Both Paul and Robin beat me to this ...

The recently published report by Burton's Bob Blakley summarizes the result of an interoperability testing fest at the Burton Catalyst conference earlier this year. This venue was a great success for the Windows CardSpace identity system, since it was the second OSIS event where a variety of open source projects and closed source commercial products demonstrated a significant level of interoperability. Given the early and evolving state of the InfoCard system, this is a great success for all parties involved.

However, Bob is somewhat mistaken in parts of his article:

"The interop participants accomplished in two months of concentrated effort what it would probably have taken them a year to do working independently without the looming deadline provided by the Catalyst demo."

This is not quite correct - the Catalyst interop fest was the second such event organized by OSIS. The first one was held earlier at the Internet Identity Workshop 2007. Results and blog reports on this can be found all over. Having been a member of OSIS for some time now, I find it a little unfair that this interesting (un)organization - that certainly had its ups and downs - is not given the credit it deserves.

"While it is still fair to say that user-centric identity technology is in its infancy, if progress continues at this rate the technology should be ready for enterprise adoption within a year."

I am surprised to see such a bold statement, especially since even some of the core developers and architects not quite happy with the term "user-centric identity". Let's just step back and start to count how many glossaries, lexicons, and lists-of-used-terms define digital identity, identity system, user, and user-centric in different ways with sometimes completely different semantics. Predicting enterprise adoption within a year seems a little overly optimistic to me, especially if we consider that there are still a number of significant issues even within the reference implementation of the InfoCard identity system.

As Mark Wahl has pointed out earlier, most of the issues encountered during the second OSIS interoperability fest are related to the lack of proper schema management for attributes and their semantics [1]. The only project in the Infocard system currently working on these issues is Higgins, with their use of OWL (although some people might argue that this is technological overkill).

Outside of the InfoCard system, there have been other efforts to get to at least some standardization of attribute interpretation (SAML attribute profiles, which work nicely with LDAP/X.500 and XACML and other likely sources) and work is being taken up by Liberty to standardize identity attribute sharing rules (e.g. the IGF/IDG work, based on CARML/AAPML).

At the end of the day (closing the loop and coming back to Paul's and Robin's point): Even though there have been a number of different products and projects that successfully worked together, this technology is a far cry from being an identity meta-system. Multiple-protocol interop on the wire would be a true metasystem, and is a goal that various systems -- Liberty, OpenID, and Windows CardSpace included -- would need to work on together. Concordia is (probably more than) a first step towards this goal.

tag: identity, IIW2007, interoperability, InfoCard, WCS
 
[1] Obviously a lesson well learned through the LDAP and - even worse - LDUP discussions.

Here is a thought on privacy in Germany: it often appears that privacy protection is taken very seriously in Germany and citizens have decent control over who gets access to their personally identifiable information. I was under that impression myself for a long time, until a discussion with a friend prompted me to take a closer look at the situation.

I was extremely surprised to see how little privacy protection actually exists in Germany - with respect to the government. It is true that the federal data protection act ("Bundesdatenschutzgesetz") puts a lid on obtaining, storing, evaluating, and disseminating personal data, especially for the private sector. In general, the "opt-in" principle is followed, where the data subject must give express permission to collect or store PII, and has the right to recall such permission at any time. However, this federal law also makes it clear that some or all of these provisions can be lifted by specialized laws.

One set of these laws limiting the federal data protection act are the laws requiring every person living in Germany to register with city hall when taking residence ("Meldegesetze"). These laws actually precede the data protection laws and allow the registration agency ("Einwohnermeldeamt") to collect and store the following attributes:

1. all names (including former names, pseudonyms, etc.) and academic titles

2. DOB, place of birth, sex

3. addresses (all current and former), including the dates when they changed

4. legal guardian(s), including addresses, DOB, date of death, titles, etc.

5. all citizenships

6. religious affiliation

7. marital status, including dates and reasons for changes

8. spouse (including names, titles, DOB, date of death, all current and former addresses)

9. underage children (again, names, titles, DOB, ... you get the idea)

10. date and place of death

11. restrictions for releasing this data

12. eligibility to vote in national or European elections

13. tax relevant data (including religious affiliation of spouse)

14. unique tax ID (as soon as its issued)

15. weapon permits, demolition permits

All this data is - more or less - freely accessible to any government agency, including the German internal revenue department and federal tax agencies, welfare offices, motor vehicle registries and licensed religious institutions.

In addition, the registration agencies will release your core data (names, titles, addresses) to any thrid party that asks without notifying you. If said third party has a reasonable interest (e.g. they claim you owe them money) the authorities will release pretty much all the information about you with the exception of 6, 9 and 11-15.

Other government agencies (besides the registration authorities) may collect, store, and use more data from you. An interesting example are the tax agencies, who can automatically obtain your records at any financial institution - without a warrant (they police themselves) or telling you or the banks.

At the end of the day you have almost as little privacy and freedom from government (and private sector) intrusion in the "holy land" of data protection rights, as you have here in database country. To some extend you might even have more freedom in the U.S., which has not only a very vocal privacy advocacy community, but has also already gone through the disaster of raging ID theft.

tag: identity, privacy, policy

Totally unrelated to the usual topics, but still interesting (IMO): I have been really into multi-channel high-definition music for some time now and really enjoy SACDs and DVD-Audio discs. Chances are that you haven't eve heard about these formats yet, since the content mafia music industry decided to introduce these very exciting formats with no marketing at all. Both have been around in force since about 2001 and they deliver (sometimes) excellent 5.1 surround music in extremely high definition: 

• DVD-Audio (PCM)
  
• Stereo: up to 192 kHz/24 bit = about 4.3 times the frequency resolution of the Audio CD and 144 dB theoretical sound to noise vs. 96 dB with the Redbook CD (that's 256 time better).
  
• Surround (5.1 discrete channels): up to 96 kHz/24 bit - still more than double the frequency resolution than Redbook Audio CDs and 28000 Hz above the best human perception.
  
• These high-resolution formats are contained in the DVD-Audio section of the disc that CANNOT be read by a "normal" DVD-Player. You will need a special DVD-Audio or Universal player for this.
  
• DVD-Audio discs most often also have a DVD-Video section that typically contains the stereo track in standard 48 kHz/16 bit PCM stereo and sometime a DTS or Dolby Digital version of the surround mix. This section is playable in any standard DVD player.
  
• DualDisc DVD-Audios have two sides - one containing the DVD-Audio side, the other containing a CD Audio side.
  
• SACD (DSD)
  
• Instead of the usual PCM encoding, the SACD uses DSD encoding which is significantly different from PCM by using a single bit quantization at a relatively high sampling rate (2.8 MHz - yes, MEGA Hertz). The claim of the DSD fans is that the demodulated signal is closer to an analog signal when compared to PCM encoding. Opponents complain about the more limited S/N ratio at high frequencies, artifacts of the (necessary) noise shaping and - in general - about a too low sampling rate in the SACD specification.
  
• SACDs must have a stereo DSD track and most often also have a 5.1 surround DSD track. These tracks can only be read by SACD players (or universal players). Most times, the signal is only available as an analog signal, although there are some players (Denon 3910, Oppo, PS3) that convert the DSD signal into high resolution PCM and send it over HDMI to the DAC or receiver.
  

While DVD-Audio is most common in popular music (e.g. Talking Heads re-release on DualDisc), SACD is most common with Classic titles. Since the have had such a slow start from 2001 through 2006, many early adopting labels have either stopped DVD-A and SACD production completely right now, or are only releasing obscure titles or only a very limited selection. Notable exceptions to this are (in the Classical world): Tacet, MDG (DVD-Audio); Pentatone, Channel Classics, BIS, Alia Vox (SACD). Please check my del.icio.us links for online retailers.

Going forward, I expect that SACD will get a lot of attention, especially from the labels (see e.g. the Genesis re-releases on SACD). The reason for this is quite simple IMO: SACD the the *ONLY* format that has not been hacked so far - all others (including BluRay and HD-DVD) are copyable. And I think that this will stay like this for quite a while for the following reasons:

• There is no SACD drive for computers - that makes hacking infinitively more difficult.
• The copy protection mechanisms are not very well understood.
• There is no known way to create a SACD at home that can be played on a stock SACD player.
• Even if the SACD was hacked, there is virtually no mainstream hardware and almost no software support for DSD, making the digital data very mainstream unfriendly.

You might argue that you could sample the analog out at 96 kHz or better or capture the converted PCM from some hacked HDMI conversion player. All this would require a lot of expertise and probably some fairly expensive hardware, again making this approach not attractive to the mainstream user.

No even if you overcame all these hurdles, you'd need to play the 5.1 96KHz track somewhere. The only easy-to-use solution today is the creation of a DVD-Audio disc (which is not trivial or expensive). Alternatively, you would need a decent PC with a 6 analog out and some knowledge to configure the soundcard(s) properly ... not mainstream user, again.

Instead, they would simply copy the RedBook data from Hybrid discs and be happy. Therefore, I think that at least the SACD will survive the HD wars.

tag: DVD-Audio, SACD, High-Definition, Audio

I recently decided to join facebook (to be precise, right after reading Lauren's blog). So far it seems like an interesting little social tool, that benefits hugely from it wide support in the academic community.
What make facebook really interesting (in my mind) is that it is actually an application platform or - to use a now unfashionable term - a programmable portal.
THis feature really enable facebook to mash-up all kinds of services (Amazon, Dopplr, Google Maps, del.icio.us, to name a few) and present them in a fairly simple UI to users.
A downside (at least right now) in my mind is the insane default privacy settings: If you do not change your default privacy settings: If you do not change your defaults, your data is pretty much exposed to anyone, anywhere (especially since joining a regional network is rather uncomplicated). While this might have some appeal for college students, it is the single biggest issue that I have with facebook - and probably one of the most important reasons why facebook (and MySpace and other social networking tools) got a fairly bad reputation. Sharing personal information by default without EXPLICITLY opting-in is a bad thing.

Interestingly enough, you can extrapolate from facebook et al. to legal standards in general: While the U.S. has largely an opt-out approach to sharing personal information, the E.U. take a much more restricitve opt-in approach^[1].

tag: facebook, privacy, policy

[1] Except when dealing with the various governments - in that case there is pretty much no opt-out at all available for European citizens (e.g. the German GEZ will be able to get all kinds of very personal address history data from town halls and central agencies).

We all know that there is little agreement on the definition of identity, digital identity, identity (meta) system(s), user centricity, etc. There are probably as many definitions of these terms out there, as there are actors playing in this market. While many of these definitions are somewhat similar, there is still a significant semantic gap between how the various "clans" are using them and which terms are the "correct" ones: Just think about the debates around relying party, service provider, and consumer or user agent, and browser.

Traditional Digital Identity

 I would like to go back to one of the more common definitions of digital identity. For some time now, I have been operating on the notion that a digital identity is - essentially - a collection of attributes. For example, your digital identity probably has attributes such as name(s), addresses, phone numbers, email addresses, etc. The collection of these attributes - accessible in a machine processable form - constitutes a lot of knowledge about you.

On Identifiers and System Specific Attributes

While not central to the theme of this article, it should still be noted that the user name (or – more generally – the identifier) is yet another attribute in itself that might change. To limit the number of attributes, an identity system might also decide to use an existing attribute that can be taken to be sufficiently unique (e.g. an email address) for the user name/identifier.

In addition to the identifier there may be more attributes that arise through the use of a particular identity system. These can be system internal attributes guaranteeing uniqueness (e.g. GUIDs) or pseudonymous identifiers used with individual relying parties.

All these additional identifiers might be random. Yet, through their usage in the identity system they are tightly coupled to are particular digital identity and they should be treated with the same importance and privacy awareness as any other personally identifiable attribute.

Cryptography

In many cases, this collection is accompanied by some cryptographic keying material, often in the form of a public/private key pair. As the 'owner' of this digital identity, you typically have access to the private key and you can use it in transactions to prove that it is you (i.e. the 'owner' of the digital identity and its keying material) who participated in this transaction.

Derived Statements

Depending on the context of this digital identity (some people might want to call this context an identity system, federation, or identity meta-system), you [1] can create statements about your collection of attributes that do not necessarily contain all the information about your digital identity, but only a subset: for example, you might be able to create a statement about your email address and name and nothing else. Or it might be handy to create a statement about the fact that you are over 21, without disclosing your actual age or birth date.

Issues

Overall, this concept of a digital identity was - and still is - quite useful in many cases. It has a lot of built-in flexibility and can be applied to a very large number of problems.

The problem with this view is trickling up to the surface, as soon as we get concerned about the privacy of the different actors in this definition. It is quite clear [2] that within the world of this definition privacy breaches are quite easy: As soon as parts of a digital identity become known, these parts (or attributes) can be collected in databases and sold to those who are interested. This fact has already resulted in the massive disruption of email through spammers. Going forward, it is all too easy to imagine a world where private data collectors or nosy governments collect more and more attributes and information about a person's digital identity[3].

Identity By Relation

I am starting to think about identity (and in particular digital identity) in a more dynamic way:

A digital identity is a collection of relations to (i) itself, (ii) other digital identities, (iii) external entities. These relations can, but do not have to be decorated with one or more attributes.

One of the benefits of this definition is that it becomes intuitively clear that a single digital identity is not necessarily stored in a single place, but much more commonly in a number of different places. This decentralization is a crucial building block for creating a world with strong privacy by segregating as much data as possible by design. At the end of the day, it will be (almost - see below) exclusively the 'owner' of a particular digital identity that is capable to correlate across different digital identity storage locations.

With such a definition in mind, you can gather a lot of data about someone by using the identity web services of theirs, but a lot of it may be very ephemeral (e.g., their current geolocation or presence status). As such, it is actually closer to their real 'in-the-world' identity.

Correlating Through Auditing

One might argue that this separation of identity data will in turn weaken the capability to effectively correlate information about a given digital identity for legitimate purposes, in particular when it comes to requirements such as "proof of source" or "non-repudiation". These concerns can be overcome by auditing: while different storage locations are typically not capable of correlating, a concerted action (e.g. based on a court warrant or subpoena) can evaluate audit trails and construct a comprehensive image of a digital identity.

[1] More precisely: A component of the identity system can create such statements about the attributes of your digital identity on your behalf. This could be your identity provider, some active user agent, or another service separate from the identity provider.

[2] Actually from experience: probably all participants in electronic commerce or even simple electronic communication have had some of their digital identity disclosed to parties that should better not have them, e.g. spammers or worse. Frequently, this happens through the sale of this information to marketeers.

[3] This scenario applies to loosely coupled, internet-scale identity systems. In more tightly coupled systems (e.g. in internal business applications or cross-enterprise collaborations) there are usually tight governance models that regulate how data is being handled through contracts and laws.

tag: identity

Germany recently changed their copyright and intellectual property laws, with a devastating effect on science and research: Going forward, libraries will only under very limited circumstances have the right to send out digital copies of a scientific article. There are many other new and significant changes - most of the times to the benefit of the "Content Community" (aka content mafia).

Maybe you are directly impacted, or maybe only tangentially. But ultimately, this kind of advantage for the content creator will continue is nibbling away from our rights to private copies, fair use, and - eventually - free speech. And since we do live in a fairly globalized world (at least as far as lobbying by the content mafia goes), this will effect all of us. Therefore, I ask you to consider signing the "Göttingen Declaration", asking for a reform of the latest changes in one of the biggest economies in the world.

tag: Copyright, FairUse