tag:blogger.com,1999:blog-19798349.post9209094597138373442..comments2024-03-22T12:20:48.920+00:00Comments on open...: Managing Identity Without ID CardsGlyn Moodyhttp://www.blogger.com/profile/04436885795882611585noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-19798349.post-61301025692206558782009-06-21T21:53:21.995+00:002009-06-21T21:53:21.995+00:00I look forward to hearing more about it in due cou...I look forward to hearing more about it in due course.Glyn Moodyhttps://www.blogger.com/profile/04436885795882611585noreply@blogger.comtag:blogger.com,1999:blog-19798349.post-64200977395156700632009-06-21T21:51:41.866+00:002009-06-21T21:51:41.866+00:00Frankly, I think it's pretty straightforward (...Frankly, I think it's pretty straightforward (!), but at the moment I'm working on the problem of exchanging art for money without copyright - in other words a system that enables the public to fund public works. This is thus indispensible for the funding of such public works as a distributed ID/reputation system, and distributed cyberspace. ;-)Crosbie Fitchhttps://www.blogger.com/profile/06554471152790988479noreply@blogger.comtag:blogger.com,1999:blog-19798349.post-63950477731804249652009-06-21T21:37:39.235+00:002009-06-21T21:37:39.235+00:00yes, the relationships idea is cool: I just wonder...yes, the relationships idea is cool: I just wonder how we'd implement it...Glyn Moodyhttps://www.blogger.com/profile/04436885795882611585noreply@blogger.comtag:blogger.com,1999:blog-19798349.post-87507946088511764392009-06-21T21:34:17.839+00:002009-06-21T21:34:17.839+00:00Yup, I was just trying to start the ball rolling i...Yup, I was just trying to start the ball rolling in the direction of an ID/reputation system whose operation was a little more transparent and comprehendable.<br /><br />I daresay what I sketched out can be improved considerably, made more layman-friendly, and less contaminated by PKI techniques (except where indispensible as emergency ID theft counter-measures).<br /><br />But, my point is that fundamentally ID is a matter of memorable relationships, not of a single secret and a little black box (or chip&pin card). The person needs to see an account of those relationships that effectively produce each ID they possess. And let's not also forget that this is a distributed/p2p system - no central control.Crosbie Fitchhttps://www.blogger.com/profile/06554471152790988479noreply@blogger.comtag:blogger.com,1999:blog-19798349.post-50876608890514886302009-06-21T18:36:04.180+00:002009-06-21T18:36:04.180+00:00Interesting stuff, but it's still not clear to...Interesting stuff, but it's still not clear to me now this would work in practice - and you mention private/public keys...Glyn Moodyhttps://www.blogger.com/profile/04436885795882611585noreply@blogger.comtag:blogger.com,1999:blog-19798349.post-47548531735285142802009-06-21T09:45:26.775+00:002009-06-21T09:45:26.775+00:00No disrespect intended, but what mathematicians fe...No disrespect intended, but what mathematicians feel duty bound to trust, despite being opaque even to them, can be their undoing (because they have so much confidence in it, they become complacent in verifying it).<br /><br />SSL and https are fine for computer systems maintained by nerds, but not for the common man.<br /><br />The sort of solution I'm looking forward to (it will be arrived at by trial and error eventually) will be reminiscent of the sort of thing I describe here:<br /><a href="http://www.digitalproductions.co.uk/index.php?id=69" rel="nofollow">Ideating Identity</a>.<br /><br />It must operate in a manner that is primarily visible and comprehensible to those who use it - continuously. It may be backed up by arcane maths on those rare occasions when challenged, but arcane maths shouldn't govern its normal operation.<br /><br />In other words, just as people need to be able to check their bank accounts to scrutinise them for fraud, so they also need to inspect their white-box identity system to assure themselves it is operating correctly.<br /><br />No identity system can survive that relies upon its users having blind trust in the black boxes they are provided with (no matter the reassurances of maths geeks). ;-)Crosbie Fitchhttps://www.blogger.com/profile/06554471152790988479noreply@blogger.comtag:blogger.com,1999:blog-19798349.post-84337152267139226912009-06-21T09:16:35.546+00:002009-06-21T09:16:35.546+00:00As a mathematician, I feel obliged to object to yo...As a mathematician, I feel obliged to object to your aspersions...<br /><br />And what's the problem with "arcane maths"? Provided it's *correct* maths, it's fine - and correct means it can be checked. Are you against SSL connections too?<br /><br />And what would be your solution to ID/reputation, given that we do need something in a digital world....?Glyn Moodyhttps://www.blogger.com/profile/04436885795882611585noreply@blogger.comtag:blogger.com,1999:blog-19798349.post-64955442117770966652009-06-21T09:06:39.835+00:002009-06-21T09:06:39.835+00:00I wouldn't be so sure.
The future of ID/reput...I wouldn't be so sure.<br /><br />The future of ID/reputation is certainly distributed, but then that has been its past.<br /><br />However, any long-term viable technology has to be a white-box solution, not a black-box one.<br /><br />That means a system that relies upon arcane mathematics is a black-box solution (despite appearing to be a white-box one to maths nerds).<br /><br />For some reason those who search for a solution are invariably waylaid by the lure of control (centralisation) and/or obscurity (elitism).Crosbie Fitchhttps://www.blogger.com/profile/06554471152790988479noreply@blogger.com