« Monitoring Up the Stack | Main | From the Department of Redundancy Department - Cloud Security & Federated Identity »


Clive Robinson


"What matters is the quality of identity presented"

In what terms?

The first thing security people need to remember is that "identity" is not of necessity that the humans traditionaly consider "identity" (ie of a person).

There are three broad asspects to identity,

1, Access.
2, Consistency.
3, Traceability.

The "access" asspect is to an object, service or role it is what is actually being controled with most identity systems. Thus I could (if the politicos alowed) have an anonymous bank account with a reasonable degree of security, I could anonymously get access to various services such as private health care, or I could be a person who is carrying out a role either individualy or as one of a number of people trusted to carry out the role. In no case does my actuall human identity as a person actually have a need to be known and there may be good reason for this.

The "consistancy" asspect is a little more subtal and it is used to ensure the linkage of "access" over time. For instance I might generate a self signed Public Key that I link to an anonymous name "Fred3r1c" that I use for posting to a moderated blog. The blog moderator does not need to know who I am or even be able to get in contact with me, the anonymous public key just ensures that it is realy the person who controls the anonymous name who is making the post. Thus the moderator may chose because of my past good behaviour to allow my postings through without moderation. It also ensures that as a poster no posts are falsely attributed to my anonymous name, thus readers can have faith in the consistancy of what I might have to say.

The third asspect "traceability" is where the real issues occur. As an individual I actually have many roles and sometimes different names that is "husband", "father", "Club accountant", "Business director", "Contractor", "Employee", "tax payer", "insurance purchasor" etc.

All of these roles can and often should be seperate, and there is no requirment (other than political) for them to be linked together. However the actions carried out should be auditable back to me as the role holder who carried out the action. But importantly it should not be possible to cross link one role to another they should be entirely seperate under the majority of cases.

That is as an employee of company X I should not be linked to the companies bad debts or other misfortunes if I was not (nor could be) responsable for them. Likewise any choice I make as the club accountant (if legal etc) should not be linkable to my employer or business partners etc.

Most identity systems fail misserably in this asspect as they often serve as "single sign on" and thus can be linked and made traceable by third parties over whom as an individual I have little or no control.

Likewise things like web browsers and Email client software has little concept of roles and the contexts pertaining to them.

Untill humans learn to distinguish between the person and the role, most identity systems will have a myriad of hidden issues and failings.

For instance I should in a web browser be able to browse under a role, that is all cookies and other (known) identifing issues should be constrained to the context of that role and not visable in other roles or their contexts. Obviously I should be able to have several contexts open at the same time (different tabs or windows) with each contex clearly identified via a colour or other easily identifiable heading etc.

The comments to this entry are closed.