News/Blog
The One and Only Internet Identity Workshop
There's only one IIW. I don't know of anything like it for any other industry. It is THE open space conference for the community - the most critical event to attend if you either want to know where Internet identity is going -- or change where it is going. The next one is May 18-20 at the Computer History Museum in Mountain View.
Early registration is especially important this year - register before April 1 to secure a special price.
The Information Card Foundation is one of the sponsors this year, and our members and contributors will be there in force, so we look forward to you joining us there.
ICF Executive Director Transition
The Information Card Foundation announced today that Charles Andres, Executive Director of the Foundation for its first 18 months, is stepping down to pursue other opportunities. Mr. Andres states, “My goal was to get the Foundation off the ground with the critical mass of high-quality individuals and companies needed for success. Having achieved that, it is time for me to move beyond the neutral role of Executive Director. The global business opportunities for Information Cards touch every market.”
Under his tenure, the ICF grew to 35 member companies, established five working groups, and developed the ICF Claims Catalog. Mr. Andres was also instrumental in organizing the Harnessing the Power of Digital Identity seminar to be held April 20 at the RSA Security Conference in San Francisco, which the ICF is co-sponsoring.
ICF board member Drummond Reed is taking a leave of absence from the board to assume the role of Interim Executive Director. A founder of Cordance Corporation, former VP Infrastructure at Parity Communications, co-chair of the XRI and XDI Technical Committees at OASIS, and a founding board member of the OpenID Foundation and XDI.org, Mr. Reed has been involved in Internet identity infrastructure and services for over 15 years.
“I look forward to quickly building on the foundation Charles and the ICF founding members have established. Information Cards, selectors, and the Identity Metasystem represent an opportunity for convergence across all Internet identity protocols; the faster we can foster adoption the sooner we will harvest the personal, social, and commercial benefits of a ubiquitous Internet identity layer.”
Mr. Reed can be contacted in his new role at director ---@--- informationcard.net.
Information Cards Facilitate Grassroots Democracy
Information Cards can Authenticate Online Petitioners While Protecting Anonymity
- In 1215, King John signed the Magna Carta, which recognized the right of the barons to petition the crown.
- In 1775 Thomas Paine wrote in Common Sense that "... frequent interchange ...between the electors and the elected ... will establish a common interest with every part of the community ... they will mutually and naturally support each other, and on this depends the strength of government, and the happiness of the governed."
- By 1789, Founders of the United States embedded the right to petition into the Constitution in the First Amendment: "Congress shall make no law ... abridging ... the right of the people ... to petition the Government for a redress of grievances."
Today petitioning has become an instrument of mass politics, designed to make a point, not a plea. To quote the First Amendment Center:
"Petitioning" has come to signify any nonviolent, legal means of encouraging or disapproving government action. The direct appeal and individualized response that once marked petitioning belong to a more organic past when leaders knew petitioners by name. No branch of the government today is equipped to provide such personal attention.
Sites like The Petition Site provide tools to create online petitions, but you need to fill out the usual form -- name, address, etc. Not only is this work, but by signing a petition, you may create a record that you later regret. To avoid this, you might choose to enter a false address (Beverly Hills 90210). Verifying signatories of an online petition is a laborious and lengthy process.
The Digital Oracle Comes 'Of Age'
For the past few years, analysts such as Bob Blakley and Jamie Lewis have predicted that someday, with the right identity technology, a 'digital oracle' could issue abstract but trusted declarations such as "a specific person is above or below a specific age" without needing to reveal the actual birthdate.
In mid-October a story published on theonion.com shouted to the world that, for the first time in history, someone pressed the “I'm under 18 button” on a pornographic site, denying themselves a treasure trove of “adult content.” This story highlights a glaring defect with Internet identity: after more than 20 years of evolution, there is still no way to prove how old we are (let alone whether we are a dog or not).
Last week that finally changed. Equifax introduced the first digital Information Card that allows anyone with a credit record to make verified claims -- specifically, an "I'm over 18" claim. This new age verification service was introduced by Equifax in conjunction with Azigo, makers of the Azigo Information Card selector. Equifax acts as the identity provider for the Equifax Over 18 I-Card. This card is produced by the Azigo CardPress service, and works with any Information Card selector.
With Information Card technology, Equifax can attest online whether a person is older than a specific age without needing to divulge actual identifying information such as the real birthdate. A website that accepts the Equifax Over 18 I-Card doesn't have to trust the user asserting this information; it can trust Equifax.
Information Cards: Where is the Information?
Sara Peters wrote a great article about how Information Cards are awesome and furthermore, how flawed SSNs are, since no one, not even the Social Security Administration, can verify that your SSN belongs to you.
But do Information Cards have a fatal flaw? Are they secure? Do they live on your computer? Are they portable? Can your information cards be stolen? Even if you are downloading managed cards verified from a trusted identity provider, are they giving you something that you can lose or can be stolen?
The Information Card Foundation was formed by a community of thoughtful Internet architects and developers whose primary objective is to provide us all with the tools to control our personal information in a safe secure manner. This is not an easy task. But to make it easy for the end user, the core of the design was a user ceremony we are all familiar with -- cards. The digital equivalent of the pieces of paper and plastic we carry around in our purses or wallets -- driver's license, library card, etc.
But what do digital cards really mean? As usual, it is just an analogy. Think about e-mail -- it is usually delivered much faster than postal mail, so much so that the latter is now often referred to as 'snail mail'. Or think about your computer's 'desktop' Well, it's sort of like a desktop, but it has these other cool features like organizing tools, deleting or storing files, changeable backgrounds, etc. So it is much more than a physical desktop, yet if the architects that created the Macintosh had not chosen such a simple, understandable metaphor, early users would have been confused.
ICF @ DIDW Sept 2008
At DIDW in 2007, the term 'user-centric' identity was called 'new school' identity. Kim Cameron introduced the term claims as a way of accurately generalizing the data fields on Information Cards. But the concept of Information Cards as a metaphor to wield the claims that others made about you was not the overarching meme at DIDW last year.
But at DIDW 2008, Information Cards and the Information Card Foundation have moved mainstream.
The Higgins Project, the basis for open source information card implementations demonstrated by Novell (The Bandit Project) Oracle, Parity, and IBM, has created an open source implementation of Information Card selectors compatible with Microsoft CardSpace. A SAML-plug-in for Higgins was built for Google. Where there used to be one organization (Liberty) promoting SAML, there are now a triumverate of organizations -- Liberty has been joined by the Open ID Foundation supporting Open ID and the Information Card Foundation supporting Information Cards. Thus the Venn of Identity diagram from Concordia's Eve Maler now has active established organizations in each sphere.
Examples of the impact Information Cards had on this conference:
A Unifying Visual Metaphor
The prospect of digital identity working at Internet scale—and Internet strength—has occupied the attention of many in the industry for the better part of a decade. Perhaps that should come as no surprise—cross-domain authentication and authorization has long been one of the thorniest problems in networking. Blow it up to Internet size—and add the Internet’s staggering diversity—and even Don Quixote might start looking for a more possible dream.
Yet twice before the Net has beaten such interoperability odds. It owes its very existence to a no-frills internetworking protocol—TCP/IP—emerging from a thick protocol soup to become a lingua franca of packets. Less than two decades later another minimalist approach—HTML—turned the universe of information into a World Wide Web by giving us a universal way to link content.Could there be a hat trick for the Internet identity layer? And if so, what’s under the hat?
When I first started reading about Information Cards in Kim Cameron’s blog posts in 2004, it was a disarmingly simple metaphor: no more than the online equivalent of the cards we carry in our wallets to prove our identity and use for transactions every day. Could such electronic cards really be the key to an “identity metasystem” that can bridge security and privacy domains the same way Web pages bridged content domains?
Present at the Creation
After spending last Friday talking to press and analysts about the launch of the Information Card Foundation, I arrived home to find in my US Mail box, a letter from my "bank and trust company" which stated:
"Dear Mr. Andres,
"I am writing to let you know about the theft of computer equpment from a third party....Because the stolen equipment contained data with certain personal information about you...such as your name and social security number...We have been in close contact with law enforcement ....we deeply regret this has happened."
In addition, last week I had to:
- locate a password that I had not used in 2 months.
- create 2 new usernames and new passwords for 2 websites, filling out the usual form with name, address, email address, phone number, credit card number, expiration date, secret card code, etc.
For all of us the Internet has been a wonderful transformational experience. Information at your fingertips, as Bill Gates famously said, has changed our lives. We can comparison shop, buy custom products, find hard-to-find replacement parts, locate nearly any book or record we ever wanted to own, provide feedback on products and services, get answers to almost any question, etc. My kids can't imagine life without it.
But the Internet wasn't originally designed to handle every economic or social transaction, or the need to prove you are you, or the claims you make. Today we need this capability.
ICF Announces New White Paper by Craig Burton
SPECIAL TO RSA-San Francisco-April 20, 2009-At the RSA Security conference beginning today at the Moscone Center in San Francisco, the Information Card Foundation (ICF) announced publication of a new white paper on Information Cards by noted industry analyst Craig Burton. The Information Card Ecosystem: The Fundamental Leap from Cookies and Passwords to Cards and Selectors explains why the Information Card metaphor is being recognized across the industry as the future of digital identity both in the enterprise and on the Internet.
"This is the first analysis of digital identity that explains why Information Cards are an inevitable next step in the evolution of relationships on the Internet, just as cookies were in the 1990's," said Mr. Burton, principal analyst at Burtonian and former CTO of Novell. "Cookies solved the problem of how a user could share information across the pages of the same website. For example, without them, e-commerce shopping carts would not work. Information Cards solve the next wider problem: how a user can safely share private information across completely different websites of their choosing."
The paper uses the common example of booking travel. Today, a traveller must re-enter their trip details into every travel site they visit. Even though that travel site may set a cookie to recognize the returning user, that's all the cookie can "remember". With Information Cards, the traveller will be able enter the trip details once, then use an Information Card to securely and privately share it with each travel site they wish in one click.
ICF Announces Seven Featured Card Projects
SPECIAL TO RSA-San Francisco-April 20, 2009-The Information Card Foundation (ICF) announced today the first seven Information Card projects to be featured on the new ICF website. The new site will be unveiled at a presentation at the RSA Security conference at the Moscone Center in San Francisco today. The announcement will be part of the Harnessing the Power of Digital Identity workshop the ICF is co-sponsoring with the Liberty Alliance on Monday, April 20. The presentation will be held at 2:15 p.m. at Esplanades 301&303 ("Purple 301&303"), Moscone Center.
The seven projects are actual examples of how the Information Card ecosystem simplifies and standardizes identity-based transactions regardless of the site, domain, application, or information involved.
"Just as people needed to first see a Web browser to understand what it could do, now they need to see an Information Card selector to understand its potential," said Drummond Reed, Interim Executive Director of the ICF. "Information cards have moved beyond theory to solve real-world challenges."
Information Cards bring a familiar offline paradigm-the cards you carry in your wallet-to the online world. They work with a new software tool called a selector that operates as an extension to your Web browser. Selectors are available today from ICF members Azigo, Microsoft, and Novell, as well as from several open source projects.
The seven projects to be featured include:
- 1 of 4
- ››