“People who work on or with identity systems need to obey the Laws of Identity. When we don’t, we leave behind us a wake of reinforcing side-effects that eventually undermine all resulting technology. The result is similar to what would happen if civil engineers were to flaunt the law of gravity.
“The Laws of Identity are not about the ‘philosophy of identity’ – which is a compelling but entirely orthogonal pursuit.
“Instead, they define the set of ‘objective’ dynamics that constrain the definition of an identity system capable of being widely enough accepted that can serve as a backplane for distributed computing on a universal scale. Our goal is to change the identity conversation enough that its laws are no longer argued as ‘moral imperatives’, but rather as explanations of dynamics which must be mastered to craft such a universal system.”
I am a strong proponent of Kim’s laws because I believe his rationale is so sound: by extracting and distilling the natural laws of identity systems, we can avoid designs for a universal identity metasystem that don’t conform, just as a mechanical engineer can eliminate bridge designs that don’t conform to the law of gravity.
When Kim published his Fourth Law (the Law of Directed Identity), it was the first (and only) law that touched directly on identifiers. I knew his Laws had gained quite a following when I quickly received several email messages asking if XRIs (Extensible Resource Identifiers), the new OASIS specifications for abstract identifiers, conformed to the 4th Law.
In discussing this with other members of the XRI TC, as well as with Kim, we realized that each of his “Laws of Identity” has a “Corollary For Identifiers”. In particular, these corollaries would apply to any universal identifier metasystem that aspired to be the addressing scheme for the “mega momma backplane” (as Kim, Marc Canter, and Craig Burton put it.)
That, of course, is precisely the goal of the OASIS XRI effort dating back to 2003 (and previously to the XNS work dating back to 1999.) Given that the XRI 2.0 specifications are currently in public review in advance of a full OASIS vote, now seems like a good time to follow Kim’s lead and publish “The Seven Corollaries of Identifiers”.
Technical identity systems MUST only reveal information identifying a user with the user’s consent.
1a. The Corollary of Identifier Control.
The identifiers in a universal identifier metasystem MUST only reveal information identifying a user with the user’s consent.
Funny how intuitive it seems when you put it this way. A user’s online identifier should not force the user to reveal any more information than they wish. And yet one of the online identifiers most frequently requested from users squarely violates this principle: an email address. Websites who require an email address to register Ã¢â‚¬â€œ and many have no choice because it is often the only easy, universal way to perform basic user authentication Ã¢â‚¬â€œ force individuals into revealing information that in many cases they would rather not.
So half the Web breaks this corollary before we’re even out of the starting gate. But it gets worse. Look at one of the current bulwarks of online identification: DNS. A standard requirement for most DNS name registries is accurate, current contact data for the registrant that is published publicly as “Whois” data. Although many registrars now offer proxy registration services to preserve registrant privacy and prevent spam, there’s no escaping that a major component of our current Internet identifier infrastructure breaks the First Corollary squarely in two.
So can XRIs fix this problem? Yes. The first principle of XRI architecture is that XRIs are abstract Ã¢â‚¬â€œ the association between an XRI and the real-world resource it represents is entirely under the control of its XRI authority (the person or organization registering the XRI, at any level of delegation). So nothing in an XRI need reveal anything about the authority’s identity or messaging address.
So how can the identifier be authenticated, i.e., what’s the XRI equivalent of the simple email address verification test that websites use every day? The ISSO (I-Name Single Sign-On) protocol, which combines XRI 2.0 resolution with SAML 2.0 authentication assertion exchange. It’s easier, faster, and much more secure than email authentication Ã¢â‚¬â€œ and still does not require revealing any other information identifying the user.
So that fixes the first problem. What about the second Ã¢â‚¬â€œ the DNS “Whois” problem? What registrant data is required when registering an XRI? Here I can only speak for the XRI global registry services to be offered by XDI.ORG. Based on its Global Services Specifications (GSS) that have been in public review since December, the answer is: none. Following XDI.ORG’s Minimum Information Policy, a cornerstone of its Data Protection Policies, the XDI.ORG global registries will store only registered XRIs, resolution values, and authentication credentials. There is no public (or private) “Whois” service. (There is a Public Trustee Service that provides an alternate means of authenticating a registrant to XDI.ORG if they lose their registration credential, but that data is entirely private.)
So what provides accountability for global registrations? Dispute Notification Service. Every global XRI registrar is required to provide a means of forwarding authenticated dispute notifications to a registrant. This accomplishes the same goal as DNS Whois service but without revealing registrant identifying data or exposing registrants to spam.
Enough already. We’ve got six more Corollaries to go. But even the First Corollary alone suggests that Kim’s universal identity metasystem might have a good partner in XRIs as a universal identifier metasystem.
Speaking of protecting privacy, please send any comments to =Drummond, my i-name contact page.