Search This Blog

Wednesday, October 17, 2007

How the identity oracle could solve the privacy problem

Network World

Security: Identity Management




Network World's Security: Identity Management Newsletter, 10/17/07

How the identity oracle could solve the privacy problem

By Dave Kearns

Bob Blakley, principal analyst at the Burton Group has, from time to time, talked about the “identity oracle.” Currently there are none, but Bob is convinced that there is a sound business model for one, which will – in the fullness of time – allow one to sprout, grow and flourish. This will happen, because – in Bob’s words: “…as long as we continue to try to solve privacy problems using technology, we are going to continue to fail, and the Internet will continue to lack an identity layer, and it will continue to be a privacy hazard. Identity and privacy are not technology problems – they’re social, legal, and economic problems – and no technology can solve these problems.”

But the identity oracle can solve the privacy problem.

Let’s say there’s a person, we’ll call him “Bob,” who wants to buy some wine from an Internet site and have it shipped to his house. In today’s market, Bob must provide the retailer with his credit card information, his shipping and billing addresses (because wine can only be shipped to certain states) and Bob must be home when it is delivered in order to prove to the delivery person that he is of legal age to buy alcoholic beverages.

Webcast: Get the latest on NAC

Learn the latest on Network Access Control in Network World's Perspectives Editorial Webcast. Discover how IT professionals can leverage this hot security technology in their networks, while also learning about key management areas that have not yet been perfected.

To learn more click here.

None of that information needs to go to the wine seller (and, thus, to whomever the wine seller wishes to disclose it, either for free or for cash). Bob simply indicates to the wine seller who his identity oracle is. The wine seller asks the oracle: “Can Bob legally buy wine and receive it at his home address?” To which the Oracle replies either “yes” or “no.” If yes, the following transactions can occur:

1) The wine seller tells the oracle to bill Bob for the wine purchase.
2) The oracle tells Bob’s bank to debit that amount.
3) The wine seller delivers the shipping box to a carrier.
4) The oracle tells the carrier where to deliver the box and asks “how much?”
5) The oracle tells Bob’s bank to debit that amount.
6) The wine is delivered to Bob.

The wine seller cannot spam Bob (either by e-mail or snailmail) as it doesn’t know his address. Neither the bank nor the carrier knows what it is that Bob purchased. Only Bob and the oracle can reconstruct the entire transaction.

So why trust the oracle?

As Blakley puts it: “The identity oracle charges the wine seller and other relying-party customers money for its services. The asset on the basis of which the identity oracle is able to charge money is its database of personal information. Because personal information is its only business asset, the identity oracle guards personal information very carefully. Because disclosing personal information to relying-party customers like the wine seller would be giving away its only asset for free, it strongly resists disclosing personal information to its relying-party customers. In the rare cases in which relying parties need to receive actual personal data (not just metadata) to do their jobs, the identity oracle requires its relying-party customers to sign a legally binding contract stating what they are and are not allowed to do with the information.”

The identity oracle lies on the cusp of an escrow service and a Swiss bank, but it is a compelling and fascinating idea, isn’t it?


  What do you think?
Post a comment on this newsletter

MOST-READ STORIES:
1. Top 10 strategic technologies for 2008
2. Security companies to watch
3. Salary survey: IT pay falls short
4. Funniest Microsoft videos on YouTube
5. 'Networkiest' horror films
6. Google GPhones or GPhonies?
7. Quantum cryptography to secure ballots
8. Is Apple more controlling than Microsoft?
9. Oracle's 10 acquisitions in 2007
10. Would BEA disappear under Oracle?

MOST E-MAILED STORY:
Top 10 strategic technologies for 2008


Contact the author:

Dave Kearns is the editor of IdM, the Journal of Identity Management as well as a consultant to both vendors and users of IdM technologies. He's written a number of books including the (sadly) now out of print "Complete Guide to eDirectory." His other musings can be found at the Virtual Quill, an Internet publisher which provides content services to network vendors: books, manuals, white papers, lectures and seminars, marketing, technical marketing and support documents. Virtual Quill provides "words to sell by..." Find out more by e-mail. Comments to this newsletter can be e-mailed to Dave here



ARCHIVE

Archive of the Security: Identity Management Newsletter.


BONUS FEATURE

IT PRODUCT RESEARCH AT YOUR FINGERTIPS

Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details.


PRINT SUBSCRIPTIONS AVAILABLE
You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today.

International subscribers, click here.


SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here.

This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription.


Advertising information: Write to Associate Publisher Online Susan Cardoza

Network World, Inc., 118 Turnpike Road, Southborough, MA 01772

Copyright Network World, Inc., 2007

No comments: