Copyright 2005 1 Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU http://www.anu.edu.au/Roger.Clarke/.... ..../DV/NatID-BC-0602 {.html,.ppt} 7th Annual Privacy & Security Conference Victoria BC – 10 February 2006 (Id)entities Management and Nym Management for People not of People
36
Embed
Copyright 2005 1 Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU .
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Copyright2005
1
Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU
Did you ever pause to consider that the expression
‘Identity Provider’
is Arrogant?
Copyright2005
12
Countermeasures by Individuals• Web-Forms can be filled with:
• pre-recorded data • convenient data• pseudo-random data • ‘false’ data
• Personal data can be automatically varied for each remote service, in order to detect data leakage, e.g. spelling-variants, numerical anagrams
• Personal data can be automatically varied for the same remote service on successive occasions (to pollute the data-store and confuse the userprofile)
• Users can exchange cookies, resulting in compound profiles rather than profiles that actually reflect an individual user's behaviour
Copyright2005
13
Identity Managementby a User-Selected Intermediary
The Internet
Identity Management
Services
The Organisation’s
Web-Sites
Copyright2005
14
User-Device Identity Management
The Internet
The Organisation’s
Web-Sites
Copyright2005
15
User-Proxy Identity Management
The Internet
Identity Management
Service
Handheld
The Organisation’s
Web-Sites
Copyright2005
16
The Multi-Mediated Super-Architecture
The Internet
Handheld
Federated,Multi-Organisation Single-SignOn I.M.
User-Selected Intermediary I.M.
Own-Device and Own-Proxy I.M.
The Organisation’s
Web-Sites
Identity Management
Service
The Organisation’s
Web-Sites
Silo’dSingle-Organisation Single-SignOn I.M.
Copyright2005
17
4. Nym Management
Copyright2005
18
Entity andAttributesReal
WorldAbstract
WorldEntifier
+ Data-ItemsIdentifier
+ Data-ItemsIdentity andAttributes
(Id)entities
Copyright2005
19
NymsEntity and
Attributes
Real
World
Abstract
World
Record:
E ntifier + Data-Items
Record:
Identifier + Data-Items
Identity and
Attributes
Record:
Nym + Data-Items
Identity and
Attributes
m
n
m
n
1
1 1
nn n
Copyright2005
20
NymOne or more attributes of an Identity(represented in transactions and records
as one or more data-items)sufficient to distinguish that Identity
from other instances of its classbut
not sufficient to enable association with a specific Entity
Pseudonym – association is not made, but possibleAnonym – association is not possible
Copyright2005
21
Some Mainstream Nymous Transactions
• Barter transactions• Visits to Enquiry
Counters in government agencies and shops
• Inspection of publications on library premises
• Telephone Enquiries• Access to Public
Documents by electronic means, at a kiosk or over the Internet
• Cash Transactions, incl. the myriad daily payments for inexpensive goods and services, gambling and road-tolls
• Voting in secret ballots• Treatment at discreet
clinics, particularly for sexually transmitted diseases
Copyright2005
22
Some Important Applications of Nymity
• Epidemiological Research (HIV/AIDS)
• Financial Exchanges, including dealing in commodities, stocks, shares, derivatives, and foreign currencies
• Nominee Trading and Ownership
• Banking Secrecy, incl. ‘Swiss’ / Austrian bank accounts
• Political Speech• Artistic Speech• Call Centres• Counselling
• Phone-calls with CLI• Internet Transactions• 'Anonymous' re-mailers• Chaumian eCash™
Copyright2005
23
Common Uses for Nymity
• Criminal purposes• Dissent and sedition• Scurrilous rumour-
mongering• To avoid being found by
people who wish to inflict physical harm (e.g. ex-criminal associates, religious zealots, over- enthusiastic fans, obsessive stalkers)
• To protect the sources of journalists, and whistle-blowers
• To avoid unjustified exposure of personal data
• To keep data out of the hands of marketing organisations
• To prevent government agencies using irrelevant and outdated information
Copyright2005
24
Nymality
aka ('also-known-as'), alias, avatar, character, nickname, nom de guerre,
nom de plume, manifestation, moniker, persona, personality, profile, pseudonym, pseudo-identifier, sobriquet, stage-name
7th Annual Privacy & Security ConferenceVictoria BC – 10 February 2006
(Id)entities Managementand Nym Management
for People not of People
Copyright2005
31
Copyright2005
32
Anonymity vs. Pseudonymity
• Anonymity precludes association of data or a transaction with a particular person
• Pseudonymity creates barriers to association of data or a transaction with a particular personThe barriers are Legal, Organisational and TechnicalThe barriers can be over-riddenBUT conditions apply and are enforced, including:
• collusion among multiple parties• sanctions and enforcement
Copyright2005
33
Pseudonymous TransactionsThe Basic Principles
• Enable communications that do not require the client to identify themselves
• Conduct no authentication of identifiersleaving clients free to choose their identifier
• Protect the organisation against default or malperformance by the client (by ensuring that transaction risk is borne by the client)
Copyright2005
34
Pseudonymous TransactionsThe Challenge of Continuity
• Needs for Continuity arise:• within the context of a transaction
(e.g. repairs under warranty)• to associate successive transactions
(e.g. loyalty discounts)
• Although the identifier is a pseudonym:• Authentication is unaffected• Customers are still Customers
Copyright2005
35
Pseudonymous TransactionsThe Challenge of Payments
• Anonymous Payment Schemes work, e.g. DigiCash, but they have not achieved the breakthrough
• Schemes based on Credit-Cards dominate• Identified credit-card tx undermine pseudonymity
• Alternatives:• sponsor anonymous payments mechanisms• separate payment aspects of transactions
from the ordering and fulfilment aspects
Copyright2005
36
Pseudonymous TransactionsPotential Conflicts
• Customer Relationship Management
• 'Know Your Customer' Policieswhere organisations have become part of the national security machinery
• To perform their business functions effectively, organisations need to balance many interests, not simply succumb