have entered for “phone number”
  3. When filling in a value, I want to enter a “lie” for that particular site. Hey … I’m just being honest that I lie to some sites!
  4. I want a full audit of where I have given out my information, when, what information, etc. This allows me to review what I have provided to which sites and when.
  5. I want to specify where the browser gets and stores the information used in form filling. I want to use LID! I want to use a LDAP directory!
  6. I want assistance in accumulating my digital identity over time. Bit by bit as I am asked for my identity I want it kept so that I don’t have to keep typing the same info over and over again.

In my opinion, this type of enhancement could truly alter how we
interact with web forms, and share our personal identity
information. What is really cool is that this can be done today
… on the client … without requiring any server changes, and without
requiring sites to adopt new servers or technologies. Users
benefit regardless of what the web sites and servers do … imagine
that!

Claims based Identities

I’ve been too buried in my other work lately to come up for air. 
However, we are now getting close to a product release, and I am
anxious to begin to experiment with the new Microsoft SDK and Kim’s
work.

I really like this terminology about “claims based identity” since that
is all identity is, IMHO!  This fits completely with the Axioms
that I have (slowly) been working on, and it supports that – “Identity
only exists in language.”  (On a side note, it hit me this weekend
that all words represent an “occurring” … not a “thing”.  It is
how something occurs to me that I name … although we often do not
think of it this way.)

Anyhow … I like the “claims based identity” since this is a nice
“two-way” model … I can make claims about my identity, and others can
make claims about my identity.  In both cases, it is up to the
recipient of the claim to do what ever verification that they feel is
appropriate.

Another important apsect of this is that a “claim” is in no way “true”
… it is merely a claim.  This relates to the topics of
reputation, etc. which are not something that a “person has”, but
instead are something that a “person is given”.  I am given a
reputation by others … they are the ones that say that I am a
particular way.  My actions merely occur in a particular way to
others …

Anyhow … I’m following things on a background thread and am about to
reprioritize.  I want to get the new identity code working within
our GoBinder product.  Our new version – GoBinder 2006 – is
going to hit the market this fall.

Kim … thanks for the great work!  I’m looking forward to leveraging your work!

Location as an identity claim.

Once you get your head around expressing identities as
sets of claims, you can easily imagine expressing a user’s location as
one of those claims. In the identity metasystem, the relying party
could indicate in its policy that it requires several sets of identity claims
one indicating who the user is, and another indicating where the user
is. The claims might come from different authorities (e.g. an
enterprise and a trusted location provider). These would be implemented
as two Security Token Services (claims transformers). Both sets of
claims, taken together, would identify the user from the point of view
of the relying party.

[Kim Cameron’s Identity Weblog]

Music Plasma

Clint Carlos showed me a Music Plasma tonight. It’s a very graphical version of the older FireFly Networks that was bought by Microsoft.
Music Plasma is a very cool site that allows you to enter the name of a
band, and it will show you a very cool graphical display of other bands
related to the band you searched for. The relationship is a
“people who like this band, also like these other bands” … and the
size of the bands graphic is the size of their following.

It’s a very cool way to find new music and to think about data
relationships. I have more that I wanted to say about this,
however I have to run …

Identity, Directories, and LID

I wish that I had more hours in the day.  I have been wanting to respond to an e-mail from Johannes Ernst (I swear I will!  I’m reading the LID docs again!) for weeks now … and I also wanted to reply to this post that he wrote the other day.

In his post, he comments on some of the comments that I made about
directories, and I wanted to clarify a couple of points.  He lists
three issues that I will address here:

  • LID is decentralized and does not depend on any
    directory (we’ll talk about some exciting consequences of that in a few
    weeks… stay tuned)

I am in full agreement, and my directory solution is also fully
decentralized.  Anyone that knew me at Novell during our years of
work on digitalMe knows that I was a maniac about a project out of our
labs in India called “Personal Directory.”  You can still go and download a copy
and check it out.  This is a full blown LDAP v3 directory service
that can run on your desktop.  In my perspective of how
directories can be integrated and used for identity, I do not believe
in “one big directory in the sky”, nor “a bunch of directories”, but
instead see these running everwhere.

As I started to read the LID documentation, I realized that I could
probably put an LDAP directory behind the LID protocols, and serve
information directly from the directory.  The benefit here is that
directories like this are already in use in thousands or millions of
businesses out there … so leveraging this existing base of identity
information just happens.

  • access control “down to the attribute level” is all fine, but
    unless the person owning the identity is in control, it won’t be used much
    (most directories I’ve seen are all-or-nothing things, and maintaining all
    of those rights centrally quickly becomes so expensive that few do it)

Yes!  This was one of the core benefits we were working on with
digitalMe … a way for users to manage their own identity, and also
the synchronization of their attributes – selectively – into other
personal and community directories.  The power that we were
exploiting was a standard feature of Novell’s directory implementations
… the ability to easily determine who could access/modify any object
down to the attribute level.  We then worked on automating the
process of a local agent keeping your identity information up to date
with the personal and community directories where you had defined a
relationship.

  • he doesn’t talk about how this would work across the boundaries of a
    directory, or an organization.

Hopefully, some of my explanation above reveals some of what we were
exploring.  With digitalMe, I would have my ‘personal directory’
where I would have an object representing me
to keep my own personal identity information, along with objects
representing friends, family, and associates that I have relationships
with.  Corporations or other communities would then have their own
directories containing objects representing the identities of their
members and associates … one of those objects might represent me if I
have a relationship with that entity.

As part of our redundancy and fault tolerance plans, we had also looked
to the future where I might also replicate my directory to other
computers (my home computer?) or hosted directories (a bank?) so that
there is no single point of failure or loss.

One of the areas that I really like LID, and to think about integration
with directories, is the layers of abstraction that can be
implemented.  I could easily modify the index.cgi (ok … if I had some spare time!)
so that it uses a directory to obtain the user attributes, instead of
the various vCard and FOAF xml files.  If the LID request also
passes through the credentials of the requestor, then the directory
would automatically return only the attributes visible to that
requestor.  If I still wanted the foaf.xml or vcard.xml files, I
could generate these dynamically on the fly – from the directory – as
an alternative.  In a business environment, there might already be
a directory that contains a great deal of information about me.

Overall, I really like what I see with LID … I’m going to continue
reading and maybe play with the scripts.  Maybe I’ll make the time
to do some modifications …  😉

Kim’s Fifth Law … common sense to many of us!

Kim Cameron posted his Fifth Law of Identity, and I was surprised that more people didn’t just jump in and agree. I was really surprised that Craig Burton didn’t jump for joy as the entire law parallels some of the work that Craig led at Novell years ago.

Kim’s new Law is as follows:

The Law of Pluralism:

A
universal identity system MUST channel and enable the interworking of
multiple identity technologies run by multiple identity providers.

This
reminds me of the original work at Novell on Open Protocol Technology –
OPT – which was when we began to support multiple application protocols
for file system access.

As a brief history, NetWare was a “next generation” kernel and
operating system when it was introduced to the market. For a
transport protocol, it used a variation of the Xerox XNS protocols that Novell renamed as IPX, SPX, RIP, SAP,
and others. On top of this transport (the equivilent of TCP/IP in
the Internet) was the application protocol for making file system
requests – the NetWare Core Protocol
or NCP. To simplify this, NCP can be thought of as similar to NFS
… a file access protocol. So where UNIX systems would use NFS
on a transport of TCP/IP, NetWare servers would be accessed from DOS
workstations using NCP on a transport of IPX.

The first step towards Open Protocol Technology – or a form of Pluralism – was with Novell NetWare v2 (actually it was version 2.15 in 1988!) when Novell added support for the Apple Talk Protocol Suite,
allowing Apple Macintosh computers to see a NetWare server as though it
were an Apple server. This was done by adding support for the
Apple transport protocols, and also the file protocols. So now
DOS and Windows workstations could access files on the server using
NCP/IPX, and Macintosh computers accessed the same files … using
their native tongue, the Apple File Protocol.

Soon after this, Novell added support for TCP/IP, NFS, and FTP with the
release of NetWare v3. It actually went even further when Novell
implemented the OSI protocol stack on NetWare. I still have a sealed box of NetWare FTAM which was the product where Novell implemented the FTAM file protocols on top of an OSI protocol stack!

In this example of “pluralism” Novell was able to create a product that
supported file system access via numerous transport protocols, and
numerous file access protocols. We had demonstration networks
showing where machines running DOS or Windows, along with
Macintoshes(?), and UNIX machines, were all sharing files on the
NetWare server. This was in 1989 through 1991!

If we fast forward to now this is a common feature of almost any
operating system! Even the Linux systems in use today have the
ability to mirror this type of functionality with multiple transport
protocol support, and projects like Samba, Netatalk, etc.

To me, this law is a very common sense approach to systems design and
allows for flexibility in implementations and usage. This makes
complete sense.

More hope for less spam … soon …
This appears to be some good momentum in the anti-spam area, as a good first effort to combat the problem. There are no doubt other proposals and standards that will emerge.

This specific solution will force companies to define their mail servers in DNS in a way that allows them to be held accountable for spam. This will provide a way to deny e-mail from being received, if the source of that mail can not be tracked down. It’s a very good start.

eWEEK: New Anti-spam Initiative Gaining Traction. A grass-roots movement to improve the SMTP protocol that governs e-mail traffic is gaining acceptance, and its lead developer hopes to get fast-track approval by the Internet Engineering Task Force to make the emerging framework a standard. [Tomalak’s Realm]

Virtual Annotation … Aura at Microsoft
This is one of the Microsoft projects that I have been reading about and studying for the last week or so. I believe that this *is* going to be a big deal.

A number of year ago, some friends and I were reading an article in Wired magazine about “Virtual Graffiti”. The idea was that as more people in the future are wearing “augmented reality” glasses (glasses that allow a computer to overlay additional information into your view) then “Virtual Graffiti” becomes possible. I can simple “draw” a picture on a building, or add my comments to a sign using specialized software. The graffiti will not actually exist on the building or sign, instead being stored on my server on the Internet. Other people, when tapped into my server, would then “see” my graffiti when they looked around the world.

Aura research is moving in this same direction … and beyond. They are using a wider range of input devices to allow for the identification of an item or place, and then allowing for others to add annotations or information to that item or place.

This is another good article about Aura … and this is another good article.

This is extending our ability to “see” more about something we are near or can “scan” … adding to the saying about “… more than meets the eye!”

ETCon 2004: Eat Me and I’ll Kill You. Every product has a story to tell and some of them say “If you
eat me, I’ll kill you.” So says
Marc Smith,
Microsoft’s resident sociologists. Marc is describing a research
project called

AURA
. Combine a PocketPC, a barcode reader, and Wi-Fi or mobile
wireless and you’ve got the ability to find out lots of information
about any product with a barcode. The project maps barcodes to
names. Once that’s done, all kinds of things are possible: [Windley’s Enterprise Computing Weblog]

More power in your phone
This is another great presentation … and I really like the “miniGPS” link that Phil posted. Over the last week or so I have seen numerous new applications for Cell Phones that are really extending the capabilities of the phone. GPS and Location Based Services are the biggest.

The miniGPS link is really fascinating as they are using a completely different model for location detection and notification. They have an application that monitors the actual cell towers that you are connected to, and the signal strengths. They then allow you to assign events to particular towers, etc. The example that the author uses is that his phone will alarm when it comes into the cell near his house … notifying him that his train station is coming up …

Kill Apps for Your Cell Phone. Rael Dornfest and others are talking mobile hacks. There was lots of fun things, but here’s a few killer cell phone apps I didn’t want to lose track of: [Windley’s Enterprise Computing Weblog]

Digital Communities, their Laws and Hierarchy
I would have liked to hear this presentation. This is covering an area that I am very interested in … digital identity and digital communities.

The hierarchy within a digital community is extremely important to maintain order, and to prevent chaos from spreading. If there is no hierarchy and “law” then the community will collapse. This looks like it was a fun presentation!

ETCon 2004: Robert Kaye on Social Networking-Based File Sharing Networks. Robert Kaye (slides) is describing social network file sharing systems.
The primary purpose of the social group is to share, discover, and
protect network. He proposes a hierarchy or tribes, chiefdoms, and
states with leaders at each level and “tribal elders” who set the
policies about who gets in. This sets the trust network. [Windley’s Enterprise Computing Weblog]