Cross post to Phil Windley's DAY 2 IIW2005

Phil,

Btw, great IIW2005 event! On Day 2 I was thrusted to the front in organizing the PodCast for IIW2005 that focused on this very issue. Identity imho is what defines who you are, statically with an id issued to provide services by claims and dynamically with the use of these static ids to gain products/services through barter or other commerce... Back when I did my minor in Modern Germany from the Weimar Republic, I referenced heavily a work by a Harvard fellow, Dov Ronen, entitled __The Quest for Self-Determination__. In this book he discusses how groups form, first to assist one another to survive and secondarily then and more primarily now to satisfy the sense of belonging. This first type of group is called "functional aggregates." When a resource is constrained between two or more functional aggregates, these groups begin to conflict, resulting in a transformation to a "conscious aggregate." His study imho brings further clarity into the concept of identity - individuals and groups both have identity and are mutually inclusive and require one another for their respective definitions. The groups take over and begin issuing static ids of which the constituents use to "run" their life - basics, entertainment, religious, etc... Again, the "dynamics" define the "real" individual, which results in a pool or trail of privacy data... I have begun to develop these thoughts on my blog http://robmarano.blogspot.com

Joaquin Miller, Scot Lemon, Paul Trevithink, Bob Morgan, Alain Bloch, Jair, Gabe Walker, and Scott Mace were present at the IIW2005 podcast on "defining identity..."

let's keep this great dialog going, for without a common agreed-upon lexicon on digital identity, we'll find it difficult to actually communicate as engineers in developing the collaborative pieces of this difficult but all-too-important puzzle / conundrum - digital identity to help fuel the Internet as THE channel of people's life!

/rob

Internet Identity Workshop 2005 (iiw2005) DAY 1 - 26 October 2005

Hi all,

[in vivo thoughts....from speaker to my brain to you..]

So having completed my journey to Berkeley, CA, I am now sitting and participating the IIW2005. Thanks to Phil, Kaliya, Drummond, and Doc for arranging for this. I'm honored and happy to participate...

Till now, I have sat through 6 presentations and thoroughly enjoyed the topics, especially the Q&A- even the IRC channel! However, one "gaping" hole I see so far is a lack of deep discussions on authentication - proving/validating/verifying the actual identity. As Art Coviello, CEO of RSA, stated, his company's solutions authenticate the possession / knowledge rather than the actual person. Biometrically-enabled authentication is the only way to prove irrefutable positive identity. I understand the vastly important need for infrastructure, standard data and message transports, et al, for identity management. However, the discussions have been sparse about strong authentication. As important as the former, we need to discuss how biometric data will be (a) integrated into this thought-leading identity infrastructures, (b) protected from attack vectors, (c) remediated against compromised identities, and (d) audited by authorities if required. I'll stay tuned and see if we begin to detail these important concepts...

Another key thought on identity is the access to critical, sensitive information. Today's transaction systems and processes required "regurgitated" critical and sensitive information, e.g., full name, SSN, address, driver's license number, etc. I wonder why cybercriminals are trauling the net (using SabaSearch.com et al) and targeting identity aggregators (credit report agencies, large retailers, CC companies, etc)? Simply because that's where the pointer to money is! ;-) Leveraging the Internet's network effect, cybercriminals can use millions of records to attempt fraud... More numbers, more chances to hit a gold bar. Their ally remains the use of static identifiers "regurgitated" to service providers to convert to an account then pilfer the account in another's name without positive identification. Therefore, if the critical, sensitive information for consumers is made impotent without positive, biometrically-enabled authentication, we "remove the sting" or value of that information, possibly curbing id theft...

Just something to think about...

More to come after I complete today's sessions...

/rob