Ben Laurie blathering

InfoCard no clearer?

Kim Cameron responded to my post on InfoCard.

In response to my claim that no-one knows whether Credentica is supported, he says…

Actually, I’ve been working with Stefan to ensure that Credentica (the name of Stefan’s system) can work within the InfoCard model. I’ve said publicly that if it can’t, our implementation needs to be fixed.

This is a fascinating debating technique – respond to criticism by agreeing with it. Yes, Kim, it’s good that you’re prepared to fix it if its broken, though that does make the interesting assumption that it can be fixed, but that is exactly what I said – you don’t know whether it is supported.

In what seems to be a response to my assertion that Law 4 is broken he says…

Beyond this, the basic InfoCard implementation allows the blinding of the identity provider to the identity of the relying party by putting that identity through a one-way function with per-user salt. Any identity provider can then manufacture unidirectional identities and sign assertions without knowing what site they are being submitted to.

This doesn’t fix the problem. Clearly the site they are submitted to will know who the identity provider is, and so collusion between providers and sites is still possible.

He goes on to misunderstand what I said about Sxip…

To the extent that sxip wants its own unique user experience that has nothing to do with the user experience of other identity systems, then any common UI is “wrong for Sxip”. But Sxip should be able to distinguish between offering a basic identity experience within the framework of a metasystem (for example, working with InfoCard), and providing a unique value-add through its own supplementary UI (such value-add is a good and great idea).

My point was that Sxip apparently needs to interact with the user at a point where InfoCard is not prepared to do interaction, not that it is trying to offer a unique experience. However, since I don’t know Sxip well enough to be sure I should stop hammering on this point and leave it to those that do.

In summary, he says…

Nothing is being swept under the carpet. My goal is to deliver increasing clarity as we move forward.

Traditional certificates are linkable. But InfoCard Identity Providers can easily produce unlinkable identity assertions.

I keep hearing this but I don’t hear any satisfactory explanation of how. If the “unlinkable assertion” is in the form of a traditional certificate, then it is linkable by the Identity Provider, and the Identity Provider is known to the relying party, of necessity (since the certificate is signed by the provider, who must be trusted by the relying party), and so they can collude to reveal the original certificate (or whatever other assertion was made).

Finally, Kim says:

I need to write in a systematic way about the design decisions and capabilities of the Identity Metasystem proposal. Hopefully as that happens we can zero in on things that need to be fixed and extended going forward.

Indeed, this would be a good thing. But this is further evidence of the incompleteness of InfoCard. Yet we’re told it’ll be released to the public in a few months. Do I believe it will deliver on the promises by then? Not on the evidence so far. Are assurances of future detailed explanation supporting the unsupportable claims reassuring? No.

Don’t get me wrong, InfoCard has potential to be a very good thing – but only if its done right and not rushed out the door accompanied by empty promises.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress