Convener: Gordon Rae
Notes-taker(s): Ben Werdmuller von Elgg
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Privacy and identity are intrinsically linked. We should not think of networked identity as who we are, but as a mechanism for telling services what they need to know about us.
In Europe, whether you have data protection rights is based on your identity. At Vodafone, they're finding that this is a false dichotomy, and they're exploring the privacy implications of any piece of data as well as identities as a whole.
Respecting peoples' privacy is important commercially as well as ethically; users will be turned off if they have to reveal too much, but services need directed piece of information (eg age, medical history, etc).
Trusted intermediaries could help validate claims of specific information. Think social location services, which are free but have age requirements for safety reasons. Credit cards and phone numbers aren't enough, as they can easily be stolen, and prepay phone customers don't provide enough data.
How do we trust intermediaries? Social reputation doesn't work. Think ebay: the reputation system there is a source of constant conflict internally, and there are all kinds of subjective reasons for negative feedback. And for vital information like age or gun ownership, for example, social reputation isn't trustworthy enough.
For some assertions, a Boolean response is enough: it's either true or it isn't. Is the user over 18? Other times, it's a more holistic assertion that a set of data or assertions are accurate - or mostly accurate, etc. The trouble is, this could encompass infinite knowledge domains, and you don't want to limit the usefulness.
Could questions perhaps be asked of a person / source and then digitally countersigned by a domain-specific trusted party, using a standard API? Could, for example, OpenID be used as a basis to develop a decentralized digital notary system?
This is one way we could assign trust in an assertion, without necessarily assigning trust to the assertion's owner, and without creating a reputation that will follow the user around for the rest of his or her life. (University library identity providers work this way, by asserting to journals and information services that a user is a valid student.)
When a trusted party verifies some data, it's important to be able to tell that party if the information turns out to be inaccurate, or if the user behaves badly within the domain. It's also a good idea for that party to be able to announce what other information it can vouch for, and for they themselves to be able to recursively delegate that trust.
If identities are centrally stored, the kinds of information within them are naturally limited. Rather, identities could be considered to be a tethered collection of assertions about a person, each of which could be stored in a different place.
Assertions might have lifetimes, or need to be revoked. They could be timestamped, and in any event APIs - where you constantly check back to a source - are more secure. But delegation here is also important, in order to avoid single points of failure for each piece of information.