In previous articles on the subject of Identity Management I’ve covered some details like identity attributes (part 1 and part 2), identity attribute storage, storage redundancy and pairing as well as some social opinions on the matter. It is now time to describe some pseudo examples to tickle the imagination of people reading my articles. I would also like to introduce an aspect that I had not yet given any real thought to before which is content-centric networking, a concept pioneered by Ted Nelson and recently promoted by Van Jacobson. I found out about content-centric networking from reading an article called ‘2020 Vision: Why you won’t recognize the ‘Net in 10 years‘ where Jacobson states that:

“The security is so utterly broken that it’s time to wake up now and do it a better way,” says Van Jacobson, a Research Fellow at PARC who is pitching a novel approach dubbed content-centric networking. “The model we’re using today is just wrong. It can’t be made to work. We need a much more information-oriented view of security, where the context of information and the trust of information have to be much more central.”

I could not agree more. An excerpt from the Project CCNx website says:

Project CCNx™ is an open source project exploring the next step in networking, based on one fundamental architectural change: replacing named hosts with named content as the primary abstraction.

So let’s see if perhaps we can not simply ‘name contents’ but,  in our earlier context of not only humans having identities but also entities having identities, investigate whether we could give content it’s own identity. As it turns out the content-centric concept fits beautifully inside some of the examples I’ll give in this article.

Stop! Identify yourself!

This is the implied sign when we cross a country border and see somebody looking official in a uniform behind a counter on our way. It is immediately clear to us that by his location, his uniform, the strict look on his face that this person needs no further identification; It is the guy who wants to verify our identity before allowing us into the country. We have just accepted an identity key consisting of a few arbitrary attributes from the official which has unlocked our duty to identify ourselves in return for the benefit of us all (security).

It is also the implied sign when a black and white stops us at the freeway by means of a stop sign on the back and when this guy in a police outfit comes out of the car, asking us to show him our papers. Here we accept an identity key consisting of the location (we’re on the freeway, we know traffic cops patrol the freeways), the demanding stop sign (it looks official so it must be), the outfit of the guy coming at you, and his self -evident way of asking you for your papers. We usually find this identity key acceptable enough to show our drivers license.

However, when an FBI agent wearing plainclothes comes to your door and says he wants to search your house, just the demanding tone in his voice and the fact he comes with some colleagues looking equally demanding usually is not a sufficient identification; We ask for an ID, upon which the FBI officer will wave his badge at us. Then we ask for a search warrant which is the authorization for the now identified FBI agent to come into your house and search it.

While the previous examples say something about our natural desire to be unknown to others, which I briefly scratched the surface on in Privacy vs. Anonimity, it shows us something different as well that I haven’t discussed before:

• If somebody asks us ‘Who are you?’ we will, whether implicitly or explicitly, first ask ‘Well, who’s asking??’

So, assuming any request for identification serves a purpose — to transfer some sort of payload or content to change hands, a request for identification will always be reciprocated by a counter identification request. Only after this protocol has been met successfully will the payload change hands. When the payload isn’t as valuable or the transferral of the payload is anticipated (as in the passport example above) we do some intuitive probability calculus in our heads (“what are the odds that a border official — looking like a border official –would be here right after I get off an airplane in an area that’s thought of as border official controlled?”). When the payload is more valuable (“our house being searched”) and the location and looks of an FBI agent do not immediately convince us of the FBI agent being an FBI agent we explicitly ask for counter identification. Fact remains that explicit or implicit reciprocal identification always takes place before valuables change hands. There’s only one exception to this where either buyer or seller of abstract valuables prefers or insists on anonymity.

Entities

It’s time to take a closer look now at entities. Wikipedia says “An entity is something that has a distinct, separate existence, though it need not be a material existence.” Some keywords that may jump out here for frequent readers of my articles are “distinct” and “separate,” as they’re also implied in my earlier definition of identity:

An identity is a finite set of attributes belonging to an entity that make the entity uniquely identifiable.

Hence “distinct, separate” and my original use of the word ‘entity’ in this definition as opposed to ‘individual’. I believe the Wikipedia definition to be quite accurate and complete as another aspect of an entity not needing to be ‘of material existence’ is also worded quite appropriately.

On the internet there are many different entities, materially existing or not:

• People
• Firewall software
• Antivirus software
• Routers
• Contents (webpages; but also emails, FTP files, PDF documents, etc.)

Just to name a few. If all of these entities are distinct and separate, would it be appropriate if they all had their own identity? I believe so; it’s implied inside the question isn’t it? So why not be very specific and state that:

During any transaction, passing an entity from one entity to another, a protocol exists to facilitate this transaction.

This approach, when applied to the internet, has very far reaching consequences! Some ad-hoc identification protocols exist in many different services on the internet but as identification protocols were never part of the internet design, these protocols have been slapped on services on an as-needed basis:

• The FTP protocol asks for a username and password and sends this unencrypted over the network
• The SMTP protocol never used to ask for any identification, but only as spam email reaches near-intolerable volume do identification methods such as TLS begin to be used.
• The DNS protocol never used to ask for any identification, but only as DNS ‘attacks’ become more prevalent do we start considering DNS SEC
• The HTTP protocol used to be, and still frequently is, unencrypted and easily spoofed but as online banking transactions and e-commerce began to be used with regularity was HTTPS introduced where typically a third party will validate the sellers’ credentials before handing over a certificate of authenticity.

This is just a small sample of identification methods slapped on the internet, all with one common goal but all with vastly different implementations; to identify seller and buyer before a transaction of valuables takes place. This only underlines Van Jacobson saying:

The model we’re using today is just wrong. It can’t be made to work.

Content Centric Networking

As I promised in the intro, let’s see how CCN fits into Identity Management. I’ve given some hints by including ‘contents’ as separate entities already but the careful reader will also have noticed that I speak of ‘valuables’ in a very broad and abstract way as being simply ‘that which changes hands in a transaction between two entities’. Valuables can be contents like a webpage being transferred from a website to a person, but valuables can also be the information contained in a passport that we transfer from one human to another human. A valuable, or content, is an entity by itself and before the transaction takes place:

• there’s an implied protocol first establishing the valuable’s privacy value (“do I want to remain anonymous and will I unlock this valuable through other means than by my identity?”) — thus establishing the valuable’s own identity first
• asking for an identity key from the seller of the valuable — “Who’s asking for my identity?” — to establish the seller’s identity before handing over (or not, in the case of anonymity) our own identity
• complete the transaction.

A protocol this simple — of course there are many ‘gotchas’ to it — could not only unify any transaction of contents from one entity to another over the internet. It could in fact facilitate any market transaction! Go riddle me that one and widen your horizon a little bit on the impact a global identity management system could really have on our day-to-day lives.

Here are other articles in the Identity Management series:

• Goldman Sachs case precedent for downloading media? April 18, 2012
• Google+ Profiles for Google Apps July 8, 2011
• Scooba-Doo Underwater Scooter June 24, 2011
• Circular Saw Pizza Cutter June 24, 2011
• App Magnets June 24, 2011
• Glitter Bubbles! June 24, 2011
• Get your own domain... extension! June 20, 2011
• War!! June 20, 2011
• Playing with Simple Facebook Connect June 16, 2011
• Stuxnet Anatomy June 14, 2011
• Facebook Associates June 1, 2011
• Math Geekness May 30, 2011
• Japanese Security May 30, 2011
• Microsoft says to use Porn button May 30, 2011
• You Facebook Addict! May 28, 2011
• European Cookie Law May 28, 2011
• Spy with my little Eye May 26, 2011
• Nukular Leak? May 25, 2011
• Sony does it again May 25, 2011
• Think your Password is safe? May 24, 2011