DigID Thread

In response to Eric's musings, Doc, Bryan, AKMA, Kevin and I have been engaged in an email thread. With their permission, I've bundled together the messages, with some very minor cleanup (e.g., removing signoffs, etc.).

Bryan [commenting on David's blog]: Actually... I *DID* mean [in my blog] that "Strong Identity" is DRM in the same way that "Car" is "Automobile". The fault being, not giving a clear enough definition of "Strong Identity", which is for end-users to fully control access to, and prohibit unauthorized use of, their personal info.

Kevin: Eric, Bryan and other digID fans are asserting that markets require identity and reputation. This is bogus. One of the great things about markets is that you can trade with people you don't know or trust very well. Try this out at your local farmers market. Walk up to the chap selling fruit & veg, and offer him cash for them. He doesn't know you from (AKM) Adam, yet he'll readily take your cash, and you'll buy his fruit (assuming it isn't mouldy or over-priced in your opinion). The great trick here is cash. A medium of exchange. This is the original economic technology hack, and it is a remarkably good one, as it avoids the whole trust conundrum, or rather, offloads it onto a certifying authority. All the authority certifies is the money, not the parties to the exchange at all. Try paying at the farmers market with a credit card, and see how far that gets you (do take another form of ID with you too).

The succesful online payment company, PayPal, takes this approach, certifying the existence of the money, not the worthiness of the individuals...

Eric: gee go figure....i disagee. its not bogus.

*even* in the simplest of market exchanges (the bazaar, the fruit market, whatever) there are simple elements of identity and reputation at play. And — i think it could be argued that cash became a *proxy* for much of that.....

the key in your example is location. location has always provided a good proxy for identity and reputation. it *did* in the beginning of the internet. but location as proxy for identity is breaking down (and has broken down).

hence, the repairing of markets comes through identity and reputation.

am i asserting that amazon can't keep functioning as is? no.

but i am asserting that: 1. even there identity and reputation are in play. 2. corporations are desirous of more secure ways to effect transactions in a distributed network — and that absolutely requires identity. (yeah, i know i'll get the "its not what customers want" line thrown at me here)

btw, i'm not a digital id "fan". I'm someone that considers himself to be thinking through a problem — and seeing a lot of people turning toward digital id as the answer.

Bryan: it seems to me that a Digital ID system providing reputation features is closer to the age-old physical marketplace than PayPal because, by definition, PayPal is a centralized service, controlled by one entity which everyone must trust. By contrast, a Digital ID system, designed to be decentralized, is controlled by no one. You alone choose who to trust and who not to trust, which in turn can (if you wish) be based upon whom your friends trust and whom they don't.

The key word is decentralized, and it is this kind of decentralized Digital ID system which PingID, and the Liberty Alliance, along with some other lesser-known companies and projects, are trying to achieve.

That's the spirit of the open marketplace.

Incidentally — it is not the a priori goal of PingID, nor the Liberty Alliance for that matter, to build out either a distributed reputation system, or a digital cash system, today. Instead its our hope that a well-thought-out Digital ID baseline infrastructure can be built today, upon which, in the future, we may build out reputations, digital cash, or whatever other application du jour gains popular attention.

David: Here's what I hear y'all saying:

Kevin: "We don't need no stinkin' digID to do our online transactions because we have money (and credit cards, etc.)"

Eric: "Yeah, for now, but big companies are going to start wanting more assurances that we are who we say we are. Amazon and eBay are already making moves in that direction. DigID will happen."

Bryan: "Besides, the online trust-brokers — e.g., PayPal — are centralizers. Booo!"

Me: "Markets are be-ins, so don't bogart that joint."

Am I over- simplifying everyone's positions correctly, or at least in equally annoying ways?

If so, some comments:

1. I'm on record being in favor of decentralization. But I'm not an absolutist. "Decentralized" gets hard to apply in this context. Is money centralized? If so, it still allows for a whole lot of decentralized transactions.

2. If Eric is making an accurate prediction — that big players will demand we present our digIDs — then doesn't this ultimately go back to a centralized trust-broker anyway since Amazon will presumably want to know not only that I'm David Weinberger who lives at 94 Westbourne, etc., but that that DW's transactions are ensured by a bank, a credit card company, paypal, or some other established, accountable, centralized authority?

3. These centrally-ensured transactions are perfectly possible within a decentralized, federated ID system like the one Bryan is working on. It's one thing to trust my book recommendations because I'm a friend of a friend and another to take my money because PayPal stands behind the transaction. Don't we need both? Don't we already have both where we need it? Don't we *want* to keep these two systems separate?

4. To Bryan's initial point: while digID and DRM may be formally the same and enabled by the same infrastructure — which is exactly what's disingenuous about MSFT's claim that Palladium is not about DRM, only about strong digID — they do not have to occur together. Strong digID may enable me to say in an accountable way "This is me" without my also saying "This is mine." I can perfectly logically say "This is me" and also say "And here's the Creative Commons license for using my stuff" without building enforcement into the infrastructure. Am I wrong about this?

5. I'm not yet hearing the good stuff that happens if we have strong or strong-ish digIDs. What is it that we'll be able to do that we can't do now? Vote online? Fight spam? Those seem like meagre returns for a massive change in the way that we share creative goods and a massive oppportunity to have our privacy invaded.

Doc: The fact that it's easy to do feature-rich customer-centric business with Company A or B on terms they entirely provide is not the issue. Being able to do whatever kind of business I want with any company on *my* terms... and to do it in ways that express my demand generally to the marketplace... and to do it in ways that relationships result (including ones between vendors)... *that's* the issue. We don't have that yet. DigID should provide that, or it's just another way for multiple vendors to share information about "consumers" and cooperate in "managing" them (and in limiting their rights and abilities to do what they like with what they buy, which is what DRM has been all about since the beginning).

This is something we never experienced in the supply-controlled markets — actually distribution systems — of the Industrial Age. VISA has its way of dealing with customers. United Airlines has its way. Hertz has its way. Starbucks has its way. All fine in their own ways, but disconnected. They meet at the customer, but only exclusively, and on each supplier's terms. And because the suppliers all compete for the "consumer" (a simple device about which only transactions and a few bits of persistent data are valuable), there is little inter-vendor cooperation. For vendors selling the same stuff, competition (in the absence of customer demand for cooperation between suppliers) demands exclusive relationships, to the degree that term applies (usually not much farther than required for transactions and minimal customer record-keeping).

What we need is something simple, distributed, and resident on the customer's side, where demand is expressed and best controlled (by the customer). From what I can tell, this is what Liberty, PingID and SourceID are all up to.

Eric: I don't think we really disagree.

when i say "corp good stuff" i'm talking about things that enable cost savings and higher levels of IT security....things that ultimately (if indirectly) benefit the macro-economic picture and, thus, put better xboxes (or apple powerbooks) in kiddies homes.....i doubt you're against a higher quality of life via corporate cost savings ;-)

plus — i do agree the *really* good stuff (ie, empowerment of the demand side) has yet to be enabled....i look fwd to when it is (i get enough email about enlarging my penis by 18 inches already!)

so....really, i don't think there's a disagreement at all.

David: But, since there are clear and present dangers to strong digID — Bryan says if we get strong digIDs we also necessarily get the sort of DRM that gives me the willies — don't we need to enter into this with *some* idea of what we get in return?

Eric says that it will drive down costs by improving IT security. If this refers to having strong digID *at work*, well, fine, we already require ID cards to get past locked doors, so what the heck. And we already have strong-enough digital security at work, depending on the company: from passwords to dongles that change their codes 5 times a second. Is that all we're talking about? I thought we were talking about "empowering customers." And, just as I wouldn't stand for being strip-searched when I leave a store in order to drive down "shrinkage" costs, I don't want to trade the freedom of anonymity for a nickel-off coupon.

No, that'll cost you a dollar off.

AKMA has been a good blogger and responds to this email thread in his blog...

Bryan: A couple of minor additions to this dialog:

I was going to write this up as its own little article/blog entry, but since you're going to be posting this whole email thread, I may was well throw it in here.
The Protocol problem will be solved; the new problem may become one of Policy.

The last point I wanted to make, is that I believe that the software protocols for "Sovereign Identity" will be built, and that they will be deployed on the commercial side of things (by retailers for example, who want access to identity information, and by identity providers, who will compete for your business to host your identity information). This is, for example, what the Liberty Alliance is all about, without whose momentum, I could never see service providers performing the software changes needed to do identity interchange.

The next phase after that will be for folks (such as at SourceID) to implement these identity interchange protocols into rich clients, rather than at hosted identity providers, so that you can "run your DigID" on your own trusted machine, outsourcing to no one.

Suddenly then, there becomes a wholly new barrier to adoption. It's no longer a question of Protocol, but now, a question of Policy. How to get companies to trust (or, in market terms, negotiate with) a DigID which is coming from a personal machine's IP address, rather than a trusted identity hosting provider such as a major bank?

Illustration: Imagine I want to buy a $2,500 TV with a credit card at a store. I'm asked to show identification before being allowed to complete the purchase. So I whip out a nice business card I've printed, which includes my name, address, and a photo of myself. The merchant says "yes, that's an ID, but it's not a credential issued from a party I trust (such as a U.S. state-issued driver's license)". See the problem? We're meeting eye-to-eye at a protocol level, because we both agree that this in fact an ID. But we have a policy problem, in that my supplied ID (or the components I'm supplying) don't meet his standards.

In short, we may in the near term (e.g. 12-18 months) arrive at some truly great decentralized protocols for identity interchange, but find ourselves at the beginning of a long policy adoption battle between customers (who want decentralization, web-of-trust, etc.) and merchants (who want centralized trust authorities) over what is and isn't an acceptable credential.