Kim Cameron has his Laws of Identity, so why can’t I have mine? Mine are simpler and probably not complete, but they arose from the paper I wrote with Mary Rundle as a better way to explain what I’m getting at.
I claim that for an identity management system to be both useful and privacy preserving, there are three properties assertions must be able to have. They must be:
There’s often no point in making a statement unless the relying party has some way of checking it is true. Note that this isn’t always a requirement – I don’t have to prove my address is mine to Amazon, because its up to me where my good get delivered. But I may have to prove I’m over 18 to get the porn delivered.
This is the privacy preserving bit – I want to tell the relying party the very least he needs to know. I shouldn’t have to reveal my date of birth, just prove I’m over 18 somehow.
If the relying party or parties, or other actors in the system, can collude to link together my various assertions, then I’ve blown the minimality requirement out of the water.
OK. So now we’re all on the same page, I gave my shortest talk ever recently at Stanford – under three minutes – on why X.509 (and all methods of making verifiable assertions I know of that are widely used) doesn’t work for identity management. The essence is this: standard X.509 statements are verifiable, but not minimal nor unlinkable. You can try to fix the minimality by having some third party issue single use certificates with minimal assertions in them on the basis of X.509 certificates you already have in your hand – but these are still not unlinkable, so bad people can get together to link everything back together again. Or, you can try self-signed certificates – minimal and unlinkable, but sadly not verifiable. I’m not aware of any other options. QED.
Another important point often glossed over is that unless the underlying network provides anonymity, then you are screwed anyway, since everything is linkable.
Of course, methods do exist that don’t have the problems of X.509 certificates – the best, IMO, being zero knowledge and selective disclosure proofs. But no-one uses them (yet).
Also, there’s hope for anonymity, in the shape of onion routing.
Incidentally, at the same workshop Dick Hardt gave the most fun presentation on identity management I’ve ever seen. Check it out.