IETF Logo Mail Archive

Re: [Din] WSJ article on Identity and Blockchains

Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 08 April 2018 20:47 UTC

Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 828B312D7F6 for <din@ietfa.amsl.com>; Sun, 8 Apr 2018 13:47:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 628Orx4P2P2J for <din@ietfa.amsl.com>; Sun, 8 Apr 2018 13:47:19 -0700 (PDT)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFBBA1205D3 for <din@irtf.org>; Sun, 8 Apr 2018 13:47:19 -0700 (PDT)
Received: by mail-pf0-x230.google.com with SMTP id f15so4517885pfn.0 for <din@irtf.org>; Sun, 08 Apr 2018 13:47:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=jPInLQQ6IYt1eQ1zbc+H5x1lnegIair2EDDHvXUI1W0=; b=p5Ar3nE0rwnNVPfduZ6XTKejI5UM1cKKV84wUmIgYOWlmd4qmBCq52yDbWUahxBFHW fkKym37w6kc6b3kOPAaowtVHoB1UFdOwYE+yvCSdsXOSJBrhsTTXHdNapb7ViimzBiLM K8cYy6Si86wznWVikVuJzr32BRUk93ePwsy8fXWIDrSF37iVZRtAZ0KyeyQHy99VSsOK HILERnDFIUSjrS6dktSA+0hY9FWtrJEUxPFFuU2Wu/DupPpnpT0yD2a0VNdj5mMaOOJR PK8ZkeePQ95vMvQVH/pNO+lZE/ArouFh9OkhZDAIGSGR9O/q5yKldK2GZtobFLDfDSjU aHRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=jPInLQQ6IYt1eQ1zbc+H5x1lnegIair2EDDHvXUI1W0=; b=g34WCn98rHJhLr7WFHadXTdJE8UaAiL/DdxQPBjlBkqyqilPYjHRE2h3qItFqzkX+B VVeZBsgzEBHO5lR31OJvq1lgkd+5VK6DL9DQDxg4HxqkHxcSVqnwRYHIKTdBb1ukbEuH r+Fc9cq58Z7J/vkkWgbr34dqga3K6h6fk9z5o8CuP22X+rnCROoAs3wLszSts6/Xi83x aQAV/MsSR+UtDw2se0dK8NYCF0K5cRTGippAmz6PlLo707RQY6xvN+pdGWbQPPUz4Vwo 3gi1Owt5ODCYcZ2KsVMCHTvWQLfprrSFC/dPmacRIiGQKKDiDdrc2NeUb77B064u1tm0 LW7g==
X-Gm-Message-State: AElRT7Hyv8F011QKGrSkWlAu6M9M8zEJIumsKx1n67vj2JUBQZUSOmlX 9Gw+SIqpjpqjoLT7GPznrs0UIA==
X-Google-Smtp-Source: AIpwx4/RGtYGze+7SLO5I7LJfcoDEPGI7uNpff3dlWwSLAW7Xz29sHkNyEY7+zCSeO2bpGQBQaX58Q==
X-Received: by 10.98.223.16 with SMTP id u16mr27101313pfg.146.1523220438927; Sun, 08 Apr 2018 13:47:18 -0700 (PDT)
Received: from [192.168.178.26] (207.26.255.123.static.snap.net.nz. [123.255.26.207]) by smtp.gmail.com with ESMTPSA id p20sm27862501pff.41.2018.04.08.13.47.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Apr 2018 13:47:18 -0700 (PDT)
Sender: Brian Carpenter <becarpenter46@gmail.com>
To: Jon Crowcroft <Jon.Crowcroft@cl.cam.ac.uk>, Thomas Hardjono <hardjono@mit.edu>
Cc: "din@irtf.org" <din@irtf.org>
References: <5E393DF26B791A428E5F003BB6C5342AE73F70FC@OC11EXPO33.exchange.mit.edu> <E1f57in-0004gH-Gx@mta0.cl.cam.ac.uk>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <ef548517-c311-e87a-e069-c15475311727@gmail.com>
Date: Mon, 09 Apr 2018 08:47:13 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <E1f57in-0004gH-Gx@mta0.cl.cam.ac.uk>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/-7Ih-xezlWS3BUYelEmrs9UaArM>
Subject: Re: [Din] WSJ article on Identity and Blockchains
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Apr 2018 20:47:22 -0000

This rang some bells for me, going back to some of the discussions about grid
computing 15 years ago. So the paper [1] is quite long but the relevant bit said:

"We contend that all existing SA technologies (most
notably SAML, among the most recent ones) use some
subset of the following semantic fields:
1. User ID (subject NameIdentifier in SAML)
2. Authentication method and strength and context
(authentication method in SAML)
3. Group/attributes (user attributes in SAML)
4. Resources granted (resources in SAML)
5. Entitlements granted (resource attributes in
SAML, “wild cards” in the proposal [13])
6 Operations granted (actions in SAML)
7. Privacy restrictions (conditions in SAML or obligations
in XACML [15] [Extensible Access Control
Markup Language])

It should be noted that the first three of these fields
pertain to and are defined in a user's home service
domain while the last four pertain to and are controlled
by the service domain where the affected resources
reside."

The point being that even if the user name is known, it's actually
irrelevant to the bartender; the only relevant bit is one of the user
attributes certified by the home domain (age) and the entitlement granted
to that age by the visited domain (alcohol or not alcohol).

Our conclusion in 2004 was that a standard abstraction for such assertions
was needed. I think that's still true. Also we thought that inter-domain trust
was an orthogonal question. I'm sure that's still true, and BC doesn't fix it.

Regards
   Brian Carpenter

[1] B.E. Carpenter & P. Janson, Abstract interdomain security assertions: A basis for extra-grid virtual organizations, IBM Systems Journal, 43(4) (2004) 689-701
http://ieeexplore.ieee.org/document/5386759/

On 08/04/2018 22:38, Jon Crowcroft wrote:
> very nice article...
> 
> so you _are_ your social network...in terms of trustworthy identity...sure...
> 
> there's two problems with this though in details...
> i.e. how we build on this idea technically in the Din context...
> 
> 1/ its still dependent on technologies, 
> and there's a seperate issue of why we trust them to proxy our social net -
> i certainly would it find it hard to trust any social media app, running on a cloud platform,
> using a smart mobile device, to vouch for all these friends & colleagues - too many layers, too many
> vested interests, too much Cambridge Analytica :)
> 
> 2/ I though many people in the security community were moving away from
> proving identity, towards systems that prove entitlement (i.e. credentials
> are on a need-to-know basis, so if you were say 19, you don't need to say yur age or show id, 
> but you can't buy a drink in cambridge MA, but you can in cambridge, UK :)
> 
> bootstrapping something from a BC to provide the credentials is also problematic, in that
> BC needs a PKI to know whether nodes are not sybils, spoofs, etc, so we have a circular dependance, no?
> 
> maybe i missed an important step, if so, sorry!
> 
> 
>> Folks,
>>
>> I thought to share this WSJ article with the DIN group. Relevant in the 
>> light of recent interest in using BC for identity.
>>
>> Advance apologies if it offends some people :-)
>>
>> https://blogs.wsj.com/cio/2018/04/03/digital-identity-is-broken-heres-a-way-to-fix-it/
>>
>>
>> Below is a link to a PDF version.
>>
>> http://hardjono.mit.edu/sites/default/files/documents/WSJ_Digital_Identity_is_Broken.pdf
>>
>>
>> Best
>>
>> -- thomas --
>>
>> _______________________________________________
>> Din mailing list
>> Din@irtf.org
>> https://www.irtf.org/mailman/listinfo/din
>>
> _______________________________________________
> Din mailing list
> Din@irtf.org
> https://www.irtf.org/mailman/listinfo/din
> .
>

v2.23.0 | Report a Bug | By Email