An
article in yesterday’s USA Today Money section, "Biometric
IDs could see massive growth," illustrates a natural disconnect between
"Who I am" and "Who I claim to be." The US government’s
trial Registered
Traveler program uses biometric ID cards as a mechanism to prove that a
traveller is who he says he is. It is not enough for a person to claim to be
someone; he or she must prove that claim, using a set of mutually-accepted
identification mechanisms.

Before stating the Laws
of Identiy, Kim Cameron defines
a digital identity as "a set of claims made by one digital subject about
itself or another digital subject." He further points out that a claim
is "an assertion of the truth of something, typically one which is disputed
or in doubt."

In a prospective interchange, we have one party claiming something to be true.
On the other hand, the recipient must validate that claim – remove the doubt.
The key challenge is how to prove, to the satisfaction of the receiving party,
whether a claim is indeed true. Biometrics attempt to connect physical characteristics
(e.g. fingerprints, retina scan patterns, DNA match?) with digital identifiers to validate
Identity claims. Trusted
third parties can be used to vouch for the validity of claims.

Both digital identity and physical identiy systems are faced with that challenge
– to prove whether claims are true. A variety of technologies can be combined
to validate claims in different environments, for different applications.

I suppose that every known claims-validation system could be compromised or spoofed if
enough money and resources were applied. Therefore, the risk of mistaken identity
will never fall to zero. The trick is to reduce the risk to an acceptable level.

Thirty four years ago next month, I took an engineering drafting class while
a freshman at

BYU. The instructor, Max Raisor, would draw something on the
chalkboard, take a step back to examine his work and then proclaim, "Good
enough for who it’s for!"

In reality, proving a claim is like that. It really means reducing the doubt
about the claim to a level acceptable for a connection to be made, or a transaction
to be consumated – where the level of doubt about "Who I Claim to Be" is good enough
for who its for.

Tags:
Identity
Digital Identity
Identity Management
Biometric
Registered Traveler
Laws of Identity
BYU

Mistaken: "Based on error; wrong: a mistaken view of the situation."

In the fall of 1976, there were at least two Mark Dixons besides myself attending
Brigham Young University. The problem was that
the other Mark Dixons were single. I was newly married. On numerous occasions, we
would get interesting telephone calls from young ladies wanting to talk to "Mark
Dixon, please". My new bride took it all in stride, believing me when I
assured her that these young ladies wanted to talk to the other Mark
Dixons.

One day we received a perfumed letter from a young girl in Salt Lake City inviting
"Dear Mark" to accompany her to a formal dance at her high school.
Not knowing the right address for the Mark Dixon she wanted to reach, we traced
her return address to her home phone number, and talked to her Dad! He got quite
a kick out of his daughter’s exploits. I’m sure she was duly embarrassed to
learn she had sent the letter to the wrong address!

Like my recent horse
story, we must be sure that Identity attributes are sufficient,
durable and measureable
to uniquely identify someone.

Applying this principle to the Identity Management world, Ken Weiss of Charles Schwab & Co. put it this way (in large, bold letters) at the recent Catalyst conference:
"There is no substitute for a consistently applied
opaque unique identifier."

Tag: Identity

“Don’t do no dumb stuff.” – JoAnn Larsen*

James Kobielus’ recent Network World article, "Identity
theft threatens federation," highlights an issue I’ve been pondering
for some time – how threats to the integrity of online interaction accelerate
because an ever-increasing number of rotten apples do dumb stuff.

Maybe
Moses did understand our era. If we all obeyed
at least four of those 3,000-year old Ten Commandments, this bad stuff wouldn’t
happen:

• Thou shalt not covet – don’t lust for something that’s not your’s.
• Thou shalt not steal – don’t take stuff you want without paying.
• Thou shalt not bear false witness – don’t lie about it, whether
  or not you get caught.
• Thou shalt not kill – don’t blow up the guy who says you shouldn’t
  do these things.

James
Madison, the fourth president of the United States, known as "The Father
of Our Constitution" put it this way: "We have staked the whole of
all our political institutions upon the capacity of mankind for self-government,
upon the capacity of each and all of us to govern ourselves, to control ourselves,
to sustain ourselves according to the Ten Commandments of God."

I’d bet President Madison would roll over in his grave if he saw people adopting
the philosophy I saw emblazoned on a t-shirt recently, "It’s not illegal
if you don’t get caught."

Civil society is based upon mutual

trust – confidence that each member of the
society will respect each other’s rights and abide by time-tested, fundamental
principles of honesty and truth – not because someone else mandates trustworthy
actions, but because it is the right thing to do. Conversely, to the extent
people abandon the principles upon which trust is based, society loses its civility.

We Identarati
fight the consequences of broken trust. Countless hours of thought and millions
of dollars of resources are poured into the premise that bad stuff will happen
and we must be ready. The philosophy of "opposition in
all things" applies here in spades.

*JoAnn Larsen is my sister in law, a great person and frequent
author of pithy sayings.

Tag: Identity

As
I was pondering the subject of Unique Identity the other day, I remembered a
story my dad used to tell.

An old farmer couldn’t tell his two horses apart, so he trimmed the mane short
on one of them. That worked until the mane grew back. So he cut one horse’s
tail short. That worked until the tail grew back. Finally, he measured both
horses, and found that the black horse was two inches taller than the white
horse.

"Stupid farmer," I thought in derision — until I realized the farmer
was blind.

What did I learn? Attributes we use to uniquely identify horses – or people
– should be sufficient to tell them apart, durable
enough to be consistent over time and measureable
with the tools at hand.

p.s. A man once told me Richfield,
Idaho, where I attended high school, was a Unique town. He then went on
to explain how "Unique" came from two Latin terms – "Uno,"
meaning One, and "Equis," meaning Horse.

Tag: Identity

As
I was pondering the subject of Unique Identity the other day, I remembered a
story my dad used to tell.

An old farmer couldn’t tell his two horses apart, so he trimmed the mane short
on one of them. That worked until the mane grew back. So he cut one horse’s
tail short. That worked until the tail grew back. Finally, he measured both
horses, and found that the black horse was two inches taller than the white
horse.

"Stupid farmer," I thought in derision — until I realized the farmer
was blind.

What did I learn? Attributes we use to uniquely identify horses – or people
– should be sufficient to tell them apart, durable
enough to be consistent over time and measureable
with the tools at hand.

p.s. A man once told me Richfield,
Idaho, where I attended high school, was a Unique town. He then went on
to explain how "Unique" came from two Latin terms – "Uno,"
meaning One, and "Equis," meaning Horse.

Tag: Identity

I bumped into this Flickr ID Badge recently. A humorous play on the whole ID Badge issue!

It’s an interesting example of a person choosing which Identity attributes
to publicly expose. By the way, you can click on Thomas’ badge to visit his Flickr page.

Tag: Identity

At
a customer meeting yesterday, we were joking that a distinct benefit of implementing
password synchronization was that many trees would be saved because fewer Post-It®
notes would be used to keep multiple user IDs and passwords handy around one’s
computer screen.

But then we thought of the flip side of the equation: Replacing multiple user
credentials with a single User ID and password could arm a devious person
with all he needed to easily wreak havoc on multiple on line systems!

We can only hope that if a person only has to remember one password and one
User ID, he or she will have enough good sense to give up Post-It® notes all together.

Tag: Identity

Today I pay tribute to Claudia, my lovely bride of 29 years. Claudia is a gracious
lady, loving wife, eternal companion, gentle mother to our seven children and
my best friend. I clearly married up in this world!

We are celebrating our wedding anniversary today in beautiful Sandy,
Utah, where we are attending the wedding
of a nephew.

We were married in the Salt
Lake Temple of the Church of Jesus Christ
of Latter-day Saints on August 6, 1976. Our first date was the previous
Halloween, when we attended the opera Falstaff at Brigham
Young University. From that wonderful start, life has become better each
year.

Today, I tip my hat to my Sun colleagues who made two great announcments possible
during the past week:

• Sun’s
  Java Enterprise System to Bring New Integrated Development Platform to General
  Motors
• General
  Electric Selects Sun Microsystems for World-Wide Identity Management Deployment

In his Information Week article "General
Motors Signs Biggest Java Deal Ever", Darrell Dunn commented that "For
Sun, the GM deal and another with General Electric are signs of a rebound."

Ashlee Vance of The Register wrote, "Sun
pimps GMC’s data center with JES," including a great Scott McNealy
quote, "I love Detroit iron."

In his SearchWebServices.com article "GM
tabs Sun for SOA development," Mike Meehan stated "… the new
agreement will see the automotive giant leverage Sun’s full development and
identity management tools for an SOA built on Java and running on Sun’s Solaris
10 operating system."

I’m relatively new at Sun, but I like what I see. It’s great to be with a company
that thrives on innovation and forges working partnerships with leading companies
to put those innovations to work.

Tag: Identity

I
chuckled at the Catalyst Conference when Mike
Neuenschwander spoke of Steve
Ballmer joining the ranks of the "Identarati" when he shared the
stage with Scott
McNealy to jointly announce a breakthrough in product
interoperability.

After Googling "Identarati"
and finding the only entry to be my blog, I pinged Mike to get his insight into
this new word.

Mike responded, "I think I claimed the identarati were those of us who
make our living in the identity industry–in other words, those of us who are
forced (or compelled) to get this stuff. I’ve thrown the term around BG for
a while. Dan
Blum named his blog after this term, although spelled slightly differently:
identerati.blogspot.com."

I really like the word. It has a bit of style and panache for this crazy industry
laden with all too much technical jargon.

It made me wonder, however — how does one qualify to bear such an exalted
title? Maybe to qualify for lower-case identarati status, one must just work
in the industry. But to attain the lofty status of upper-case Identarati, or
the Identarati Elite, perhaps there are other qualifications.

One might qualify by leading a company that produces a major Identity Conference
– like Jamie
Lewis.

Or speaking at such a conference (John
Loiacono, Nick
Nikols, …)

Or participating in a panel discussion (Sara
Gates, Bob
Blakley, …) Scroll down to see Sara’s bio.

Or leading a company that produces Identity products (Scott
McNealy, Dick Hardt, …)

Or leading a major Identity Management deployment (Phil Blank, Jarrod Jasper,
…) Sorry guys, I couldn’t find your bios.

Or authoring an industry newsletter (Dave
Kearns, …)

Or a blog (Pat Patterson,
The Identity Woman, Timothy
Grayson, …)

Or defining Identity Laws (Kim Cameron)

Or discussing Identity Flaws (Mike
Neuenschwander)

Or sharing a stage with Scott McNealy (Steve
Ballmer)

But I’d like to propose that to be really classified with the Identarati Elite,
one must be listed on the Wizard
of IdM’s LinkedIn
contact list, which reads like a virtual who’s who of the Identity Industry.
Thanks, Don
Bowen, for making it all possible.

p.s. I haven’t even met all these people – but I once shared a stage with Steve
Ballmer!

Tag: Identity