Wednesday, October 09, 2002
Digital ID And Open Source
Doc is moderating this panel, and appropriately enough the guy in front of me is running Linux. So off we go...
Ken Klingenstein with Internet 2 thinks they are working on what may become the TCPIP of digital identity. Federation, a natural in the higher education realm. "If you lead with identity, privacy is gone. You need to have a mechanism of concealing identity until that moment it is needed... My privacy is important to me; yours is not particularly important to me; I will sell my privacy for an appropriately attractive rubber squeeze toy."
"Shibboleth:" open source, being released in 3-4 weeks. Designed to address privacy and identity issues. Most important component is the attribute authority. Federations, "Club Shib." Large scale library pilot underway; have seen things like an 85% drop in help desk calls.
Doc introduces balance of panel discussion by noting that digital identity technolgy is at what Dave Winer described as "the implementation phase of Cluetrain;" and David Weinberger or Chris Locke noted that "networked markets are getting smarter faster than companies." (The two of them are here, look at each other, point fingers.)
Ken: How long does it take to install Shibboleth? Somewhere between 5 hours and 4 years.
Bryan Field-Elliot of Ping ID: let's make sure the protocols are unencumbered, then vendors can add what they'd like on top.
Question from audience: tension between usability and power. Ken: It's up to the enterprise to shape the release of information so the users aren't bothered and their privacy is protected. His gut feeling is your identity service provider is going to be your bank.
Dick Hart: open source allows identity providers to innovate, be able to do different things. Biggest problem is what's a protocol, what's an infrastructure. An open source model on the base piece lets innovation get built on top.
Bryan: there's an infrastructure problem with existing sites and services; will need new software: "It's like inventing the successor to the browser and the successor to the Web server at the same time, and getting everyone to install them at once."
Question from audience: how about government as centralized body to do digital ID, that everyone trusts and respsects (elicits chuckles)? Bryan: can anyone be trusted other than a government institution? Can all these identity threads ever congeal on their own, can the vendors and players get together to hammer out what looks like a real infrastructure without the gov't coming in? Two separate questions. As to the first, the issues are self evident. As to the second, he wonders, but they forge ahead.
Question from audience: I don't want any organization having control of my identity. I don't trust enterprises. I don't trust the government. I want to be the center of my identity. One of the things open source has going for it is it puts the user at the center. Could the panel explain if it can do this for us? Can it give humans control that need not be relinquished? Ah, what a good question but we are out of time! I'd check Doc's page later...
Unless otherwise expressly stated, all original material of whatever nature created by Denise M. Howell and included in the Bag and Baggage weblog and any related pages, including the weblog's archives, is licensed under a Creative Commons License.