A Manhattan Project for Online Identity: NSTIC -- What is social media for?
Kristine Schachinger of Search Engine Journal has a particularly good G+ post mortem, and raises the spectre of identity platforms, IdPs. In particular, a US government initiative, the National Strategy for Trusted Identities in Cyberspace. I'd posted that previously, it's highly recommended.
In it, Schachinger focuses at length on the NSTIC, National Strategy for Trusted Identities in Cyberspace. This was a 2010 initiative championed by then US President Barack Obama, to address the Peter Steiner problem: "on the Internet, nobody knows you’re a dog." (Or a Space Alien Cat.)
She specifically highlights an excellent O'Reilly Radar piece by Alex Howard, A Manhattan Project for Online Identity, from which I'm drawing heavily.
+NSTIC was seen as a way to address the "identity problem", but also faced the challenge that the government was seen as a poor choice for providing that capacity, so it was farmed out to private industry. Because to paraphrase Yahoo Seriously, if you cannot trust the private industries of the world, who can you trust?...
A deep dive into the other reason Google+ (and a host of other IdPs) got created or solidified around 2010-2012. And the question of whether or not we really want to do that again.
https://old.reddit.com/r/plexodus/comments/aa6pmi/a_manhattan_project_for_online_identity_nstic/
https://old.reddit.com/r/plexodus/comments/aa6pmi/a_manhattan_project_for_online_identity_nstic/
Kristine Schachinger of Search Engine Journal has a particularly good G+ post mortem, and raises the spectre of identity platforms, IdPs. In particular, a US government initiative, the National Strategy for Trusted Identities in Cyberspace. I'd posted that previously, it's highly recommended.
In it, Schachinger focuses at length on the NSTIC, National Strategy for Trusted Identities in Cyberspace. This was a 2010 initiative championed by then US President Barack Obama, to address the Peter Steiner problem: "on the Internet, nobody knows you’re a dog." (Or a Space Alien Cat.)
She specifically highlights an excellent O'Reilly Radar piece by Alex Howard, A Manhattan Project for Online Identity, from which I'm drawing heavily.
+NSTIC was seen as a way to address the "identity problem", but also faced the challenge that the government was seen as a poor choice for providing that capacity, so it was farmed out to private industry. Because to paraphrase Yahoo Seriously, if you cannot trust the private industries of the world, who can you trust?...
A deep dive into the other reason Google+ (and a host of other IdPs) got created or solidified around 2010-2012. And the question of whether or not we really want to do that again.
https://old.reddit.com/r/plexodus/comments/aa6pmi/a_manhattan_project_for_online_identity_nstic/
https://old.reddit.com/r/plexodus/comments/aa6pmi/a_manhattan_project_for_online_identity_nstic/
The identity problem is the stolen identity problem. Identities are built on their reputation, not on a gov't rubber stamp. The only problem is making sure the same person always posts under the identity; that nobody hijacks the identity for their own agenda.
ReplyDeleteShawn H Corey That is one part of the identity problem.
ReplyDeleteAnother identity problem is the potential for, or rather invitation to, totalitarianism.
ReplyDeleteETA actually read the piece now. Good points, well written. Thanks.
That was the start of what's become a near-absolute loss of trust in Google.
Facebook is Google’s saving grace: a company that has done the same things more notoriously and which has a figurehead who can be decapitated.
I'm looking forward to diving into this material you presented. I was thinking it's about time to flush out the identity management issue. Did you note somewhere about Hubzilla/Zot development, and McGarvin's work on identity?
ReplyDeleteThen there's Oauth, OpenId, and SAML which i haven't really got into yet, but looks like an interesting problem. I found this you may want to check out: https://www.ubisecure.com/uncategorized/difference-between-saml-and-oauth/
Sorry, no post results for "nstic from:"Yonatan Zunger""
ReplyDeleteEdward Morbius It's the only problem.
ReplyDeleteWhy should we trust a gov't that has told us that Iraq has weapons of mass destruction? How do we know the identity is a real person? How do we know if it's not being used to pose as the real person? How do we know the gov't won't terminate an identity to censor people? Because the gov't is trustworthy?
Of you think there are other problems, then you are supporting Big Brother.
Diana Studer No results from any of them.
ReplyDeleteShawn H Corey Identity problems:
ReplyDeleteWho are you?
What did you do?
When did you do it?
Has it changed since then?
Who wants to know?
Was it you or somebody impersonating you?
Should I trust you?
Do I owe you?
Do I need your permission?
Should you have secured my permission?
Can I access what is mine?
Can you access what is mine (when you should not be permitted).
What are the consequences of having a person's identity on file?
What are the consequences of having a person's history on file?
... 10 people's?
... 100 ...?
... 1,000 ...?
... 1,000,000 ...?
....1,000,000,000 ...?
... 10,000,000,000 ...?
... 10^100 ...? (There's probably a bug in there somewhere, eh wot?)
Who verifies the data?
Who adjudicates disagreements on identity / access / ownership / permission / history ?
Who watches the watcher's watcher's watcher's watcher's?
How long does history last?
When is it accessible?
How often does it leak?
How far does it leak?
What if 1 person knows?
... 10 people?
... 100 ... etc.
And s/he is your ex? Stalker? Banker? Boss? Political opponent? Office rival? Foreign counterpart? Criminal godfather? Terrorist mastermind? Next door neighbour? (Love/life/business) partner?
There are multiple problems.
Edward Morbius All solved by reputation.
ReplyDeleteShawn H Corey Really?
ReplyDeletePlease detail. In depth.
Edward Morbius This is a tantalizing problem, you know. After browsing the nstic articles you referenced, I realize it is important to sift out some key elements and functions to focus on. The overall topic of identity management is too overloaded with sensitive connotations to treat it as a single problem.
ReplyDeleteBill Brayman And I'll say again: I've not delved into the docs themselves (mostly the discussion of them) yet. My role in the #plexodus effort as a whole is far more as an editor than a creator of information, though I'm doing some of that as well. I'm trying (and mostly failing) to stay reasonably on top (or only slightly underneath) things.
ReplyDeleteAs the ... discussion ... above indicates, there are some tremendous blinders and misconceptions about the domain, problems, and solution space. Which makes actual discussion difficult. Abstracting the key elements as you suggest is excellent advice.
Curious as to what you've abstracted ;-)