Re: [Din] WSJ article on Identity and Blockchains
Brian E Carpenter <brian.e.carpenter@gmail.com> Sun, 08 April 2018 20:47 UTC
Return-Path: <brian.e.carpenter@gmail.com>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 828B312D7F6 for <din@ietfa.amsl.com>; Sun, 8 Apr 2018 13:47:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 628Orx4P2P2J for <din@ietfa.amsl.com>; Sun, 8 Apr 2018 13:47:19 -0700 (PDT)
Received: from mail-pf0-x230.google.com (mail-pf0-x230.google.com [IPv6:2607:f8b0:400e:c00::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFBBA1205D3 for <din@irtf.org>; Sun, 8 Apr 2018 13:47:19 -0700 (PDT)
Received: by mail-pf0-x230.google.com with SMTP id f15so4517885pfn.0 for <din@irtf.org>; Sun, 08 Apr 2018 13:47:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=jPInLQQ6IYt1eQ1zbc+H5x1lnegIair2EDDHvXUI1W0=; b=p5Ar3nE0rwnNVPfduZ6XTKejI5UM1cKKV84wUmIgYOWlmd4qmBCq52yDbWUahxBFHW fkKym37w6kc6b3kOPAaowtVHoB1UFdOwYE+yvCSdsXOSJBrhsTTXHdNapb7ViimzBiLM K8cYy6Si86wznWVikVuJzr32BRUk93ePwsy8fXWIDrSF37iVZRtAZ0KyeyQHy99VSsOK HILERnDFIUSjrS6dktSA+0hY9FWtrJEUxPFFuU2Wu/DupPpnpT0yD2a0VNdj5mMaOOJR PK8ZkeePQ95vMvQVH/pNO+lZE/ArouFh9OkhZDAIGSGR9O/q5yKldK2GZtobFLDfDSjU aHRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=jPInLQQ6IYt1eQ1zbc+H5x1lnegIair2EDDHvXUI1W0=; b=g34WCn98rHJhLr7WFHadXTdJE8UaAiL/DdxQPBjlBkqyqilPYjHRE2h3qItFqzkX+B VVeZBsgzEBHO5lR31OJvq1lgkd+5VK6DL9DQDxg4HxqkHxcSVqnwRYHIKTdBb1ukbEuH r+Fc9cq58Z7J/vkkWgbr34dqga3K6h6fk9z5o8CuP22X+rnCROoAs3wLszSts6/Xi83x aQAV/MsSR+UtDw2se0dK8NYCF0K5cRTGippAmz6PlLo707RQY6xvN+pdGWbQPPUz4Vwo 3gi1Owt5ODCYcZ2KsVMCHTvWQLfprrSFC/dPmacRIiGQKKDiDdrc2NeUb77B064u1tm0 LW7g==
X-Gm-Message-State: AElRT7Hyv8F011QKGrSkWlAu6M9M8zEJIumsKx1n67vj2JUBQZUSOmlX 9Gw+SIqpjpqjoLT7GPznrs0UIA==
X-Google-Smtp-Source: AIpwx4/RGtYGze+7SLO5I7LJfcoDEPGI7uNpff3dlWwSLAW7Xz29sHkNyEY7+zCSeO2bpGQBQaX58Q==
X-Received: by 10.98.223.16 with SMTP id u16mr27101313pfg.146.1523220438927; Sun, 08 Apr 2018 13:47:18 -0700 (PDT)
Received: from [192.168.178.26] (207.26.255.123.static.snap.net.nz. [123.255.26.207]) by smtp.gmail.com with ESMTPSA id p20sm27862501pff.41.2018.04.08.13.47.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 08 Apr 2018 13:47:18 -0700 (PDT)
Sender: Brian Carpenter <becarpenter46@gmail.com>
To: Jon Crowcroft <Jon.Crowcroft@cl.cam.ac.uk>, Thomas Hardjono <hardjono@mit.edu>
Cc: "din@irtf.org" <din@irtf.org>
References: <5E393DF26B791A428E5F003BB6C5342AE73F70FC@OC11EXPO33.exchange.mit.edu> <E1f57in-0004gH-Gx@mta0.cl.cam.ac.uk>
From: Brian E Carpenter <brian.e.carpenter@gmail.com>
Message-ID: <ef548517-c311-e87a-e069-c15475311727@gmail.com>
Date: Mon, 09 Apr 2018 08:47:13 +1200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <E1f57in-0004gH-Gx@mta0.cl.cam.ac.uk>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/-7Ih-xezlWS3BUYelEmrs9UaArM>
Subject: Re: [Din] WSJ article on Identity and Blockchains
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Apr 2018 20:47:22 -0000
This rang some bells for me, going back to some of the discussions about grid computing 15 years ago. So the paper [1] is quite long but the relevant bit said: "We contend that all existing SA technologies (most notably SAML, among the most recent ones) use some subset of the following semantic fields: 1. User ID (subject NameIdentifier in SAML) 2. Authentication method and strength and context (authentication method in SAML) 3. Group/attributes (user attributes in SAML) 4. Resources granted (resources in SAML) 5. Entitlements granted (resource attributes in SAML, “wild cards” in the proposal [13]) 6 Operations granted (actions in SAML) 7. Privacy restrictions (conditions in SAML or obligations in XACML [15] [Extensible Access Control Markup Language]) It should be noted that the first three of these fields pertain to and are defined in a user's home service domain while the last four pertain to and are controlled by the service domain where the affected resources reside." The point being that even if the user name is known, it's actually irrelevant to the bartender; the only relevant bit is one of the user attributes certified by the home domain (age) and the entitlement granted to that age by the visited domain (alcohol or not alcohol). Our conclusion in 2004 was that a standard abstraction for such assertions was needed. I think that's still true. Also we thought that inter-domain trust was an orthogonal question. I'm sure that's still true, and BC doesn't fix it. Regards Brian Carpenter [1] B.E. Carpenter & P. Janson, Abstract interdomain security assertions: A basis for extra-grid virtual organizations, IBM Systems Journal, 43(4) (2004) 689-701 http://ieeexplore.ieee.org/document/5386759/ On 08/04/2018 22:38, Jon Crowcroft wrote: > very nice article... > > so you _are_ your social network...in terms of trustworthy identity...sure... > > there's two problems with this though in details... > i.e. how we build on this idea technically in the Din context... > > 1/ its still dependent on technologies, > and there's a seperate issue of why we trust them to proxy our social net - > i certainly would it find it hard to trust any social media app, running on a cloud platform, > using a smart mobile device, to vouch for all these friends & colleagues - too many layers, too many > vested interests, too much Cambridge Analytica :) > > 2/ I though many people in the security community were moving away from > proving identity, towards systems that prove entitlement (i.e. credentials > are on a need-to-know basis, so if you were say 19, you don't need to say yur age or show id, > but you can't buy a drink in cambridge MA, but you can in cambridge, UK :) > > bootstrapping something from a BC to provide the credentials is also problematic, in that > BC needs a PKI to know whether nodes are not sybils, spoofs, etc, so we have a circular dependance, no? > > maybe i missed an important step, if so, sorry! > > >> Folks, >> >> I thought to share this WSJ article with the DIN group. Relevant in the >> light of recent interest in using BC for identity. >> >> Advance apologies if it offends some people :-) >> >> https://blogs.wsj.com/cio/2018/04/03/digital-identity-is-broken-heres-a-way-to-fix-it/ >> >> >> Below is a link to a PDF version. >> >> http://hardjono.mit.edu/sites/default/files/documents/WSJ_Digital_Identity_is_Broken.pdf >> >> >> Best >> >> -- thomas -- >> >> _______________________________________________ >> Din mailing list >> Din@irtf.org >> https://www.irtf.org/mailman/listinfo/din >> > _______________________________________________ > Din mailing list > Din@irtf.org > https://www.irtf.org/mailman/listinfo/din > . >
- [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains Jon Crowcroft
- Re: [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Jon Crowcroft
- Re: [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Arjuna Sathiaseelan
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Diego R. Lopez
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains David Mazieres
- Re: [Din] WSJ article on Identity and Blockchains Thomas Hardjono
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains David Mazieres
- Re: [Din] WSJ article on Identity and Blockchains Arjuna Sathiaseelan
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains Jehan Tremback
- Re: [Din] WSJ article on Identity and Blockchains Brian E Carpenter
- Re: [Din] WSJ article on Identity and Blockchains Jehan Tremback