Thursday, July 21, 2005

Allons enfants!

Sun's Robin Wilton is blogging from the Liberty Alliance meeting in Chicago and today posted about a workshop on Identity Theft he attended. After stating that he "was pleasantly surprised at how much momentum there is behind the ID Theft initiative," he mentions one part of a possible solution broached by the group:

"It seems clear, even after a day of mostly US-oriented discussion, that ‘Data Controllers‘ are vital in both theory and practice. In theory, because defining the responsibilities of a data controller looks like the best way to start setting our a clear and comprehensive range of ID Theft guidelines; in practice, because there is already a body of expertise and experience (most notably across Europe) about how the data controller role can be executed to good effect."


To my friends at the Liberty Alliance: HAVE YOU NOT BEEN LISTENING?

A major theme at last week's Catalyst Conference, attended by many Liberty Alliance members, was the rise of user-centric identity: each user as the controller of their own data.

Most identity theft is accomplished through old-fashioned fraud or new-fashioned dumpster-diving followed by authentication fraud. It's just a modern twist on the old bunko, a con game with a wider range of victims. Putting users in control of their own data, and needing to approve and verify it's dispersal, could cut a majority of this fraud. Making lending and credit-granting institutions verify their applicants through authoritative sources with the consent of the user could wipe out most of the rest of this fraud.

Institutions seem powerless to prevent the fraud from happening. Or are simply reluctant to take the steps necessary. Users have a much bigger stake. Empower them to protect themselves. LID, Sxip and other user-centric identity schemes are not, as yet, fully-baked but they are showing the way.

User-centric identity is an idea whose time has come, it's time that the corporate world recognized it.

Comments:
Doc, have some comments for you on my blog.

For UOS TOM ... what makes you think the information they self-service provide is accurate? As Bob Blakely pointed out to us all, people lie. They're incented to do so in some cases, dis-incented in others. I'm sure that for a university, the majority tell the truth (otherwise can't register for class, etc.), but that's not always the case.
 
Eric -

Self-service doesn't necessarily mean sxelf-verified or self-authenticated. And what Bob Blakely said was that "privacy" was the right to lie about our identity.
 
hmmm. w.r.t. the remark attributed to Bob Blakley: I don't think "privacy" is the right to lie about one's identity, unless you define lying in strict evidential terms (i.e. not to lie is to tell the truth, the whole truth and nothing but the truth). In that sense, privacy is the right to divulge only selected aspects of one's identity (i.e. to say only true things, but not necssarily all true things, about oneself).
 
No, Bob definitely meant lie as in tell an untruth: privacy means there's no way for the person being told to verify the truth or falsehood of your statement.
 
Just to clarify, what I actually said was "privacy is the ABILITY to lie about yourself and get away with it". Every time I have said this, I have STRICTLY forbidden the audience to misquote me by saying "privacy is the RIGHT to lie about yourself". For what it's worth...
 
Bob, of course, knows best what he said - and, on checking my notes, he did indeed say "ability". The moral is that one should consult one's notes first.
 
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved

Home

[Powered by Blogger]

-->