| version 1.88, 2009/05/06 16:26:15 |
version 1.90, 2009/05/06 16:55:19 |
|
|
|
| |
|
| <h5
id="idauth.what.transition">The Transition of Identity from the
Physical to |
<h5
id="idauth.what.transition">The Transition of Identity from the
Physical to |
| the
Virtual.</h5> |
the
Virtual.</h5> |
| |
|
| <p>Governments and
citizens communicate using online methods increasingly and |
<p>Governments and
citizens communicate using online methods increasingly and |
| for many purposes. And in the
numerous types of these communications between |
for many purposes. And in the
numerous types of these communications between |
| government and citizens there
are varying needs or requirements for both |
government and citizens there
are varying needs or requirements for both |
| parties to identify
themselves or authenticate the transaction which include: |
parties to identify
themselves or authenticate the transaction which include: |
| privacy of the identity of
the citizen, the transaction and the information |
privacy of the identity of
the citizen, the transaction and the information |
| contained in the
communication, the assurance to the citizen of the identity
of |
contained in the
communication, the assurance to the citizen of the identity
of |
| the government agent or body,
the legal requirements that may bind a citizen |
the government agent or body,
the legal requirements that may bind a citizen |
| and government agency to the
accuracy or agreement contained in a transaction, |
and government agency to the
accuracy or agreement contained in a transaction, |
| and the reliance on outside
parties the tools and implementation of identity |
and the reliance on outside
parties the tools and implementation of identity |
| and
authentication.</p> |
and
authentication.</p> |
| |
|
| <p>The main difficulty that must be overcome to
advance online identification |
<p>A
major difficulty that must be overcome to advance online
identification |
| and authentication is the
lack of coherent analogies to the forms and protocols |
and authentication is the
lack of coherent analogies to the forms and protocols |
| that have endured for
centuries in which face to face or physical |
that have endured for
centuries in which face to face or physical |
| representations were the main
methods of assuring identity and authentication. |
representations were the main
methods of assuring identity and authentication. |
| Complicating the transition is the fear by both the
government and the citizen |
Another
Complicating the transition is the fear by both the government and
the |
| of losing
control of identity which can have more profound and wide
ranging |
citizen of
losing control of identity which can have more profound and
wide |
| effects
than were previously possible. On the other hand, the
advantages, |
ranging
effects than were previously possible. On the other hand,
the |
| adoption
and efficiencies of electronic communication are pushing societies
to |
advantages,
adoption and efficiencies of electronic communication are
pushing |
| rapidly
adapt to this new world.</p> |
societies
to rapidly adapt to this new world.</p> |
| |
|
| |
<p>The issue of how governments provide assurance of
their own identity to the |
| |
citizen is
also very different from the physical world. Where postal
addresses |
| |
of
government buildings are easily verifiable and how civil servants
are |
| |
clearly
identified by badges, the location of their office and other
accepted |
| |
methods, on
the Internet those identities are harder to prove and not
easily |
| |
transformed
from the physical manifestations. And in the age of Internet |
| |
subterfuge
and phishing, governments struggle to recreate and synthesize
an |
| |
Internet
identity.</p> |
| |
|
| <h5
id="idauth.what.myth">The Myth versus Reality of Physical Forms of
Identity |
<h5
id="idauth.what.myth">The Myth versus Reality of Physical Forms of
Identity |
| and
Authentication</h5> |
and
Authentication</h5> |
| |
|
| <p>In creating online
analogies to how identity and authentication worked, it |
<p>In creating online
analogies to how identity and authentication worked, it |
| helps to better understand
the actual practices of authentication rather than |
helps to better understand
the actual practices of authentication rather than |
| the many myths and
assumptions. For example, signatures were not always |
the many myths and
assumptions. For example, signatures were not always |
| analogous to biometric forms
of authentication and identity was more assumed |
analogous to biometric forms
of authentication and identity was more assumed |
| than verified with certain
exceptions. On the other hand, the physicality of |
than verified with certain
exceptions. On the other hand, the physicality of |
| identity and authentication
made mass forgeries and identity theft less |
identity and authentication
made mass forgeries and identity theft less |
| prevalent and less impactful
on the persons whose identity was being stolen. |
prevalent and less impactful
on the persons whose identity was being stolen. |
| And in the relative short
time of the World Wide Web and mobile phones the |
And in the relative short
time of the World Wide Web and mobile phones the |
| nature and social forms of
identity are being created anew in ways that are far |
nature and social forms of
identity are being created anew in ways that are far |
| beyond the understanding and
capabilities of the world prior to 1991. And the |
beyond the understanding and
capabilities of the world prior to 1991. And the |
| ability to both verify and
falsify the nature of reality creates complications |
ability to both verify and
falsify the nature of reality creates complications |
|
|
|
| third party involvement
of software, vouching organizations and network |
third party involvement
of software, vouching organizations and network |
|
actors.</li> |
actors.</li> |
| </ul> |
</ul> |
| |
|
| <p>There are many types
of online communication between citizen and government |
<p>There are many types
of online communication between citizen and government |
| that used to depend on a
signature placed on a piece of paper in the presence |
that used to depend on a
signature placed on a piece of paper in the presence |
| or not of witnesses. There
were many less formal communications in which |
or not of witnesses. There
were many less formal communications in which |
| identity was hidden or not
important, because the citizen was only one of many |
identity was hidden or not
important, because the citizen was only one of many |
| people expressing a
viewpoint. And in others the physical presence of the |
people expressing a
viewpoint. And in others the physical presence of the |
| citizen was required even if
the transaction was anonymous, as in many forms of |
citizen was required even if
the transaction was anonymous, as in many forms of |
| electoral procedures. In
transforming those communications from physical to |
electoral procedures. In
transforming those communications from physical to |
| virtual, the purposes behind
the need for identity and authentication should be |
virtual, the purposes behind
the need for identity and authentication should be |
| of the highest consideration
and the actual physical methods should not, except |
of the highest consideration
and the actual physical methods should not, except |
| where social practices
outweigh any of the advantages of technology.</p> |
where social practices
outweigh any of the advantages of technology.</p> |
| |
|
| <p>And, except in accepted in transactions that might
have dangerous or |
<p>And, except in a small percentage of transactions
that might have dangerous |
| catastrophic implications at the point of the transaction,
the need for |
or
catastrophic implications at the point of the transaction,
authentication |
| authentication and identity should be balanced
with:</p> |
and
identity on the public side of a transaction should be enhanced
by:</p> |
| <ul> |
<ul> |
|
<li>privacy concerns,</li> |
<li>providing privacy protection,</li> |
| <li>avoiding
burdensome requirements or costs,</li> |
<li>avoiding
burdensome requirements or costs,</li> |
| <li>avoiding
unnecessary levels of pre-authentication (where the
transaction |
<li>avoiding
unnecessary levels of pre-authentication (where the
transaction |
| if the first of a series
of communications and/or where other off-line |
if the first of a series
of communications and/or where other off-line |
| forms of communications
are used for authenticating),</li> |
forms of communications
are used for authenticating),</li> |
| <li>avoiding forcing
identity to be divulged when unnecessary or counter to |
<li>avoiding forcing
identity to be divulged when unnecessary or counter to |
| the
purpose,</li> |
the
purpose,</li> |
| <li>and avoiding the
reliance on outside parties to supply authenticating |
<li>and avoiding the
reliance on outside parties to supply authenticating |
| credentials as the sole
means of authentication.</li> |
credentials as the sole
means of authentication.</li> |
| </ul> |
</ul> |
| |
|
| <p>Personal identity
verification is not the only aspect of identity in online |
<p>Personal identity
verification is not the only aspect of identity in online |
| transactions: other
characteristics and types of status will be wanted |
transactions: other
characteristics and types of status will be wanted |
| including identification of
jurisdiction (either in terms of the location of |
including identification of
jurisdiction (either in terms of the location of |
| the transaction or the
residence), the status of residence or citizenship, |
the transaction or the
residence), the status of residence or citizenship, |
| certifications (e.g. medical
license), employment status, etc. Also the |
certifications (e.g. medical
license), employment status, etc. Also the |
|
|
|
| opportunities and
flexibility in transacting business with their |
opportunities and
flexibility in transacting business with their |
|
government.</li> |
government.</li> |
| <li>Saved resources
as the cost of transactions can be much less for both the |
<li>Saved resources
as the cost of transactions can be much less for both the |
| citizen and
governments.</li> |
citizen and
governments.</li> |
| <li>Enhanced security
for transactions when properly implemented.</li> |
<li>Enhanced security
for transactions when properly implemented.</li> |
| <li>Enhanced privacy
for citizens when properly implemented.</li> |
<li>Enhanced privacy
for citizens when properly implemented.</li> |
| </ul> |
</ul> |
| |
|
| <p>Potential
Drawbacks:</p> |
<p>Potential
Drawbacks:</p> |
| <ul> |
<ul> |
| <li>Cheaper and more
likely for bad actors to try and interfere with |
<li>Cheaper and more
likely for bad actors to try and interfere with |
| transactions. Phishing
attempts flourish as the value of transactions |
transactions. Phishing
attempts flourish as the value of transactions |
|
increase.</li> |
increase.</li> |
| <li>Decreased privacy
if poorly implemented.</li> |
<li>Decreased privacy
if poorly implemented.</li> |
| <li>Increased
liability for citizens depending on how laws are written |
<li>Increased
liability for citizens depending on how laws are written |
|
concerning online transactions.</li> |
concerning online transactions, especially as there are third
parties |
| |
involved in software or identity/authentication management that are
made |
| |
necessary for transactions.</li> |
| </ul> |
</ul> |
| |
|
| <p>Identity and
authentication allow for many types of online activities and |
<p>Identity and
authentication allow for many types of online activities and |
| transactions. Identity is
often used for gating and/or authorization, as in |
transactions. Identity is
often used for gating and/or authorization, as in |
| only certain identified
persons can have access to specific information or |
only certain identified
persons can have access to specific information or |
| software. Identity is also
used as a social control method, for example to |
software. Identity is also
used as a social control method, for example to |
| avoid anonymity where the
anonymity might lead to inappropriate dialogue. |
avoid anonymity where the
anonymity might lead to inappropriate dialogue. |
| Authentication is a primary
means to ascertain the validity of a transaction |
Authentication is a primary
means to ascertain the validity of a transaction |
| and the identity of the
parties to the transaction, as in a legal document that |
and the identity of the
parties to the transaction, as in a legal document that |
| must be authenticated in case
of a court case. And significantly, tracking the |
must be authenticated in case
of a court case. And significantly, tracking the |
| identity of the sender or
recipient of electronic disbursement of money for |
identity of the sender or
recipient of electronic disbursement of money for |
| auditing
purposes.</p> |
auditing
purposes.</p> |
| |
|
| |
<p>The question of the role of third parties in the
establishment of identity |
| |
for
governments and citizens is a potential hazard. Governments now use
third |
| |
parties to
prove identity and authentication (the <abbr |
| |
title="Government Printing Office">GPO</abbr> of
the US Government uses at the |
| |
time of
writing a commercial firm to both provide identity and
authentication |
| |
for some of
its posted documents). Also, if individuals are pushed to
use |
| |
software
and identity provided by non-governmental entities, without
guaranteed |
| |
protection
for the individual against failure of the software or
identity, |
| |
systems may
lose the trust of the citizens.</p> |
| |
|
| <h4 id="idauth.how">How
Can the Use of Identification and Authentication |
<h4 id="idauth.how">How
Can the Use of Identification and Authentication |
| Technology be
Achieved?</h4> |
Technology be
Achieved?</h4> |
| |
|
| <h5
id="idauth.how.legal">Legal Dependencies</h5> |
<h5
id="idauth.how.legal">Legal Dependencies</h5> |
| |
|
| <p>Governments may need
to pass legislation that allows or provides the legal |
<p>Governments may need
to pass legislation that allows or provides the legal |
| permission for
authentication. In the United States, the Government
Paperwork |
permission for
authentication. In the United States, the Government
Paperwork |
| Elimination Act was enacted
to provide the positive law to allow transactions |
Elimination Act was enacted
to provide the positive law to allow transactions |
| that previously only been
allowed with paper and pen, especially when |
that previously only been
allowed with paper and pen, especially when |
| identification and
authentication were necessary for the transaction. Other |
identification and
authentication were necessary for the transaction. Other |
| government entities have
created laws to allow for electronic |
government entities have
created laws to allow for electronic |
| authentication.</p> |
authentication.</p> |
| |
|
| <h5
id="idauth.how.tech">Technological Methods for Identification
and |
<h5
id="idauth.how.tech">Technological Methods for Identification
and |
| Authentication</h5> |
Authentication</h5> |