« SOA Security Roundtable Webinar | Main | Digital Natives and Digital Assets »



Putting Identity in generally reduces security. It can in the short term improve security for broken or low-value systems, much like both bandaids and battlefield dressings stop bleeding. They are both bandaids, although we might disagree on the size and lifetime of them.

The problem with the so-called Laws of Identity is that they are somewhat meaningless if the Identity Assumption is not accepted within the scope of a well-designed security system.


I am not implying we spray sensitive attributes all over the place, but if we define identity as

"a set of claims made by one digital subject about itself or another digital subject."

then I would see identity (claims) implicit in any transaction. What those claims are, how strong they are, how they are protected and so on is subjective.


Thought question: If the set of claims can include anything that doesn't relate to itself or a subject then ... can it be an Identity? E.g., if I can prove to you that I am 18++, is that an "Identity claim"?

I think there is some merit in re-inventing the language so as to appease those who are stuck in the other ways ... but the danger is that those who are stuck will then add a few restrictions of their own. E.g., you can use this claims stuff but only if you put Identities in there.

To some extent this is what happened with PKI. The supporters point out that we don't need an Identity in there. But nobody will accept an identity-free set of claims, so in effect, PKI is identity-driven.

The need to sell to business trapped the technology into being something like what was sold, got it hung up on its own marketing, which didn't work in the end. To some extent you can see Credentica doing this, as well as Microsoft's CardSpace/infocard. One view might be that this is what the so-called Laws of Identity are; a way to sell Identity-free Identity. The danger is that such trickery may drag in too much baggage and break the model.

The comments to this entry are closed.