by Julie Bea
October 27, 2012
Fencing the Internet:
Identity Management Launched in the UK
gated community on the Internet is about to take shape.
It begins with
identity and deals with mis/trust; sorting the wheat from the chaff. It
facilitates auditing of all e-transactions, to fight cybercrime and ensure
This is the new smart world, where control of identity is key.
Eleven years in the making, the system of
Management (IdM) is backed by those with the most to protect, and will bring
in Internet Governance by the back door. It will give everyone a unique ID,
for life, and make us all very careful about what we do online, as all
e-transactions will be marked with the time, date, and identities of those
All the public is being told, however, is that we need these measures to
protect against identity theft, and other cybercrimes, and that surfing the
Net will be easier.
IdM experts in the US have just released a short draft
envisaged for online ID:
Mary is tired of remembering dozens of user
names and passwords, so she obtains a digital credential from her
Internet service provider that is stored on a smart card [and so] is
willing to conduct more sensitive transactions...
logging into her bank
and obtaining digital cash
buying a sweater at a new online retailer
signing documents to refinance her mortgage
reading the note her doctor
left in her personal health record
sending an email to confirm dinner
with a friend
checking her day's schedule on her employer’s
government has just
announced its intention to offer a digital sign-in to access government
Coverage of this report suggests
Facebook will be used as an Identity
Provider (IdP), but a little digging reveals that Facebook could only be
used for low-security log-ins, such as browsing websites.
identity ecosystem (below video)
all online identity
protocols work together under the same set of
Governance is achieved by bringing the
Frameworks for all the various ID systems into
alignment with global standards.
Websites will be
to display a
show that they can be trusted as a ‘relying party’, and can interact
with consumers through their IdP.
As more websites and people sign up, the
trusted community expands, and the Identity Providers (and governance
bodies) become the Internet gatekeepers, especially since all online
payments will require authentication, and cash is on its way
Some privacy groups point out the UK plan is not a centralized government
database, and there is no physical ID card.
These points are irrelevant
since databases do not need to be centralized, just accessible - and
card’, for people without
a smart phone is likely, as it
authentication to the password.
All of this brought to you by the Identity Providers, most of who have
designed and promoted this system from the start.
You will be asked to trust banks and corporate giants (yes, really),
...with your credentials.
Sure, you get
to spread them around a little, but they will be in far fewer places, and
marked with your ID number.
Providers are all linked under one system (i.e. ‘federated’), and the
same sets of
rules, such as those
devised by the TSCP, whose members
Identity management is the way the Internet of Things (IoT) is
controlled; this involves gathering vast amounts of personal data.
of this, ID chips will be placed into most everyday objects, such as
clothing, indicating our behaviors and preferences.
Each object will be
tracked against the identity of its owner, hence each person and each object
needs to have a unique ID, enabled by
trillions of unique ID address spaces created by
IPv6. Thus, each
entity has a signifier to denote its attributes, so it can be understood by
complex computers; this enables efficient processing of 'things', and their
relationships, in the information network.
Data is king;
telecoms and banks have "merged
to surge" in this age of everything everywhere enabled by smart phones
Data sharing is the focus, as foreseen by
dozens of Internet giants back in 2001;
Sun Microsystems (below video),
in opposition to the launch of ‘Passport’ by
Microsoft, formed the
together with companies which included,
Royal Mail Group
Morphing into the Kantara Initiative in 2009, the group has worked closely
with the International Telecommunications Union (ITU)
over the years, developing standards to ensure global interoperability.
The Alliance began working with governments around the world in
2006, when the UK government won the Liberty Alliance IDentity
Deployment of the Year
Award , as,
“international recognition of outstanding work around open,
interoperable authentication in the e-government sector”,
...achieved with a
one-time password system, for filing tax returns, etc., as is now being
proposed as part of the “digital
by default” design.
Evolving from these concepts is the real standard setter for the global
identity ecosystem - the
launched in 2011 by the U.S.
government (below video):
report by the NSTC Subcommittee on Biometrics and Identity Management
(2011) expects smart phones, and their “expanding
… provide secure user authentication for
trusted transactions and still allow for forensic analysis of
transactions under judicial authority when cause is shown.
The identity ecosystem gives you privacy from
most but not all.
You will have little to no control over your identity,
because the Identity Provider holds the purse strings, and simply ‘allows’
you to take out a token (an ‘attribute’)
sometimes and show it to someone, but then you’ve got to put it back in the
purse, because the purse does not belong to you.
IdP can show all the tokens in the purse to third parties, namely
neuromarketers and law enforcement agencies (the data is also invaluable to
researchers, insurance companies, and employers).
But the IdPs hold the
purse strings, and profit directly from the data they hold on you.
Numbered, ranked, and kept in line - and
to the nth degree - the commodification of identity adds
reputation capital gained from online status and changes the game of
commerce; risk, liability, and non-repudiation.
The simple fact that IdM allows for auditing and forensics will be enough to
radically alter behaviors and relationships.
Day-to-day ID control will
entail the persistent monitoring of our biometrics to counter identity
spoofing, while smart phones will become too
valuable to lose (below video):