IETF Logo Mail Archive

Re: [Din] WSJ article on Identity and Blockchains

Thomas Hardjono <hardjono@mit.edu> Sun, 08 April 2018 20:41 UTC

Return-Path: <hardjono@mit.edu>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26A3A12D7F3 for <din@ietfa.amsl.com>; Sun, 8 Apr 2018 13:41:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s1np5PGJbKpy for <din@ietfa.amsl.com>; Sun, 8 Apr 2018 13:41:31 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A7671205D3 for <din@irtf.org>; Sun, 8 Apr 2018 13:41:31 -0700 (PDT)
X-AuditID: 1209190f-42dff700000020d2-13-5aca7e7ae737
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id 98.0C.08402.A7E7ACA5; Sun, 8 Apr 2018 16:41:30 -0400 (EDT)
Received: from outgoing-exchange-3.mit.edu (OUTGOING-EXCHANGE-3.MIT.EDU [18.9.28.13]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id w38KfT0d026766; Sun, 8 Apr 2018 16:41:29 -0400
Received: from OC11EXEDGE4.EXCHANGE.MIT.EDU (OC11EXEDGE4.EXCHANGE.MIT.EDU [18.9.3.27]) by outgoing-exchange-3.mit.edu (8.13.8/8.12.4) with ESMTP id w38KfRR1013442; Sun, 8 Apr 2018 16:41:27 -0400
Received: from W92EXCAS22.exchange.mit.edu (18.7.71.37) by OC11EXEDGE4.EXCHANGE.MIT.EDU (18.9.3.27) with Microsoft SMTP Server (TLS) id 14.3.235.1; Sun, 8 Apr 2018 16:41:11 -0400
Received: from OC11EXPO33.exchange.mit.edu ([169.254.1.111]) by w92excas22.exchange.mit.edu ([18.7.71.37]) with mapi id 14.03.0352.000; Sun, 8 Apr 2018 16:41:26 -0400
From: Thomas Hardjono <hardjono@mit.edu>
To: "jon.crowcroft@cl.cam.ac.uk" <jon.crowcroft@cl.cam.ac.uk>
CC: "din@irtf.org" <din@irtf.org>
Thread-Topic: [Din] WSJ article on Identity and Blockchains
Thread-Index: AQHTzcUHgLU9VkLMR0+I6ZGjg4OG6aP28xeA///pVR+AAFR/AIAAJgUB
Date: Sun, 08 Apr 2018 20:41:25 +0000
Message-ID: <5E393DF26B791A428E5F003BB6C5342AE73FD85D@OC11EXPO33.exchange.mit.edu>
References: <5E393DF26B791A428E5F003BB6C5342AE73F70FC@OC11EXPO33.exchange.mit.edu> <E1f57in-0004gH-Gx@mta0.cl.cam.ac.uk> <5E393DF26B791A428E5F003BB6C5342AE73FCF8A@OC11EXPO33.exchange.mit.edu>, <CAEeTej+Oc1o4ScV9fvZ-1cWb-YUvN7XhHtx9BAV7uB04Htt3=g@mail.gmail.com>
In-Reply-To: <CAEeTej+Oc1o4ScV9fvZ-1cWb-YUvN7XhHtx9BAV7uB04Htt3=g@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [18.9.1.93]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrLKsWRmVeSWpSXmKPExsUixCmqrFtVdyrK4OpPWYulH/eyWDy4+ITJ gclja+txFo/JGw+zBTBFcdmkpOZklqUW6dslcGVM/veVtWCXU8WDXzPZGxj3mHYxcnJICJhI HGl5ztzFyMUhJLCYSeLX+TdMEM5+Ron392Eyxxglnqx4DpXZxijxYf4sFghnFaPE9tULmECG sQloSLT96GUHsUUEbCUOXjwMZjMLKEp0TW4CqxEWsJJYf289WxcjB1CNtcSe5eEQ5W4Skxcf ZAaxWQRUJL78XAnWyisQJLFn4nVGiF0dTBL/5/1iAUlwCgRKtD94yAZiMwqISXw/tYYJYpe4 xK0n85kgnhOUWDR7DzOELSbxbxdEvYSArMSv0yBDQep1JBbs/sQGYWtLLFv4mhlisaDEyZlP WCYwSsxCMnYWkpZZSFpmIWlZwMiyilE2JbdKNzcxM6c4NVm3ODkxLy+1SNdELzezRC81pXQT IzgOJfl3MM5p8D7EKMDBqMTDO0P1ZJQQa2JZcWXuIUZJDiYlUd6D9sejhPiS8lMqMxKLM+KL SnNSiw8xSnAwK4nw3q06FSXEm5JYWZValA+TkuZgURLnXbR/b5SQQHpiSWp2ampBahFMVoaD Q0mC17gWqFGwKDU9tSItM6cEIc3EwQkynAdouClIDW9xQWJucWY6RP4UozHHpI89PcwcHe+n 9DALseTl56VKifNGgpQKgJRmlObBTYOkUmbpV4ziQM8J87KBVPEA0zDcvFdAq5iAVn1KOAGy qiQRISXVwNgyZS4TA0dZd+gUntr8QxIxzv3bW3yex56P+/98xh/Hu1Ya/so738+f85rBb1VJ fBPDWjXGt+r/zcyvLv3YskHsUFnUZ+Zz5WmPPqUY93748dGsbzNfxPlp7St61sgE3PYoEDn5 r0lJ7dvK0nz/hw8OqUi6PNv2/taaj+xuezb+c01Y/MZxmagSS3FGoqEWc1FxIgBtEGr/gAMA AA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/exPQvg_-CwWb86A4W0_H8sK73qY>
Subject: Re: [Din] WSJ article on Identity and Blockchains
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Apr 2018 20:41:39 -0000


Thanks Jon,

>>> this al sounds excellent - socially rooted, community operated 
>>> communities - all good - we could think of building instances 
>>> of this on the infrastructure we've been constructing 
>>> (i know there are lots of other people building similar, 
>>> so this is a bit of gratuitous self-aggrandizing:), viz
>>> http://www.databoxproject.uk/

Very interesting.  In the Kantara Initiative we've been looking it
mechanisms for controlling access to "resources" -- which translates
to files etc located in a data store (including personal data store).
There is the access control aspect & and also the consent/receipts aspect.

One thing that would be useful is a "Standardized API" (e.g. REST API)
for personal data stores (regardless where they sit, e.g. in Cloud; on Mobile; on Home-PC).

Would this (APIs) be something DIN RG could explore?

I will take a close look at databoxproject.


-- thomas -- 



________________________________________
From: crowcroft@gmail.com [crowcroft@gmail.com] on behalf of Jon Crowcroft [jon.crowcroft@cl.cam.ac.uk]
Sent: Sunday, April 08, 2018 10:20 AM
To: Thomas Hardjono
Cc: din@irtf.org
Subject: Re: [Din] WSJ article on Identity and Blockchains

this al sounds excellent - socially rooted, community operated communities - all good - we could think of building instances of this on the infrastructure we've been constructing (i know there are lots of other people building similar, so this is a bit of gratuitous self-aggrandizing:), viz
http://www.databoxproject.uk/

there are some decentralisation movements in the certificate space (CA transparency) as wel as self-certifying address allocation. so I assume there's some hope for using these to bootstrap the platforms-on-demand, safely for  communities you're envisaging -

we're definitely on same page here!


On Sun, Apr 8, 2018 at 3:06 PM, Thomas Hardjono <hardjono@mit.edu<mailto:hardjono@mit.edu>> wrote:

Thanks Jon.

Aside from the obvious goal of cutting through the current hype about "Self-Sovereign Identity" and how Blockchains (BC) will achieve "my sovereignty",  we wanted to communicate to the general  reader that the problem of "identity" is not so simple.

>>> so you _are_ your social network...in terms of trustworthy identity...sure...

No, not so simple, particularly when the social network is FB :-)


>>> there's two problems with this though in details...
>>> i.e. how we build on this idea technically in the Din context...

>>> 1/ its still dependent on technologies,
>>> and there's a seperate issue of why we trust them to proxy our social net -
>>> i certainly would it find it hard to trust any social media app, running on a cloud platform,
>>> using a smart mobile device, to vouch for all these friends & colleagues - too many layers, too many
>>> vested interests, too much Cambridge Analytica :)

You've hit the nail, as usual - thank you Jon :-)

The question is how to capture/use/protect the human-to-human interaction as the basis for trust ("local trust").

Here is an example. So my local town here in the US has a private mailing-list for local residents only. I have to attend town meetings in-person before I can get on to that mailing-list.

There is no reason why my local town cannot run their own "social platform" (we are in the age of VMs, Containers, Clouds).  It must legally owned by the town/community, and available to residents only (i.e. who pay local tax), etc.

How do we create next-gen architectures/protocols/legal that support local communities to interact  on their own "social platform" , and become the starting point for "trust" that can scale out (called "local trust" in the WSJ paper).


I think there is huge role for DIN to help. For the future distributed Internet infrastructure, is it possible to have the following:

-- Can my town obtain a "social-platform-on-demand" from a cloud service provider.
-- Can I legally prevent the service-operator from "making use" of my data (yes they still may be able to steal my data).
-- Can I retain legal ownership of my data (same with my town).
-- Can I encrypt my data on my town's social-platform so that the service-operator doesn't steal it.
-- How to do key management.
-- How can I use legal smart-contracts to bind the service-operator.
-- Etc. etc. lots more questions for DIN RG.



>>> 2/ I though many people in the security community were moving away from
>>> proving identity, towards systems that prove entitlement (i.e. credentials
>>> are on a need-to-know basis, so if you were say 19, you don't need to say yur age or show id,
>>> but you can't buy a drink in cambridge MA, but you can in cambridge, UK :)

Yes, correct. Currently people are focusing on proving entitlements via signed assertions. Great, no issue there. But the real question is about the *data* and *algorithms* behind those assertions (that impact my life, like credit-score):

-- How do I know that an organization has subject-data about me (usual questions of "how, what, when, what are you doing to my data").
-- What is the provenance of the data in their possession  (Did they get it from a data-aggregator? Do they even know?)
-- Does the data set have in-built bias? (not intentionally)
-- Is the data "fair"  (fairness in the sense of machine learning).
-- What is the accuracy of the algorithms computed on my data. Does it propagate the bias in the data.
-- Do I get to see the algorithms that impact my life.
-- Can I hire an expert to provide objective review of these algorithms.
-- etc. etc. etc.



>>> bootstrapping something from a BC to provide the credentials is also problematic, in that
>>> BC needs a PKI to know whether nodes are not sybils, spoofs, etc, so we have a circular dependance, no?

Yes, agree.  There is need to revisit PKI again, maybe opportunity in DIN RG to improve it.

Hashing an identifier (and back-links) to a BC doesn't help the identity/trust problems.
Hashing a pub-key to a BC also doesn't add much.


>>> maybe i missed an important step, if so, sorry!

Nope, you are on the right track :-)  Hope you can help solve some these problems.

Best.


-- thomas --

________________________________________
From: Jon Crowcroft [Jon.Crowcroft@cl.cam.ac.uk<mailto:Jon.Crowcroft@cl.cam.ac.uk>]
Sent: Sunday, April 08, 2018 6:38 AM
To: Thomas Hardjono
Cc: din@irtf.org<mailto:din@irtf.org>; Jon Crowcroft
Subject: Re: [Din] WSJ article on Identity and Blockchains

very nice article...

so you _are_ your social network...in terms of trustworthy identity...sure...

there's two problems with this though in details...
i.e. how we build on this idea technically in the Din context...

1/ its still dependent on technologies,
and there's a seperate issue of why we trust them to proxy our social net -
i certainly would it find it hard to trust any social media app, running on a cloud platform,
using a smart mobile device, to vouch for all these friends & colleagues - too many layers, too many
vested interests, too much Cambridge Analytica :)

2/ I though many people in the security community were moving away from
proving identity, towards systems that prove entitlement (i.e. credentials
are on a need-to-know basis, so if you were say 19, you don't need to say yur age or show id,
but you can't buy a drink in cambridge MA, but you can in cambridge, UK :)

bootstrapping something from a BC to provide the credentials is also problematic, in that
BC needs a PKI to know whether nodes are not sybils, spoofs, etc, so we have a circular dependance, no?

maybe i missed an important step, if so, sorry!


> Folks,
>
> I thought to share this WSJ article with the DIN group. Relevant in the
> light of recent interest in using BC for identity.
>
> Advance apologies if it offends some people :-)
>
> https://blogs.wsj.com/cio/2018/04/03/digital-identity-is-broken-heres-a-way-to-fix-it/
>
>
> Below is a link to a PDF version.
>
> http://hardjono.mit.edu/sites/default/files/documents/WSJ_Digital_Identity_is_Broken.pdf
>
>
> Best
>
> -- thomas --
>
> _______________________________________________
> Din mailing list
> Din@irtf.org<mailto:Din@irtf.org>
> https://www.irtf.org/mailman/listinfo/din
>

v2.23.0 | Report a Bug | By Email