Personal identity (was: AOL Blackmail)

Russell Turpin deafbox at hotmail.com
Tue Apr 22 20:03:58 PDT 2003


In my view (sitting in the corners as I do), the
personal identity problem is one of the bigger
data processing problems that goes unsolved. The
most obvious aspect of this problem is updating
your contact list when one of your hard-bound
addresses changes, or conversely, trying to find
out how to contact an old acquaintance when you
discover that their old addresses no longer
resolve.

A first cut at a solution is a webservice that
(a) assigns anyone who requests it a public
encryptiong key, PK, which also acts as a
permanent identity, (b) allows the owner to
maintain a list of addresses, an XML file will
work nicely, and (c) returns that list to any
requestor. Your PK gets passed to all your
acquaintances whenever you send them email, beam
them an ecard, etc. Contact management software
then uses the PK to update contact information
as it changes.

There are several problems with this first-cut
solution. (1) It is a spammer's wet-dream. So
the webservice has to maintain a list of mutually
desired relationships. When you receive a PK,
your contact software has to semi-automatically
update the web service that this new contact is
on your whitelist. (2) It is a cracker's and
government bureaucrat's wetdream. So ideally, the
information is encrypted with your private key,
maintained locally, and the operation of making
it available to an acquaintance is to download
the encrypted store, decrypt it with the private
key, then re-encrypt it with the acquaintance's
PK.

This kind of thing strikes me as a really neat
service, and not just for addresses. It provides
a store for things like wills, contracts, etc.
Ideally, it is built on a standard protocol,
so that you don't get tied to one vendor, which
defeats the whole purpose. With all the data
encrypted, it can be stored anywhere.

Alas, there are serious questions about the
business case and adoption issues, and it may
be that Microsoft is the only company that can
or will do this in a big way, so that we will
all get tied to The One Vendor whether we like
it or not.

Has anyone tried to do parts of this in an open
source project?




_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.  
http://join.msn.com/?page=features/virus



More information about the FoRK mailing list