
Identity Is Dead - walterbell
https://www.constellationr.com/blog-news/identity-dead
======
Confiks
Shameless plug: IRMA Authentication is an open-source app [1] [2] and protocol
that offers privacy-friendly attribute based authentication and signing using
Camenisch and Lysyanskaya's Idemix [3].

It's currently heavily focused towards The Netherlands, where citizens can
obtain attributes from the Dutch civil registry, such as name, home address
and age. These attributes can then be selectively disclosed directly to a
relying party, without the identity provider being able to see the transaction
[4]. Multiple disclosures are also unlinkable as long as the attributes
themselves are not identifying.

It's not currently using the verifiable claims data model, but it would very
much fit it. It also doesn't use a 'blockchain', simply because it's not
necessary to do so, and makes it all a lot less complicated.

[1] [https://itunes.apple.com/gb/app/irma-
authenticatie/id1294092...](https://itunes.apple.com/gb/app/irma-
authenticatie/id1294092994) or
[https://play.google.com/store/apps/details?id=org.irmacard.c...](https://play.google.com/store/apps/details?id=org.irmacard.cardemu&hl=en)

[2] [https://github.com/privacybydesign](https://github.com/privacybydesign)

[3]
[https://privacybydesign.foundation/publications/](https://privacybydesign.foundation/publications/)

[4] [https://privacybydesign.foundation/meeting-
slides/slides-8-3...](https://privacybydesign.foundation/meeting-
slides/slides-8-3-19/ringers-8-maart-2019.pdf#page=2&zoom=auto,-68,540)

~~~
vageli
> It's currently heavily focused towards The Netherlands, where citizens can
> obtain attributes from the Dutch civil registry, such as name, home address
> and age. These attributes can then be selectively disclosed directly to a
> relying party, without the identity provider being able to see the
> transaction [4]. Multiple disclosures are also unlinkable as long as the
> attributes themselves are not identifying.

The fact that the government is involved in this is utterly amazing to me. Are
you aware of the conditions which brought about this situation in The
Netherlands? I'm wondering why other governments are not following this
example, given the issues we've seen with identifiers like Social Security in
the US.

~~~
Rafert
IRMA has existed for a while, it's a non-profit spinoff from a Dutch
university. But to my knowledge it is nowhere as widely known or accepted by
relying parties as DigiD[1], this system is run by the government and based on
passing the BSN (citizen service number)[2] to the relying party with SAML. It
exists since 2005 and has become quite widespread: I can use it to file my
taxes, make an appointment at pretty much any municipality town hall, and log
in to my health insurance provider to name a couple of things.

Before DigiD, the Netherlands has had a central digital population register
since 1994 called the Gemeentelijke Basisadministratie Persoonsgegevens, but
before that analogue version of a population register was in use for quite
some time as well.

[1]: [https://www.digid.nl/en/about-digid/](https://www.digid.nl/en/about-
digid/) [2]: [https://www.government.nl/topics/personal-data/citizen-
servi...](https://www.government.nl/topics/personal-data/citizen-service-
number-bsn)

~~~
youdontknowtho
We can't have one of those in the US because lots of people are afraid that it
will be the "mark of the beast" from the book of Revelation in the bible.

I'm not kidding.

Nothing would make more sense at this point then some kind of federal identity
standard that used real crypto to prove someone's identity. The US Postal
Service already has offices in every community that could be used for
enrollment. For what it's worth, the Federal Government does this for all it's
employees.

------
scotty79
> Now, I agree in theory that bank accounts for example may be regarded as
> “identities”, and it follows that banks could be regarded as “identity
> providers” (IdPs). But these conceptual models have proved sterile. How many
> banks in fact see themselves as “identity providers”?

In Poland if you want anything from your government online you need to prove
who you are. Easiest way to do that is to get redirected from government
website to your bank website and login there then be bounced back to gov
website.

Not sure how the system came to be but I'm very glad it's in place.

~~~
NKCSS
Same here in .nl, you have a government digital id called Digid, but it’s just
a login and password with optional sms 2fa, but we also have IDIN, which uses
your banks hardware token, etc, to identify, which is better.

------
keypusher
I thought Civic ([https://www.civic.com](https://www.civic.com)) was one of
the most interesting projects to come out of the blockchain space for secure
identity, but haven’t really seen it adopted anywhere. Facebook sign in is
everywhere, but Facebook is also completely untrustworthy when it comes to
personal data and so I tend to avoid it whenever possible. This idea of
sharing attributes seems interesting but does it go any further than “This app
wants access to your email address, contacts, and photos” that already exists?

~~~
martindale
Blockchains have very little to do with "secure identity", and in fact more
frequently serve to damage the security of the individual. If everything is
recorded in a central ledger, how long do you think it takes for oppression to
emerge?

~~~
keypusher
As opposed to being stored in Google/Facebook's databases? I don't know if
blockchain is the answer, but I would prefer not to trust any of these large
corporations and use a decentralized identity system where no third-party has
control of my identity information.

------
bredren
I was at the Napa identity conference referenced in the first paragraph. It
was expensive but we were invited because of the unique identity work we were
doing with our startup Gliph at the time.

Our goals then we’re to be an identity provider. We were not the only ones
trying at this—-personal.com was much better funded and tied into DC—did
nothing interesting but also hoped to store personal data securely and make it
available when users desired to share.

We hunted use cases for identity like the Predator. Pivoting into secure
messaging, Bitcoin, and finally a marketplace. But could not find a way to
make it work.

Building identity in the vacuum of a useful and popular service doesn’t work.
At least, we were unable to make this work.

~~~
grey-area
_We hunted use cases for identity like the Predator. Pivoting into secure
messaging, Bitcoin, and finally a marketplace. But could not find a way to
make it work._

The entire existing global payments system would not function without verified
identity.

Healthcare would not function without verified identity (both for payment but
also for tracking treatments and outcomes).

Existing marketplaces often require verified identity (as it helps combat
fraud).

Vehicle license plates depend on verified identity (and are part of a system
to enforce that).

Border control requires verified identities.

There are so many places in our current society where verified identity is
essential, and already a solved problem (yes the solutions aren't perfect, but
they are in place). Bitcoin failed IMO precisely because it actively avoids
tackling identity, which has been a central part of finance for as long as it
has existed. It might be hard to usurp the place states have claimed for
themselves in verifying the identify of their citizens, or to make money from
it, but it is absolutely central to how any society functions.

Identity is not dead just because some purveyors of online authentication
think it would be easier not to deal with it. In fact I think identity not
provided by states but claimed by the individual is a very interesting
unsolved problem.

~~~
bredren
Not sure what your suggesting. Are you saying there is room for some new
identity provider?

Fwiw, people have been hyping what an “interesting unsolved problem” identity
is for a long time.

As far as I can tell, the existing solutions are more than good enough that
any additional hacks are already built on top of them.

~~~
grey-area
I'm suggesting that, contrary to the article's thesis, bitcoin's thesis and
the parent's assertions, identity is central to many core functions of our
society and is not something to be elided or ignored.

Identity is not dead, nor does it deserve to die.

Is there room for a corporate or distributed version of identity? Probably,
but it might have to wait for the power of nation states to wane further, and
it needs to acknowledge that identity is a core concern in many of these
domains.

------
sonnyblarney
Identity, Single Sign On, and 'information gleaned for marketing' etc. are all
different overlapping issues.

Truly there are almost zero situations in which an entity needs to know your
real identity. You bank, surely, but you go into the bank to do that.

Single Sign on via Google and FB is now normative because they're ubiquitous
and convenient, and of course, FB id's come with a greater possibility of
legitimacy, and nice FB pixel marketing data.

I suggest that thre is something that could work, it just needs to be put
forward by a credibly entity that for whatever reason feels it's in their
interest, whereupon those interests are not entirely conflicted with the
individuals right to privacy.

~~~
mLuby
>Truly there are almost zero situations in which an entity needs to know your
real identity.

1000 percent this!

What entities _really_ need to know to do their function is shockingly small
compared to what they ask for. Here are some examples:

\- Bank: proof you are authorized to make decisions for a given bank account.
(Possibly jurisdiction info if the government forces banks to screen on
citizenship.)

\- Voting: proof that you didn't vote twice. (Possibly jurisdiction info if
you are only allowed to vote in a specific area.)

\- Job: a nickname, contact info, where to send compensation, a way to grant
(and revoke when terminated) your access to non-public information. (Possibly
jurisdiction info if the government forces companies to screen on citizenship
or calculate taxes in a specific way.)

\- Social media network: way for others to connect with you (eg email).

\- Bars: (possibly proof of age, if the government forces establishments to
limit sales on that basis.)

\- Online or in-person payments: proof that the funds transferred to the
business's account.

~~~
Mengkudulangsat
> jurisdiction info

How would someone do that? How do I prove that I am right now here, to someone
else that's not physically present?

On a related note, how do I, right now, while doing this activity, prove that
I belong to this jurisdiction, and not others.

Important when buying weed online, for example.

~~~
tooop
Your delivery address proves your jurisdiction in case of weed.

~~~
vageli
> Your delivery address proves your jurisdiction in case of weed.

What if that address is a mail forwarder? How do you prove that I reside at
the delivery address?

~~~
tooop
I am just speculating but if they don't provide door to door delivery then you
probably have to upload whatever documents they need defined by law. This
clears them and it doesn't matter that they are sending stuff to a mail
forwarder as now you are committing a crime.

------
stareatgoats
No, but nice try. Identity is not dead, and attributes are a poor substitution
for identity in a number of circumstances, for a number of reasons, too many
to enumerate - but prosecutability maybe being the main one.

Also, people want to be themselves - and want others to be themselves even
online, for a multitude of reasons too, personal fame being one. A few rightly
sees this a privacy risk, and resolving this conflict is the real unsolved
issue.

Identity verification is largely solved in countries where the government (in
some cases via banks) backs such services. The US lags behind, but that's
another issue.

~~~
rotrux
> "Also people want to be themselves - and want others to be themselves..."

No, but nice try. Maybe in some circumstances, maybe even several, but this
isn't THE concern online. Anonymity is not always bad.

Anyhow my main issue with what you've said is how you've glossed over how you
think the author is wrong. What are some reasons attributes are a poor
substitution for identity as described?

------
coderintherye
Even with banks, what they really need to know is that you are not laundering
money and you pass KYC checks. Verifiable claims would be a way to pass those
checks and get a bank account without the bank needing to store any of your
personal info.

We're a long ways from that sort of thinking of course. And on that note,
there are still an estimated 1.1 billion people in the world lack _any_
recognized formal identity. There's a chance for many of them to leap frog us
by going straight to digital identities rather than carrying around cards.

~~~
cygaril
A bank needs to be able to recheck every client's status any time the rules
change (which happens on a weekly basis). If they don't hold adequate
information about their clients, that would mean suspending their accounts
until a new verifiable claim was provided.

~~~
vageli
> A bank needs to be able to recheck every client's status any time the rules
> change (which happens on a weekly basis). If they don't hold adequate
> information about their clients, that would mean suspending their accounts
> until a new verifiable claim was provided.

Exactly. Anyone who has had to deal with the OFAC list (which in reality is
every single business in the US) knows that the more information you collect
up front, the less disruptive of a user experience you can guarantee (for most
users).

------
jddj
This is one of those scenarios where it could be amazing if the whole
ecosystem were mature from top to bottom, but the incentives aren't really in
place to have it happen naturally.

As an example: I'd love to be able to allow (and then revoke) Amazon's
knowledge of my name and street address, but in the absence of GDPR-style
regulation with real teeth (or the ecosystem being so mature as for Amazon to
request delivery of a black box to identity XYZ and have some other company
request permission and fulfill it) there is no incentive for them not to store
anything I give them for eternity upon gaining access once.

------
macawfish
Don't expect it to go out without a fight.

------
dredmorbius
"Identity" is who you are, not something you have. It's not an attribute
assigned by some other party.

Digital systems traffic in _identifiers_ \-- strings of some sort, usually,
which purport to identify one and only one ... something. A person, a
business, a role. The holy grail is that no one such identity (the actual
behind-the-identifier entity) has multiple identifiers, though this always
fails, least of all because developers and authorities require flexibility.

What identifiers actually track, mostly, is _relationships_ , between some
individual, and ... well, some interested party. Are you a homeowner, patron,
customer, insured, user, employee, employer, vendor, client, ...? And here, a
large part of the conundrum becomes apparent: relationships differ depending
on the relation between entities, a single individual has many relationships,
possibly (or probably) with even a single other party.

Much of the attempt to track identity comes down to credit (or creditability),
rights, trust, entitlement, responsibility, or other _ongoing relationships
over time_. Are you the individual who has a legitimate claim to the contents
of a bank account? Or a data storage account? Are writings A, B, C, and D the
work of one or multiple individuals? Is that individual (or individuals)
credible? If I want to listen to a musical performance, do I owe you a
payment? If you listen to a musical performance of mine, how do I assert, and
correctly collect on, a payment claim? Are you claiming to be A but are
actually B? Is this transaction potentially fraudulent?

Some claims are more enduring and critical than others. Entitlement to a
pension or government social insurance claim. Tax liabilities (or refunds).
Voting. Others are inherently limited -- for all the risks of fraud in
commerce, once a transaction has conclusively completed (and the tax office
gets its vig), identity is largely moot.

(Service-based relationships change this, though whether that's worth the
hassles is another question.)

In-person assertions of identity, as with voting, are expensive to spoof,
particularly at scale. This is why the interesting acts of voting fraud very,
very, very seldom involve individuals voting multiple times -- the costs are
too high given the desired benefits. Far easier to corrupt the process
elsewhere: eligibility, ballot formats, voting places, counts, and the like.

The power and curse of digital information it is independent of presence.
Actions can be taken independent of place, and often of time. One work-around
is to require an in-person registration at some periodic interval, or
anchoring to a specific location (as with mailing addresses), or to payment.
That last is why financial transactions records are so hotly sought: there's
literally a cost to creating these, hence they're vastly higher quality than
other data. (In the data analysis world, data tied to payment is virtually
always more reliable than data which isn't: in U.S. health care data,
procedure data, on which payment is based, is far more reliable than
diagnosis. And since payments are contingent on both, each is gamed (through
physician billing coding software) to maximise revenue.)

------
motohagiography
Worked on digital identity for government services in a variety of ways
(public and private sector) and its applications in broader society some years
ago, here were my findings:

\- identity requires the ability to bear risk.

\- an identity not blessed by government bears very limited risk.

\- the use case for government issued identity is only in enforcement (fines,
taxes, service eligibility, etc.)

\- The private sector does not need "strong," identity for anything other than
credit/collections, for which banking IDs are the legitimate portal to govt
identity today. There isn't a consumer driven use case for "strong" identity.

\- "strong" identity reduces to being sufficient to target that person with
court ordered violence. Everyone talks around it, but that's what they mean.

\- an alternative strong identity provider is a de-facto state. (looking at
you, FB/AAPL/GOOGL)

The attribute based models are technically interesting, but what we are really
talking about is equivalent to financial instruments and securitization of
identity.

The quality of any given individual identity assertion can bear up to a
certain amount of risk. A tranche of identity assertions can bear even more
risk, as the failure of some does not significantly impact the rest of them,
and the cost/benefit of accepting the tranche is greater than the projected
loss.

Futuristically speaking, the most likely identity technology two decades from
now will be a set of collateralized attributes tied to securities, and ones
that are asserted as bearing risk up to a certain grade. The rehypothecation
or leverage on that identity will be a part of its score, which relying
parties will assess and request additional collateral on accordingly. It
sounds complicated, but it's not.

What such a "securitized," identity (so-called anonymous ID) breaks is the
income tax and other individual enforcement use cases, where transaction taxes
are viable, but tying them all back to a single state issued identity becomes
unfeasible. The trade off is like the one we're encountering with
cryptocurrency today, where it's useful for everything except state approved
markets.

What's most likely is that innovation in identity will happen in countries
where mature public services that require income taxes are not an impediment.
e.g. the way that "developing," countries leapfrogged rich countries on
wireless telecoms because they didn't have sunk costs in copper
infrastructure, similar countries will leapfrog rich countries on digital
identity and commerce because they don't have as much of a sunk cost in a
strong government identity-based taxation model. When you look at how taxation
works in resource-based (oil) and tourist (island) economies vs. services
economies ("on shore"), they have more opportunity to facilitate digital
identity services.

Identity is not dead, it's just that identity is not about identity.

------
miki123211
I think we don't really need identity, per se. What we really need is a system
like this.

1\. ANyone with a public key can become an identity provider. Services will
only work with a list of authorized providers, though. The list should be
supplied by the govt, or some external, trusted org (like Visa for credit
cards). When authorizing, data management policies and security should be
reviewed, and policies should be enforced, i.e. how claims are verified,
ability to port out to a different provider etc.

2\. Organizations like the government would have some number or token, and the
provider used by every citizen. Information about them, like their age, them
being convicted, having unpaid depts etc. would be sent as cryptographically
signed claims to the provider. To be authorized, a provider must promise to
not reject any valid claims.

3\. When authorizing with an external service, a request should be sent to the
user's provider. Then, the user should be authenticated to it, shown what the
service wants, and, upon approval, the request should be fulfilled.

4\. Services would usually request assertions (fail if the conditions I've
just sent you aren't true). Assertions could include:

\- The user must have an age claim signed by the govt where age > 18.

\- The user must not have a valid "has some credit problems" claim.

\- The user has a citizenship claim from the state of California or the state
of Nevada.

\- The user doesn't have a "convicted" claim where date of conviction >= 2010.

\- the user doesn't have a "banned" claim, signed by me. As a blog author, I
could use that to not identify users across visits, but block spammers easily.
\- The user has a "personalInfo" claim from a government. This would be used
to ensure that, in case this user does something really bad, a court could
force the provider to link the token given to us to a specific, living person.

5\. Services could also request capabilities, like the capability to send
information to the user (without getting their email address), to get the same
token across visits (which wouldn't be the default), to transfer $15 every
month from their account for the Netflix subscription.

6\. If there was no other way, services could also request access to
information, like the user's home address for a pizza delivery service, or the
user's location for Uber.

7\. All requests could be one time or continuous.

8\. All services would need central authorization for getting any sensitive
data.

This model wouldn't make the user experience suck, provide the companies with
what they need, and npt expose too much data unnecessarily.

~~~
tomjen3
You would also need a GDPR requirement that the user doesn't have to provide
info he doesn't want to, and that is not a reason to deny service (e.g bar
doesn't get to demand your age, only above 21 or not).

It also assumes that users providers will be forced to store information on
your behalf (such as the knowledge that the user has been banned).

~~~
miki123211
This should be part of authorization, as I've said before. ANy provider proved
of commutting fraud in that aspect would need to be banned, immediately. THis
wouldn't even need to be a law, simple, app Store like guidelines would
suffice.

