thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Tuesday, June 10, 2008

IdentityCamp: Lessons Learned in Bremen

The IdentityCamp in Bremen on the weekend was a blast: Focused discussions, energized participants, great weather, a relaxed atmosphere, and interesting interdisciplinary exchange. It seems to have been the first time that the Identity 2.0 crowd really discussed in an open and in-depth way with the privacy people, which was exactly what we hoped would happen. It’s impossible to summarize all the sessions, but here are some interesting observations that I took away from it:

"The buzzword of the day seemed to be OpenID." (Sid Arora). But at the same time, the OpenID community to me left the impression that they are a bit desperate. A number of big players have become OpenID providers, but nobody except for a few blogs and some platforms is consuming OpenIDs issued by other parties. So the session on "Killer Applications for OpenID" left me with the feeling that OpenID is still very much a solution looking for a problem. A way out may be using OpenID not only for authentication, but also for attribute exchange. There are some active attempts into this direction. Dennis Blöte is currently developing a system which uses OpenID for the different online services at Bremen University (e-learning, exams, administration, etc.). Here are his slides.

Convergence of Standards: Infocards and OpenID are moving closer to each other. The best known case for this is using CardSpaceInfoCards for authenticating towards the OpenID provider. But there is more going on, e.g. in creating mobility: The Higgins InfoCards selector stores Infocards online, so you don’t depend on your own machine all the time – which used to be a big plus for OpenID. Johannes Feulner showed the gateway he built, which you can use for logging into an OpenID relying party directly with the CardSpace InfoCards interface. One of the problems in building this system was that the attribute semantics were not 100% equivalent to each other. Another approach, which Dick Hardt is working on, is to “tunnel” OpenID Tokens with Infocards. According to Johannes, the latter approach can not translate claims and does not work with self-issued cards, and the relying party needs an upgrade. In the gateway approach, you have to trust the gateway; in the tunnel approach, you have to trust the OpenID provider. Johannes also has a nice OpenID phishing demo online at
There is also convergence between CardSpaceInfoCards and Shibboleth, as Tobias Marquart reports.

We now know what "Identity 3.0" officially means. Caspar Bowden presented on the recently acquired U-Prove technology and how Microsoft plans to integrate it into the Identity Meta-System. Christian Scholz has a good summary. Caspar provided a typology of the generations of identity management:
  1. Identity 1.0: centralized IdM like Passport. The problem was that one IdM is way too powerful.
  2. Identity 2.0: SAML or OpenID like. The problems here are that all IdMs are too powerful, and you have the extra-problem of phishing.
  3. Identity 3.0: smart client-side crypto. Using minimal disclosure tokens, you achieve multi-party security and privacy. By this, you get more independent of the identity provider, which is a good thing from a privacy perspective. The problems here are unresolved patent issues.
Data portability is a complex topic with a number of issues unresolved. Aside from competition issues and the big players not really pushing a standard here for obvious reasons, there is also no common vision on what exactly should be portable, and by whom. In general, the Data Portability Working Group seems not to be too active, especially not on the policy front. I learned at the camp that it depends on your normative perspective on identity. If you want your identity to be coherent and all the different facets open to all of the members of your social environment, you want full portability. This seems to be the case for those folks who are friends with their co-workers anyway. If you want your different roles not connected to each other and prefer a strict division between the private and the public life, you want less portability. At least you want to be able to control who gets to see what, and even when. The general focus is moving from single sign-on to data synchronization. Most people agreed that it would be nice to be able to update your contact data on all platforms you are a member of with one click. The more difficult issue is relationship data, which in the end is not identity management, but societal management. One more reason to get more social scientists in this discussion. But you also need a ton of lawyers, because if company X relies on the IDs provides by company Y, this creates a business relationship between them, too.

"The topic least understood by the participants (at large) seemed to me to be national identity (and their respective cards)." (Sid Arora). This is understandable, as OpenID, Cardspace, and other instances of Identity 2.0 are not really part of most developments around governmentally issued electronic ID cards. This camp was a nice opportunity for people who work on these different corners to meet and exchange views. This is especially important when discussions are starting about the possible use of OpenID in e-government contexts, which happened in Bremen. A lot of scepticism was raised towards this idea, though, mainly because of security issues and the too central role of the identity provider. Caspar Bowden got applause for his question:
"Why use the lowest standard (OpenID) for the most security-relevant use case (government authentication)?"
There was a huge interest in trust online. Which mechanisms generate trust in the offline world, and what is different in online environments? Tina Guenther’s presentation sparked such a lively discussion with her attempt to break down the research questions and get some first insights that she even offered a well-attended second session on Sunday for getting deeper into this.

You can reduce the need to trust with data minimization. A lot of the open questions discussed in the other sessions also boil down to "Who do you trust"? Your government? A corporation like Yahoo? The members of your social network? If the idea of a loosely coupled identity meta-system is that you do not need high trust among all parties, then I see two possible solutions:
  1. Everyone becomes his or her own identity provider and does not have to worry about IdPs collecting their digital traces.
  2. The amount of exchanged data is reduced in general, so you don’t have to trust all kinds of parties. This is where Identity 3.0 with minimal disclosure tokens and zero-knowledge proofs is very promising.
Semantics is the big challenge, not technology. Once Microsoft and IBM sort out the patent issues between U-Prove and Idemix, and the protocols and libraries are available for the public, the technology problems are more or less solved. Most of this (except for the minimal-disclosure crypto) is not rocket science anyway, but normal protocol plumbing. The problem is the translation of the complex social and legal issues around identity into these protocols. How to come up with a reference list of identity tokens for age, location, contacts and all kinds of other issues? How to organize the management of relationship data? Which contractual relationships are implicitly or explicitly involved that need to be sorted out? The idea of having Creative Commons-like licenses for your personal data, which then can be described in a lawyer-readable, a human-readable, and a machine-readable form met quite some interest. But this is mainly a usability issue. The different use cases you want for this are much more complex and diverse than the few standard types of re-using text or music.

This leads to the conclusion by many participants: An interdisciplinary perspective is really needed on the issue of identity. We came pretty close to the ideal, but some perspectives were still missing:
"There was a healthy mix of disciplines represented, including computer scientists and programmers, lawyers, sociologists, social media / web developers and even a few curious students from the Bremen University of Arts, where the event was hosted. A couple historians and policy makers mixed in would have been nice, but considering the method in which such an IdentityCamp was organised (or lack thereof), it was brilliant." (Sid Aora)
There is a great interest in follow-up. People are eager to have the next IdentityCamp and go into the issues more in depth and even develop a common vision. Check the IdentityCamp page regularly to see how we will stay in touch.

A big "thank you" goes to our sponsors: University of the Arts Bremen, big Bremen, Kuppinger Cole + Partner, artundweise, hmmh Multimediahaus, Mister Wong, Spreadshirt, and Pure Tea.


Blogger NRG said...

Thanks, Ralf, for your helpful and interesting summary of the events at Bremen.

10/6/08 21:01

Blogger Paul Trevithick said...

Thanks for writing this up. Sounds like a great event.

[BTW one little nit: "Information Cards" (or i-cards or infocards for short) is the name of the technology not "CardSpace". CardSpace is a trademark of Microsoft is their i-card tech implementation.]

10/6/08 23:20


Post a Comment

<< Home