Robin Wilton's esoterica

       
 
Main | Next day (Mar 2, 2005) »

02 Mar · Wed 2005

Hunter S Thompson, 18/7/1937 - 21/2/2005


I have been trying to think what to say about this. I don't know what it was that enabled Hunter S Thompson to maintain the balance between living like a wild man and writing like an angel - and I can't know what it was that finally, irreversibly undid the equilibrium. But, to get Gonzo for just one moment, I have my suspicions... who would not (and who needs to be run out of town like a poison troll to redress the balance)? It's conventional to say Rest In Peace... but that's just the problem. I have no right, and anyway it seems the last thing he would want to do. We have lost something irreplaceable. "Only a fool or a whore would say anything else".
Posted by racingsnake @ 04:05 PM GMT+00:00

Core Identity Concepts and their Implications


So, what is this “identity” thing, anyway? When we assert the identity of a person, we are usually asserting that the person presenting a given set of credentials (a passport, a user-ID and password) is identical with the person to whom those credentials were originally issued. Credentials such as Certificates of Birth or Marriage derive their validity from the various forms of proof available at the time of their creation. That validity is often used as the basis for the issuing of subsequent credentials (such as passports), which in turn are used to underpin other credentials (such as visas and airline tickets). The issuing of the credentials and their subsequent validation are seldom performed by the same entity. (For instance, UK Driving Licenses are issued by the DVLA but usually checked by the police. Passports are issued by the Passport Service but usually checked by Customs & Immigration officials). This makes explicit several factors which are otherwise often ignored in practice:
  • - There are discrete roles for issuing credentials (“Identity Provider”) and using them to authenticate the holder (“Service Provider”);
  • - The use of credentials is a very 'transitive' process. Authentication depends on a 'chain of trust', which extends from the issuing of the credentials to the point where they are presented. If the original registration process, the credentials themselves, or the validation process can be subverted, then the chain of trust is broken and the authentication is undermined.
  • - Identity is seldom asserted for its own sake; it is usually asserted in order to establish an entitlement to something (whether that is health treatment, or the less welcome 'entitlement' to have one's licence endorsed...).
  • - It may be possible to establish that entitlement on the basis of the credentials alone, or it may require some additional piece/s of information. A good example is that a passport may provide good evidence of identity (i.e. that the holder identified themselves to the satisfaction of their passport issuer), but the entitlement to enter the country usually derives from a visa inside the passport which conveys additional information.
It therefore makes sense to think of assertions of identity as the foundation for other layers of assertion: for instance, assertions of entitlement, or other attributes such as creditworthiness, subscriber status, location, or other data relating to this individual or this service request. We can expect multiple instances of data to exist at all these layers, and to be distributed among identity providers and service providers. In the model adopted by Sun, the Liberty Alliance and the Organization for the Advancement of Structured Information Standards [OASIS], those layers of assertion are embodied in a set of specifications known as SAML – Security Assertions Mark-up Language. This provides an open, standard way of defining and exchanging assertions about authentication (identity), authorisation (entitlement) and other service- or user-related data (attributes). An emerging requirement is for services to be granted on the basis of attribute-level data while preserving the individual's anonymity at the authentication level. This is represented in the 'Privacy-Enhancing Technology' currently being considered in support of legislation such as the European Privacy Directive.
Posted by racingsnake @ 11:12 AM GMT+00:00

Identity cards and the "Everest syndrome"


On 21st. February 1952, identity cards were abolished in the UK. The National Registration Act 1939 established identity cards for the enforcement of security, conscription and rationing. By the date of their abolition, the identity records were being used by 39 government agencies. This has been cited as an example of "function creep" - but that's not quite accurate. After all, the "function" of the identity card remained the same: it was used to establish identity, albeit in a number of different contexts. In some, such as rationing, it wasn't even used to establish entitlement: there were ration books and food coupons for that.
To my mind, the message is actually that if the identity credential exists, then agencies will tend to make use of it. "Because it's there".
Just as it's far easier to get into a war than to get out of one, so it's far easier to make increasing use of an existing credential than it is to come up with reasons to stop using it.
Look at the contrast between the recently-introduced US biometric immigration checks, and the Schengen agreement on cross-border passport inspection. It's a lot easier to increase border checks than it is to get agreement to dispense with them.
In an interesting cross-over between the physical and virtual worlds, consider how the then US Secretary of State, Colin Powell, summed up the policy: "secure borders, open doors" Compare that with the current trend of focusing less on 'hermetic network borders' and more on 'carefully locked doors': what the Jericho Forum terms 'de-perimiterisation'. Trackback to Firewall discussion...
Posted by racingsnake @ 10:57 AM GMT+00:00

First past the Post...


Hi, and welcome to my new blog.

Disclaimers first: I am not one of nature's bloggers. I can't keep a diary either. Do not expect fancy formatting, graphics, masses of clever links and so on. Do expect stuff that strikes me as thought-provoking. All I can promise is that I will blog occasionally if I think of something which might be of wider interest. That means it is likely, at least for the time being, to concern one of the following topics:

- Identity

- Privacy

- Enterprise Security

- The Liberty Alliance

- Regulation and legislation on identity, privacy, etc.

But there will also be wild off-topic digressions, and if you're really unlucky there could be the occasional haiku... Here's one to start with.

"On the first bonfire of Spring":

Yesterday's bonfire

Waves a thin white flag of smoke.

Birds invade the lawn.

Posted by racingsnake @ 09:00 AM GMT+00:00
 
 
 
 
 
March 2005 »
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
   
       
Today

unsubscribe from human rights abuse in the war on terror
Locations of visitors to this page
Such views as I express in this blog are based on my own opinions, experience and judgements. They do not necessarily represent the policy or views of my employer. It is not my intention to offend readers in any way. If you find anything on this blog offensive, please contact me in the first instance.
Robin Wilton
www.flickr.com

Links to recent entries

[RSS Newsfeed]

Valid XHTML or CSS?

[This is a Roller site]
Theme by Rowell Sotto.
What's this?
 
© racingsnake