[VoT] Replace Identity [was: Feedback on new Draft]

swilson@lockstep.com.au Wed, 09 September 2015 05:18 UTC

Return-Path: <swilson@lockstep.com.au>
X-Original-To: vot@ietfa.amsl.com
Delivered-To: vot@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id AEB351B3E49 for <vot@ietfa.amsl.com>; Tue, 8 Sep 2015 22:18:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.801
X-Spam-Status: No, score=0.801 tagged_above=-999 required=5 tests=[BAYES_50=0.8, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id uP6gUt7zZIM7 for <vot@ietfa.amsl.com>; Tue, 8 Sep 2015 22:18:26 -0700 (PDT)
Received: from smtp125.iad3a.emailsrvr.com (smtp125.iad3a.emailsrvr.com []) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5F151B3E46 for <vot@ietf.org>; Tue, 8 Sep 2015 22:18:25 -0700 (PDT)
Received: from smtp16.relay.iad3a.emailsrvr.com (localhost.localdomain []) by smtp16.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id DEC3C1803BB; Wed, 9 Sep 2015 01:18:24 -0400 (EDT)
Received: from app28.wa-webapps.iad3a (relay-webapps.rsapps.net []) by smtp16.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id C4B57180239; Wed, 9 Sep 2015 01:18:24 -0400 (EDT)
X-Sender-Id: swilson@lockstep.com.au
Received: from app28.wa-webapps.iad3a (relay-webapps.rsapps.net []) by (trex/5.4.2); Wed, 09 Sep 2015 05:18:24 GMT
Received: from lockstep.com.au (localhost.localdomain []) by app28.wa-webapps.iad3a (Postfix) with ESMTP id 8CCE180041; Wed, 9 Sep 2015 01:18:24 -0400 (EDT)
Received: by apps.rackspace.com (Authenticated sender: swilson@lockstep.com.au, from: swilson@lockstep.com.au) with HTTP; Wed, 9 Sep 2015 15:18:24 +1000 (EST)
Date: Wed, 9 Sep 2015 15:18:24 +1000 (EST)
From: swilson@lockstep.com.au
To: "Joanne Knight" <Joanne.Knight@dia.govt.nz>, "'Justin Richer'" <jricher@mit.edu>, "vot@ietf.org" <vot@ietf.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_20150909151824000000_88180"
Importance: Normal
X-Priority: 3 (Normal)
X-Type: html
In-Reply-To: <569AD906E45DB44A8AFF11D61F5DA791014AE15D02@WLGPRDMBX02.dia.govt.nz>
References: <569AD906E45DB44A8AFF11D61F5DA791014AE15D02@WLGPRDMBX02.dia.govt.nz>
X-Auth-ID: swilson@lockstep.com.au
Message-ID: <1441775904.574331087@apps.rackspace.com>
X-Mailer: webmail/11.5.6-FINAL
Archived-At: <http://mailarchive.ietf.org/arch/msg/vot/QH0HslXmzRjh1z3XsjSlugEOVc0>
Subject: [VoT] Replace Identity [was: Feedback on new Draft]
X-BeenThere: vot@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Vectors of Trust discussion list <vot.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/vot>, <mailto:vot-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/vot/>
List-Post: <mailto:vot@ietf.org>
List-Help: <mailto:vot-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vot>, <mailto:vot-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2015 05:18:30 -0000

Joanne Knight, 9 September, 2015 2:38pm wrote:
> I replaced ‘identity’ throughout the document with ‘attribute’ and
> barring a few grammar issues everything still works.
> Makes me now question what I do for a living ;-)
Ok, seriously, when will we come round and do just that - in technical descriptions, dispense with the word "identity"?  We don't need to change our job descriptions or re-badge the "identity management" sector in its entirety but I do think we need to stop saying things like "federate identity" or "provide identity". 
The writing is on the wall.  We know "attributes are more interesting than identity" (HT Andrew Nash). The same goes for relationships (witness IRM).  The FIDO Alliance is deliberately not doing identity but only attribute authentication.  There is an identity stack emerging where relationships and abstract identities layered on top of concrete attributes and signals. The problem we're trying to solve is shifting sharply from "Who are you?" to "What are you?". One of my elaborated contributions to this mix is the idea of dropping down a level and federating attributes (see [ http://lockstep.com.au/blog/2012/11/10/forget-identity ]( http://lockstep.com.au/blog/2012/11/10/forget-identity )). 
We could resurrect the excellent old APEC definition of Authentication: "the means by which a receiver of an electronic transaction or message makes a decision to accept or reject that transaction or message".  
"Identity" is a macro for how a Relying Party knows each Subject. Identification is what an RP does to reach a state where it is comfortable transacting with a Subject.  Identification is just the surface of the relationship between Subject and RP.  The risks of getting identification wrong are ultimately borne by the RP, even if they can be mitigated to some extent through contracts with third parties that have helped the RP do the identification. 
All of the most interesting work in IDAM (including VoT, especially VoT) is now about better management of the signals/claims/attributes that go into authentication and identification. 
We really should now go the whole way and replace "identity" with "attributes". In particular, there are no "Identity Providers"! They're all just Attribute Providers.  No third party ever actually "provides" a Subject with their identity.  It is the RP that "identifies" a Subject for their (the RP's) purposes.  "Identity" is always provided by the RP. There is a mixed metaphor in the idea of "Identity Provider" and I think it has contaminated IDAM models for a decade.  Just think how much easier it would be to get banks, DMVs, social networks,employers et al to set up modest and pluralist Attribute Providers instead of grandiose and monopolistic Identity Providers!
Stephen Wilson
W: http://lockstep.com.au
T: @steve_lockstep
Lockstep Consulting provides independent specialist advice and analysis 
on digital identity and privacy. Lockstep Technologies develops unique 
new smart ID solutions that enhance privacy and prevent identity theft.
-----Original Message-----
From: "Joanne Knight" <Joanne.Knight@dia.govt.nz>;
Sent: Wednesday, 9 September, 2015 2:38pm
To: "'Justin Richer'" <jricher@MIT.EDU>;, "vot@ietf.org"; <vot@ietf.org>;
Subject: [VoT] Feedback on new Draft

Hi Justin
The document is looking great. I picked up some things that might be hiccups or just me needing more explanation.
Last 2 sentences in introduction – ‘… while the vector itself can be folded into an assurance category. As such the vectors of trust seeks to complement, not replace, these other identity and trust mechanisms.’  Given the problems we are having with ISO/IEC29115 and the fact that I think this model solves many of them, I would like to see that a technology agnostic version of this does in fact replace LoA.
Federated Credential – as yet this is not used in the document. If it were I am unsure that based on the description that the credential is necessarily federated. I am thinking of a privacy centric system where the assertion is unique every instance. Colin may be able to clarify this better than I can. I am pretty sure in our product RealMe our Primary Credential is federatable but not the Assertion….but I may have the wrong end of the stick.
2.1 Identity proofing – in 1.3 it is stated that no aspect of a component should overlap. Given the last sentence of the first para of 2.1 is from my view the correct statement, is the use of ‘..a particular credential set’ out of place? If this refers to a leveraged credential then this may need further explanation.
3 P0-P3 align nicely with thinking in ISO/IEC 29003, many thanks. The others C0-A3 have been written explicitly from the aspect of the Internet, which is understandable given the scope of this document – nicely stated up front. I am interested to see what impact lifting these up to a technology agnostic level will have on the number and description of the component descriptions. This would be a highly valuable exercise that I would dearly like to be involved in ;-)
You have nicely given me confidence that my FRAGGLE is not wingy and can be applied. Great read.
On a totally random (or not) note, I have been playing with an idea I think someone in the VoT mailing group started. I can’t remember who it was but when I remember, I will be in touch. Anywho I replaced ‘identity’ throughout the document with ‘attribute’ and barring a few grammar issues everything still works. Makes me now question what I do for a living ;-)

From: Justin Richer [mailto:jricher@MIT.EDU] 
Sent: Saturday, 5 September 2015 12:50 p.m.
To: vot@ietf.org
Subject: [VoT] New Draft
Hi All,


I’ve just published a new draft of VoT, incorporating many of the comments that have come in so far. The basic structure and premise is still there, but hopefully a bit clearer this time around. I’ve added the shell of an IANA registry for vector components. I’ve also added a “credential management” vector component, which is separated out from the “credential strength” component.


The new draft is here:


[ https://tools.ietf.org/html/draft-richer-vectors-of-trust-01 ]( https://tools.ietf.org/html/draft-richer-vectors-of-trust-01 )


 — Justin