Friday, December 03, 2004

Who DO you trust?

Scott Lemon, in commenting on Kim Cameron's second law of identity actually touches on one of the problems with the third law, which posits that only parties with a "necessary and justifiable place in a given identity relationship" should be parties to the transaction. Lemon mentions the alcoholic beverage scenario -

"When I walk into a bar, for example, the bartender is no longer as likely to 'take my word for it'. He or she instead wants me to provide some credentials from a mutually acceptable community that we both belong to. I could provide a drivers license, a passport, a military ID, or maybe even my little digital device, that refers the bartenders little digital device to contact some webservice that exists at a commonly known namespace."

Without a third party that both I and the bartender trust, the transaction (getting a drink) may not take place at all. Lemon rightly points out, though, that the only verified information that needs to pass to the bartender is that I am of "legal drinking age" in the jurisdiction of the bar. Still, at some point a dis-interested third party would need to actually validate my birthdate, then correlate that to the legal drinking age in the appropriate jurisdiction. This is not a trvial problem either technologically or in terms of privacy protection. There must be a third party involved and it must be one trusted by both parties to the transaction. So, who are you going to trust?

Comments: Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]