Russ Savage: Digital Identity

Thu, 24 Apr 2003 10:57:24 GMT

DNA Fingerprinting for All!. The inventor of the modern forensic technique says that everyone's DNA, not just criminals', should be recorded in a massive new database. Sir Alec Jeffreys cautions, however, that such a database should be administered by an independent agency, not the police. [Wired News]

Tue, 15 Apr 2003 01:19:38 GMT

Web services, ID management dominate RSA show. LibertyAlliance readies framework [InfoWorld: Top News]

Sat, 05 Apr 2003 01:20:40 GMT

"The pieces of our identity are increasingly scattered across those companies and institutions with which we interact online. Banks, credit card companies, brokerage firms, the department of motor vehicles, insurance companies, government agencies, telephone companies -- the list is growing. Pieces of our identity are doled out across the many computer systems and networks used by our employers, ISPs, bulletin boards, instant messaging systems, and online businesses, all with little coordination, interaction, or control on our part.

"Creating a federated identity infrastructure is the key to correcting this situation...."
XML.com: The Liberty Alliance. Paul Madsen provides a technical overview of the Liberty Alliance phase 1 architecture and a glimpse at phase 2.
Phase 2 also includes the introduction of Liberty Alliance Identity Services Interface Specifications (ID-SIS), a collection of specifications built on the ID-WSF. These specifications will provide a standard way for companies to build interoperable services like registration profiles, contact books, calendar, geo-location, or alert services. The first service interface specification to be introduced is the ID-Personal Profile, which will define a basic profile template that can be used to build a registration service.
[Scott Loftesness]

Thu, 03 Apr 2003 01:44:10 GMT

Simon Pugh on identity management and Liberty Alliance.
... [Jon's Radio]

CTO Forum: Tackling identity. LibertyAlliance spotlighted
Pugh said he has learned the hard way how malleable an online and electronic identity is once he moved to the United States from the United Kingdom a few years ago and was forced to start a new identity from scratch.

"All my records I built up [over a lifetime] in the U.K. didn't mean anything in the U.S. ," said Pugh. "It's a network world and more and more people desire to interact with services and remote services and networks... managing those identity services in a distributed fashion is an extremely great challenge."
[InfoWorld: Top News]

A good read on the two poles of digital identity & why we need both

Sun, 30 Mar 2003 21:40:51 GMT

Jamie Lewis: Ends and Means - Identity in Two Worlds. Jamie Lewis of the Burton Group updates his thoughts about digital identity following PC Forum.
Reflecting on my experiences at PC Forum, I became keenly aware that two evolving worlds understand each other poorly, and how, perhaps, digital identity is the subject that will allow (or force) them to understand each other.
Lewis goes on to describe the world of ends (consumers) and the world of means (big companies). Although they interconnect, they're really two different worlds and a common digital identity solution that spans all of the needs and stakeholders is unlikely. [Scott Loftesness]

Wed, 26 Mar 2003 12:02:11 GMT

Face recognition gets lift, says U.S.. Spurred by two federal antiterrorism statutes, the Commerce Department releases a study showing that face-recognition technology is hitting its stride. [CNET News.com]

Wed, 26 Mar 2003 02:36:07 GMT

Scanning the future of privacy. Engineers who design biometric technologies and Internet authentication mechanisms should take more aggressive steps to preserve privacy, a new government report says. [CNET News.com]

Not new, just better understood

Tue, 18 Mar 2003 14:22:25 GMT

Don Park: Signing with voice. Don Park is exploring digital signatures based upon your voice. I've always been intrigued with voice as a biometric because of the ability to simply use existing "reader" infrastructure, i.e., phones. [Scott Loftesness]

Most of us have had that phone conversation where we're told it may be recorded. We're then asked to identify ourselves and as the conversation continues we are asked to say yes at certain points - think of how this parallels filling out a form and signing it.

Mon, 17 Mar 2003 11:59:22 GMT

Who's Winning Privacy Tug of War?. Businesses want customers to give it up. The government can't make up its mind. And consumers just want e-mail inboxes free of junk. The battle over electronic privacy is as hot as ever. Michelle Delio reports from Washington. [Wired News]

Sat, 15 Mar 2003 12:28:02 GMT

Biometrics in Financial Services: New Glenbrook Research. My partner, Allen Weinberg, has just completed a new research report on Biometrics in Financial Services.
This advisory report investigates the fit of biometrics to financial service applications, looking first at market structure, key biometric concepts, and common misconceptions before moving on to explore potential application areas in financial services and adoption challenges.
[Scott Loftesness]

Wed, 12 Mar 2003 12:43:07 GMT

Liberty Alliance: Introduction to the Liberty Alliance Identity Architecture. The Liberty Alliance has published an Introduction to the Liberty Alliance Identity Architecture (pdf) white paper. [Scott Loftesness]

Burton Group: Reinventing PKI. Jamie Lewis writes about reinventing PKI in the context of federated identity.
The point here is that SAML, Liberty, and federated identity efforts are starting to define the real-world use cases for trust and authentication, something that X.509 PKI never really delivered. Without this kind of meat on the bones, PKI was a non-starter. In one sense, then, federation is an application that can leverage public key security for trust. But federation as conceived by Liberty and SAML does not require "in your face" PKI. Rather, it embeds public key security in the infrastructure, making it more usable. Other applications and infrastructure - such as transaction systems and VPNs - can also leverage embedded public key security. There is no grand "PKI in the sky", just sensible incremental use of public key security, which will remain a vital enabling capability.
[Scott Loftesness]

Fri, 07 Mar 2003 12:24:34 GMT

DNA as Identity
This KSL TV news report is about Clearfield police filing charges against an alleged rapist based on his DNA. The catch is that they have no suspect; no person who the DNA belongs to. Just the same DNA in two rapes. The name on the charges will be "John Doe." This is an excellent case study in identity. [Windley's Enterprise Computing Weblog]

Technology doesn't change human nature, it changes the opportunities to express it

Fri, 28 Feb 2003 11:07:09 GMT

Monster.com Warns About ID Theft.
"Internet job board Monster.com, acknowledging a growing problem for online career sites, is e-mailing millions of job seekers, warning that fake listings are being used to gather and steal personal information."
[source: Wired News]

The core vulnerability appears to be when jobseekers respond to listings and provide their credit card numbers or social security numbers. Another risk is getting involved in shipping materials overseas that are prohibited from being sold outside U.S. borders.

and then there are errors in transmission

(Big) Red Faces at Cornell Over E-Mail Error
"Virtually everyone who has used e-mail knows the feeling: You press the send button and realize that you just sent something embarrassing to someone by mistake.

"That happened to Cornell University on Wednesday: It sent welcoming letters to 1,700 high school students who had submitted early-decision applications, including nearly 550 who had already been rejected in December." [source: New York Times]

Mon, 24 Feb 2003 11:10:05 GMT

Apply Moisterizer Only After Gaining Access. No biometric system, used to limit access to a restricted area or equipment, is perfect when it comes to identifying everyone. By Barnaby Feder. [New York Times: Business]

Fri, 14 Feb 2003 10:32:23 GMT

Smart Card Alliance: Smart cards can protect privacy. The Smart Card Alliance has released a new white paper, Privacy and Secure Identification Systems: The Role of Smart Cards as a Privacy-Enabling Technology.
"Smart cards provide a powerful tool for protecting an individual's privacy," said Robert Donelson, senior property manager of the Bureau of Land Management at the Department of Interior (DOI). "For those who have access to private information, smart cards ensure only legitimate users can access information, and they can only access the information they need to do a specific task. Other information that may be in the system can be kept confidential. Of course, privacy must be protected throughout the system, not just at the card level."
[Scott Loftesness]

Fri, 14 Feb 2003 10:27:42 GMT

"One of the prices that we pay for the convenience of using services, rather than owning products, is the burden of repeated authentication."

Why Digital Identity Matters. Jon Udell is pointing to column he wrote in 2001 that reviews Jeremy Rifkin's book The Age of Access. In Jon's column, he gives what I think is the most succinct explanation about why digital identity matters: [Windley's Enterprise Computing Weblog]

Fri, 14 Feb 2003 01:47:43 GMT

Criminals using high-tech methods for old-style crimes. Technology is helping organized criminals target legitimate businesses and their customers, according to experts. [Computerworld News]

Organized crime rings that employ people with violent criminal records are increasingly trading their automatic weapons for automatic software tools that enable them to conduct a wide array of white-collar crimes such as identity theft and fraud....

During his more than 20 years with the NYPD, Doyle said he investigated many cases where criminals were quick to try out new technologies to commit old crimes -- what he called "old wine in new bottles."

In one case, security guards at New York's Macy's department store were stopping customers as they exited the store and stealing their credit card numbers off of their receipts....

Thu, 13 Feb 2003 12:12:32 GMT

GovExec.com: Funding delays stall expansion of online identification. Maureen Sirhal reports on funding delays affecting the GSA's e-authentication project. [Scott Loftesness]

Sat, 08 Feb 2003 13:32:55 GMT

New laws put new rules on ID management
By Bill Malik, ComputerWorld, January 29, 2003

Identity management is more than just granting and revoking user access to business systems. With the introduction of new auditing practices and regulations by the federal government, businesses are being held accountable for the security of their users' personal information.

Identity management now needs to manage how personal information, such as names, addresses, Social Security numbers and salaries, is changed and distributed while also ensuring that the individual's privacy is protected.

He discusses

Permission- vs. profile-based information
Distributed information ownership

Thu, 06 Feb 2003 12:32:05 GMT

FCW: GAO flags smart card challenges. Federal Computer Week reports on smart card experience in the US government.
Prepared for Rep. Tom Davis (R-Va.) chairman of the Government Reform Committee, the report said that the 18 agencies have initiated 62 smart card projects among them. Most of them were small-scale demonstrations until the past two years. Since then, some agencies ? notably the Defense Department ? have launched much larger implementations. "While the technology offers benefits, launching smart card projects ? whether large or small ? has proved challenging to federal agencies," the report states.
The full GAO report is available here, highlights here. [Scott Loftesness]

Mapping Physical Space & Digital Space Together in Our Personal Virtual Space

Wed, 05 Feb 2003 01:33:32 GMT

BuddySpace. Now that the notion of presence is beginning to infuse our electronic communication, an inevitable next question is: presence where? Marc Eisenstadt, chief scientist at the Knowledge Media Institute of the Open University in the UK, wrote to show me a Jabber-based system called BuddySpace that locates presence indicators on maps. In the map shown here, Marc (top row, third photo from right) is present in the office, but idle. Martin Dzbor (bottom row, far right), KMI's "chief presence architect," is present and active. And that little dot on the US map, in New England, is me, present and active. ... [Jon's Radio]

Ah, the visual image giving us an anchor! A grounding that wires the digital into our mental image of space and sense of presence!

Tue, 04 Feb 2003 01:54:35 GMT

Eric Norlin writes on The Coming of Governmental Identity
February 03, 2003
The site summary: "In the wake of the Columbia tragedy, Eric writes about the government's ability to innovate and explore in ways that most corporations do not or cannot. The area of identity and government is one of these, and Eric looks at the buildout of governmental identity infrastructure that is underway."

Mon, 03 Feb 2003 12:07:19 GMT

"Telepresence is a power tool for identity management. If I can hear you and see you, I can authenticate you." Jon Udell

Convergence of identity. As with standards, the problem with convergences is that there are so many to choose from. When the subject is digital convergence we often start with devices and media, which leads to a barrage of questions: Can I watch movies on my notebook PC? Can my Bluetooth cell phone double as a modem? Can my Internet connection replace my long-distance phone service? Increasingly, the answer to these questions is yes. But it's often hard to see the forest for the trees. There is an organizing principle here, identity, but it too is plural. Users, devices, networks, and services all have identities. More than convergence of devices and data types, it is a convergence of identity that we seek. [Full story at InfoWorld.com.] ... [Jon's Radio]

Jon's "User-centered convergence" graphic shows the inter-relation of person to environment (groups, devices, data, channels). Now what happens when we turn that around? When we look through the channels from the other end and try to sort out what data goes to who in what group? "Why don't we have your devices talk to my devices?" What are the mechanisms to define what they're allowed to "talk" about?

Sat, 01 Feb 2003 12:30:37 GMT

Walk offers clues to identity. A new technique of personal identification is being developed that uses computers to analyse the way you walk. [BBC News | Technology | UK Edition]

Windley on Identity Management

Fri, 31 Jan 2003 01:59:20 GMT

NECCC Paper on Identity. NECCC is the National Electronic Commerce Coordinating Council. You may think, given the name, that its about business, but its really about eGovernment. It just sprung up before the term eGovernment was in vogue and back then, eGovernment was called eCommerce by folks. They have a comprehensive paper on the identity problem which lists current Federal laws as well as those of California (which is seen as a bell weather state). It also talks about options, and how governments could respond. They're more ecumenical than I was in my article in Digital ID World. As an aside, the paper says that its target audience is elected officials like Governors. If so, its 67 pages too long. [Windley's Enterprise Computing Weblog]

On the Topic of Identity.... As long as we're on the topic of identity, I just read Andre Durand's paper on The Phases of Identity Infrastructure Adoption at Digital ID World. Andre's done a great job of laying out the problem and arguing for an adoption path that leads to acceptance of an individual's control of their own digital identity (an odd sounding phrase if you haven't read the paper). [Windley's Enterprise Computing Weblog]