Discuss Ch4Part1 here

Computer standards (notably SAML) distinguish between Authentication and Attributes. Authentication is a process by which I claim one of my many identities on computer systems by providing proof that I know a secret shared between me and the system. Attributes are a set of statements about one of these identities kept by a system that bothers to hold such information.

A human bank teller may be able to tell my sex, height, and approximate age when I present myself at the window. This information, however, is not stored by the bank anywhere. An ATM machine sees only a card and a PIN. The only real attribute that is important to the Bank is the amount of money in each of my accounts. By providing a card and PIN, I prove that I have the secret that establishes identity. This allows me to claim the account balance and take out or transfer money.

I may have a second account with a second bank across the street, with another card, another PIN, and a different account balance. In realspace I am still the same person when I walk across the street to access the other bank machine. However, the two banks do not need to know that the two accounts are owned by the same person. The government, to enforce tax laws, requires that the accounts have my Social Security number and that certain information be reported, but this higher identity is not important to the bank's function. From the bank's point of view, the two account might just as well be owned by different people.

When somone enters the Witness Protection Program, they get a new identity. New driver's licence, new credit cards, new address. Many attributes (sex, age, height) don't change, but now they are associated with a different name. In some philosophical sense you remain the same person, but from the perspective of everyone who deals with you, your identity is entirely different.

Until biometric measurements become part of computer authentication, computer systems don't much care about physical identity. Each individual system maintains a system of login names (accounts) with a secret used to claim access to the account. I logon to this Blog to edit text, or to GMail to read messages, or to Amazon to buy books. The systems do not care and need not know that the same person is associated with each of these accounts.

Viewed from this point of view, a college maintains transcripts identified by names and years. I may request that a copy of the transcript be sent to some place to which I am applying. The transcript provides Attributes (grades) that apply to an identity (a name). However, to claim those attributes I have to provide evidence that I have the name in the transcript. Typically I do it with a driver's licence or some other authoritative document that has the same name. This is only an approximate system, however, because it might allow me to claim the transcript of another individual who happens to have the same name.

Identity isn't perfect and never can be. Identity is for a purpose, and the elements needed to prove that identity and the information released by that identity are scoped to that particular purpose, in both real and cyberspace.

--

As with Chapter 1, the introduction here should be slanted a bit differently because all the techniques introduced in this chapter are hotly desired by a lot of governments and individuals now. They are not just for commerce. Commerce has to worry about security during transactions, though, so it's a good context for examining identity and related issues. Commerce is not uppermost on people's minds, though, when they think of identity and authorization.

Two other incentives are the old-fashioned "right to be left alone" element of privacy, which is violated by spam (this calls for the use of identity to restrain behavior before the fact) and the need to track misuse after the fact.

Andy Oram