For the past few years, analysts such as Bob Blakley and Jamie Lewis have predicted that someday,  with the right identity technology, a digital ‘oracle’ could issue abstract but trusted declarations such as ‘a specific person is above or below a specific age’  without revealing the actual personal identifying information of a real birthdate.

In mid-October a story published on theonion.com shouted to the world that, for the first time in history, someone pressed the “I’m under 18 button” on a pornographic site, denying themselves a treasure trove of what has come to be known as “adult content.”
The best satire often cuts to the root cause faster than heady academic discourse. In this case, the story highlights a glaring defect with Internet identity. After more than 20 years of the Internet, there is still no way to prove we are, (or are not) dogs, let alone how old we are.

Last week, Equifax  introduced an on-line digital information card that allows anyone who has a credit record to make verified claims.  Now, for the first time, you can prove to websites that you are ‘of-age’.  An online age verification service was introduced by credit-reporting company, Equifax, and identity start-up, Azigo (a division of Parity, Inc.). The promise?  Using Information Cards, Equifax can prove or disprove if a person online is older than a specific age.  Furthermore, the card does not need to have specific identifying information such as your birthdate.  It does not need to. By backing up the user’s claim that they are over a certain age, and if the website trusts that Equifax knows  you are over a certain age, then the website does not need your actual birthdate data.

Equifax acts as an Identity Provider, and does so using Azigo’s Information Card Card Selector software. Both companies are members of the Information Card Foundation. Like any information card,  Equifax’s  card works with any information card selector.

Verifying age online has profound importance above and below the age of 21. For example, the Information Card Foundation is currently working on laying the rails for the technical requirements needed to prove a person online is under 12. While we all would benefit from a verifiable method to keep kids safe from online predators, actually accomplishing this will require more than technology. We haven’t seen a story about predators pressing a button to opt out of MySpace, Facebook, ToonTown or other social media used by young people. But almost all social media focused on youth audiences are under Federal pressure to find a solution. A verifiable “I’m under 12 or 14 or 18” button is equally needed online.

Potential uses for a verified age claim online are limited only by imagination. Obvious are sites selling products or services with associated legal age limits. Wine, tobacco, or virtual adult sites such as portions of  Second Life. But what about receiving your senior citizen discount online? Buying prescription drugs? Voting? Renewing a driver’s license or proving veteran status? All require some form of age verification.  I’m 18 is a great start for Information Cards in general, but it is just a glimpse of things yet to be.

If you have any doubts, consider that the Information Card Foundation was formed and announced in June 2008. Member companies are making extraordinary strides working together to provide a safer, yet more simple Internet experience. Microsoft’s new Geneva Server, OpenID, SAML tokens, Open Auth tokens, CardSpace, The Higgins Project, Novell’s Bandit project and many more initiatives are all part of the Information Card ecosystem. They all point to a safer Internet.

Now the ‘chicken and egg’ question posed by the Wall St Journal regarding identity providers and relying parties turns to the relying party websites.  While the Equifax card allows transmission of both an actual birthdate and an abstract  ‘age above 18′ claim, relying sites can opt to only ask for the latter, and only that information will be transmitted.  The site will not need to store more specific information about you, and therefore make it a better site for you to use, since your digital ‘tracks’ will be abstract.  In the event of a data breach at the site, your specific personal data will not be there to be lost or stolen.

We can all use a little less personal identifying information flying around.  Perhaps we can restore privacy that today seems a whimsical memory.  By doing that we can begin to restore public trust in institutions that pledge to minimize the amount of personal data needed to do business.  We can change the math on the risk assessment of storing more personal customer data vs. the cost to verify less data.  It also means that instead of subjecting customers to the endless digital baptism of filling out more forms, a site can ask a few questions about buying preferences, for example.

With the coming of age of the digital oracle, greater things are possible.  We are starting to build a heterogeneous ecosystem where the places where your personal information resides are fewer, more under your control, and allow you to decide who knows what about you within the contexts appropriate for each situation.

Sara Peters wrote a great article about how Information Cards are awesome and furthermore, how flawed  SSNs are, since no one, not even the Social Security Administration, can verify that your SSN belongs to you.

But do Information Cards have a fatal flaw?  Are they secure?  Do they live on your computer? Are they portable?  Can your information cards be stolen?  Even if you are getting managed cards verified  from a trusted Identity Provider, are they giving you something that you can lose or can be stolen?

The Information Card Foundation was formed by thoughtful concerned architects whose primary objective is to provide us all with the tools to allow us to control our personal information in a safe secure manner.  To do this is not easy. But to make using a trusted verification claim system easy, we employ a user ceremony we are all familiar with — cards.  This makes us think of the pieces of paper and plastic we carry around with personal data on them — driver’s license, library card, etc.

So what is really happening?  As usual, in the digital world, there is no exact physical analogy.  Think about e-mail — it is usually delivered much faster than regular mail, so much  so that now regular mail’s slang term is ’snail mail’.  Or think about your computer’s ‘desktop’   Well, it’s sort of like a desktop, but it has these other cool features like organizing tools, clicks to delete or store files, etc.  So it really isn’t like a real desktop at all, but if the thoughtful concerned architects hadn’t introduced the Macintosh  with the metaphor of the desktop, early users would have been confused.

This brings us to the question of: “Where is the information that appears ‘on’ the information card, when I see something that looks like a card in my digital wallet or ‘card selector’ on my desktop?” “I really want to know this, because this is MY personal identifying information!”

The Information Card Foundation is working on defining a spectrum of answers to this question.  Why can’t it be one answer? For the same reason that while all railroad cars fit on the same track, they are not all alike.  Our world is more complex than that.

What we can say for certain is that the information that you see on an information card (or associated with the card) has been dynamically assembled for you on the fly  (and only if you choose to look at it) from a variety of places.  In the Information Card ecosystem, the information you see on the card could actually be in any of the following places:

1) Hidden in some encrypted part of your computer, that only the

operating system knows about.   Microsoft does this with one type of
card selector called CardSpace.  According to Microsoft, it is very
difficult to retrieve this.  (see Kim Cameron’s blog on this topic)

2) In the cloud.  Some card selectors do not store any information
locally.  It is in a database somewhere, at a place of your choosing.
This means you could access your cards from multiple devices — your
laptop, your workstation, your web-equipped telephone/PDA.

3) In multiple places in the cloud.  There is a database somewhere
that contains links to other places where the information lives.  And
the links could be encrypted, passing encrypted information, along
with one-time security tokens with short  lifespan.

4) any combination of the above.

Without going into lots of details that would quickly make this unreadable to anyone but the hacker who is trying to figure out how to steal someone else’s personal information, we can say that within the information card ecosystem being discussed and promoted by the Information Card Foundation, we are working to make it extremely difficult for anyone but you to get at your personal information.  We don’t believe your personal information must reside on one physical device.  All you need is a device that is able to access the web, and that has software/firmware) to access and select the ‘cards’.  But neither the device nor the cards themselves are required to contain any personal information at all — they can simply point at it, and that pointer can be encrypted (and even time-bound) in a way that lets you and the information providers that you permit to better control access to it.

Ok, you say, that all sounds great — but somewhere somehow I have to know that only I have access to this, and no one can steal that from me. How is that possible?

Here are some scenarios.  There will be more.

Starting with the simplest case, access to your information cards can require you to remember one and only one password — the one to unlock your card selector.  For two-factor authentication, this could be supplemented by an authentication device — for example, a USB key, or a biometric scanner, or a token generating physical device. Furthermore, individual cards  could have PINs, so even if you shared access to your card selector with your family, you could set some individual cards to only be accessible by a PIN.

OK, you say — now in order for someone to steal my identity information, the hacker needs to be an intruder,  physically force me to divulge my password to unlock my card selector, then they have to
guard me while they steal my information so I don’t call 911, and then after they leave, I can disable access by changing my password, or  if they change my password while their accomplice holds me at gunpoint, I
can still call the place where my information is stored and put a hold on my accounts? Yes.  Considering the difficulty of this type of violent crime and the problem that what is stolen can be disabled in less than an hour, this type of crime would be technically possible, but highly improbable.  This would create a much safer environment than the one we have today, where lying on the Internet is easy,  and companies have to store ever more amounts of personal data on their customers to mitigate that risk while taking on the additional risk of a data breach. Not to mention that hacking and phishing is easy, anonymous, invisible, and international.

But is all this security necessary just to login to a blog to leave a comment?  Obviously not.  Information Cards need to be simple to use but intelligent enough to handle the full spectrum of security concerns from OpenID to SAML and beyond.

There is  one case where information can actually be on the card —  an exported self-issued card saved as a digital file.  These kinds of files are always encrypted and protected with a password, but it is still extremely important not to let those types of files fall into the hands of an attacker.  A good card selector that allowed exporting self-issued cards should issue a warning to the user in this fringe case,  so that the card selector/click-in ceremony remains trustable when it really matters.  Certification of trustable card selectors, identity providers, and website relying parties will be part of building trust and consistency into the Information Card ecosystem.

The power of the simple card  metaphor hiding an architecture that allows any existing or future identity management system to interoperate is the unifying aspect.

The Internet needs this badly.

So does our economy.

This is too important not to get right.

At DIDW in 2007, the term ‘user-centric’ identity was called ‘new school’ identity.  Kim Cameron introduced the term ‘claims’ as a way of accurately generalizing the data fields on information cards.  But the concept of information cards as a metaphor to wield the claims that others made about you was not the overarching meme at DIDW last year.

This year, Information Cards and the Information Card Foundation have moved mainstream.

The Higgins Project,  the basis for open source information card implementations demonstrated by Novell (The Bandit Project) Oracle, Parity, and IBM has created an open source implementation of information card selectors compatible with Microsoft CardSpace.  A SAML-plug-in for Higgins was built for Google.  Where there used to be one organization (Liberty) promoting SAML, there are now  a triumverate of organizations supporting Open ID (Open ID Foundation) and Information Cards (Higgins/CardSpace) with the Information Card Foundation.  Thus Concordia’s Eve Maler’s Venn of Identity diagram now has active established organizations in each sphere.

Here is some of the impact Information Cards had on this Conference:

I4: OSIS Interoperability Workshop sponsored by the Information Card Foundation. This was the fourth interoperability event held since June 2006 Burton Catalyst hosted the first one.  In just sixteen months, the industry has moved from talking about a network of interoperable information card selectors, identity providers, and relying parties to 57 projects and products running over 1200 tests to ensure that products from different companies not only interoperate, but move toward consistent behavior with a large baseline of features and exception handling tests. Mike Jones summarized the results at the end, and began the discussion for I5.

Jamie Lewis of the Burton Group in his keynote “State of the Industry” described how far information cards have come. Last year, he showed a collection of interstellar dust that was Higgins, another was Cardspace; neither were planets. This year he highlighted the formation of the Information Card Foundation “as a welcome development” by a group  of leading members of the identity community along with  key influencing companies. Together, they forged this new organization to promote the simple user metaphor that empowers ordinary users  to control the complex plumbing required for trusted, verifiable, flexible digital identity on the web.

Kim Cameron’s keynote again addressed claims, but he was very pleased to report the birth of the Information Card Foundation as a milestone toward ultimately improving simplicity and security for all Internet users by at least an order of magnitude. He introduced new claims details, laying the groundwork for more development. But to the user, the metaphor doesn’t change. Information cards simplify both the security and interoperability plumbing that is so necessary, but should be invisible during digital transactions. To render things as simple as possible but no further.

Dale Olds ran a panel called “The Open Source Community’s Contribution to User-Centric Identity” which included, Paul Trevithick, Mary Ruddy, Drummond Reed, and Pamela Dingle. All are Community Steering members of the ICF and contributors to the open source components that make information cards the center of the plumbing needed for users to prove their Internet claims without revealing personal data.

In the exhibit area, the Information Card Foundation  booth afforded  us the opportunity to introduce the concept of Information Cards and our Foundation to enterprise customers who are grappling with the very real issues that Information Cards can address — building trusted verified real-time claims, minimizing storage of personal information, role management, and user provisioning within rapidly changing companies, where policies, re-organizations, roles, and responsibilities are in constant flux. Any system that assumes a static centralized architecture is obsolete with every business change. Dealing with change is fundamental to staying in business.

Fig 1: ICF Booth at DIDW: Two more members join ICF.

Paul Madsen chaired the breakout: “Bootstrapping Identity Protocols: A Look at Integrating OpenID, ID-WSF, WS-Trust, and SAML.” Along with Paul, ICF Board members Patrick Harding and Mary Ruddy described how all of these protocols can interoperate using Higgins components and/or information cards.

On Wednesday morning, this picture was on the front page of USA Today.

If one had not been deluged with the  multitude of stories regarding identity breaches in the past year, one could imagine it having been part of a deliberate build up to Doc Searls’ keynote:  On VRM (Vendor Relationship Management) and Identity.  At last year’s DIDW, Phil Becker introduced Doc by saying that “Doc was right” about how the world would swing around to valuing the customer as a mutual business partner, and that technology is accelerating this change. Doc introduced the ‘relationship-button’ as a digital way to indicate the status of a digital relationship between parties willing to form a relationship under mutually  favorable terms.  Just as two businesses look for a way to come to an agreement, customers are increasingly empowered to negotiate terms.

This theme is in harmony with one introduced by Bob Blakely at Burton Catalyst 2008 San Diego — that the term user-centric identity and enterprise-centric identity infer “forms of abuse”. Neither term emphasizes the digital relationship that is essential to mutual trust.  It is the relationship that is key — healthy ones are mutually beneficial, cooperative, and lead to more business. Information cards provide the plumbing to form digital relationships that are persistent as long as both parties agree, and severable when necessary. Terms may be proposed from each side. Electronic transactions with trusted verifiable claims lower costs, and make treating each customer as a business partner possible even in the face of increasing complexity.

As one enterprise executive told me, “what I like [about information cards] is  with verifiable claims from multiple trusted sources, I can more accurately  predict risk assessment  — a key to growing my business, and lowering costs.”

To build a  flexible identity infrastructure that is as simple as it can be but no simpler, is to start with the human being as the fundamental component.  We must account for all the complexities each of us represents, whether it is multiple roles,  varying job responsibilities, or personas (e.g. professional, political, religious, hobby, etc.) The identity metasystem that allows any of us to prove the claims we make on the Internet and have them accepted by relying parties best revolves around a simple metaphor — a wallet and cards — cards built to interoperate with every identity and security system — cards that can handle the vast dynamic range of claim types.  Information cards as the basis for digital relationships is the best way to  maintain trust — the expectation of future behavior — that is essential to the entire social and commercial fabric of our civilization — it is the only way we can act digitally with the responsibility and risk assessment necessary to grow our economy together.

“Perhaps these sentiments are not yet sufficiently fashionable to procure them general favor; a long habit of thinking a thing wrong, gives it a superficial appearance of being right, and raises at first a formidable outcry of defense of custom.  But the tumult soon subsides. Time makes more converts than reason.”

- Common Sense, Thomas Paine 1776

The prospect of digital identity working at Internet scale—and Internet strength—has occupied the attention of many in the industry for the better part of a decade. Perhaps that should come as no surprise—cross-domain authentication and authorization has long been one of the thorniest problems in networking. Blow it up to Internet size—and add the Internet’s staggering diversity—and even Don Quixote might start looking for a more possible dream.

Yet twice before the Net has beaten such interoperability odds. It owes its very existence to a no-frills internetworking protocol—TCP/IP—emerging from a thick protocol soup to become a lingua franca of packets. Less than two decades later another minimalist approach—HTML—turned the universe of information into a World Wide Web by giving us a universal way to link content.Could there be a hat trick for the Internet identity layer? And if so, what’s under the hat?

When I first started reading about Information Cards in Kim Cameron’s blog posts in 2004, it was a disarmingly simple metaphor: no more than the online equivalent of the cards we carry in our wallets to prove our identity and use for transactions every day. Could such electronic cards really be the key to an “identity metasystem” that can bridge security and privacy domains the same way Web pages bridged content domains?

Kim’s words pinballed across a blogosphere primed for such ideas, and one pocket where they landed was on the opposite coast where Paul Trevithick and Mary Ruddy had co-founded the Higgins Project. Higgins was driving its own Copernican inversion of the network universe: turning the user into the central organizing hub around which all their digital relationships revolve as the spokes.

To Paul, Kim’s vision of a consistent visual metaphor for all identity interactions resonated with his picture of the abstraction layer necessary to spare the user from any of the crypto mechanics taking place on their behalf. These two pieces fit together like interlocking halves of a continental shelf. The dialog between Paul and Kim steadily drew in others, and by mid-2006, after an open space session at the Berkman Identity Mashup at Harvard, there was “convergence on a metaphor” of Information Cards as a fundamental component of interoperable identity systems.

As big a step forward as that was, there remained much more road to travel. The Liberty Alliance had already shown how broad and deep the sea of identity interoperability can be, even with an armada of ships to navigate it under the OASIS SAML flag. And by early 2007, four tribes in the newly discovered continent of user-centric identity had united under the banner of OpenID 2.0 and brought the liberating power of user-controlled identifiers to the digital identity pioneers. The OpenID community formed the OpenID Foundation to serve as a trustee for intellectual property and a host for community activity and by early 2008 had attracted Microsoft, Yahoo, Google, VeriSign, and IBM to join as corporate directors.

Inspired by these efforts, the growing Information Card community realized that to bring this metaphor to full fruition required taking the same step—coming together into a common organization that would unify our efforts to create an interoperable identity layer. From one perspective this could be looked at as completing the “third leg of the stool” of what is often called the Venn of Identity (SAML, OpenID, and Information Cards). But from another perspective, you can see it as one of the logical steps needed towards the cooperative convergence among identity systems and protocols that will be necessary to reach a ubiquitous Internet identity layer—the layer that completes the hat trick.

Either way, those who have come together to form the Information Card Foundation know that creating it is only one step along a shared journey. The hard work lies ahead of us: unifying our efforts to bring the benefits of Information Cards to the fastest moving and fastest changing marketplace in history. I am proud to have been asked to help facilitate these efforts both within the Foundation and in its work with others. I invite you to join us—let’s make some history together!