Global Troubles

10 Dec 2005

Last months I tought a lot about LID, SXIP, ISSO (based on i-names that are based on XRI) and other similar "identity" systems. The recent posts by Drummond Reed, Phil Windley, Eric Norlin and others indicates that these systems got some traction. That's quite interesting. Why?

All of these systems use global user identifiers (URL, XRI, GUPI). People get some of these identifiers and then use it to log into different web sites. Nice and easy for the user, but terrible for privacy. The different web sites may easily collude and join their data about user, using global identifier as reliable correlation key. How would you like if an on-line flower shop (that you used to send flowers to your friend) would collude with "adult entertainment" site. The "adult" site may learn from the flower shop your real name (from credit card data) and shipping address that you used for sending flowers. The site may provide you with "better customer service" by sending a spicy catalog, personalized exactly to your needs (and with your name on it) to the address you used for shipping flowers. Surprise guaranteed.

The global identifiers used there are on-line equivalents of SSN, with most of the SSN drawbacks. The attribute protection mechanisms implemented by "identity" systems does not help here, as the data are already out at service provider's systems and are not in control of "identity" system anymore. Yes, you may create several "personalities" by using several global identifiers, but the management of these different accounts may soon become very difficult. And even that does not help much. Imagine, that you make a mistake and login to the "adult" site with your "civil" account. That alone leaks some information, that you might not want to be leaked. And if you logout and login with the other account, it may be easy to correlate these two accounts (cookies, IP addresses). And great part your privacy is lost ...

The use of randomly generated identifiers that are shared only between Authentiation/Identity Provider and one Service Provider (as it is in Liberty case) may help a bit. It limits collusion an such way, that the Identity Provider must be one of colluding parties. That may be more acceptable is some cases (but not everywhere).

But neighter of these approaches is ideal. There must be something else to look at, some better solution. Or maybe we are chasing ghosts and people does not really want privacy, after all ...

Disclaimer:
Don't get me wrong about XRI. I don't see anyting bad about XRI (as I don't see anything bad about URI either). I must admit that the more I know about XRI the more I like it. But I don't like i-names. That use of XRI somehow does not feel right ...

Hic sunt dracones

Global Troubles

Related Posts

Ten Years of Evolveum 20 Aug 2021

Ten Years of MidPoint 10 May 2021

How To Make Technology Presentations 20 Sep 2020