Written by Technorati Tags: internet, security
It’s now a decade since I published my first paper suggesting that the combination of smartcards as a platform and pseudonymity as a
concept, might provide a practical solution to the problem of identity management in a networked age. For anyone interested, it was "Birch, D. Smartcards and Pseudonymity in proc. of Smart Card Technologies, IBC (London: October 1996)".
To see why I’m so enthusiastic about it, consider the "chatroom paradox" that I’ve written about before: Your kids want to go into a
chatroom to discuss [insert name of popular beat combo here]. You will allow them to do this but only if you know who everyone else in the chatroom is. However you will not allow your children to reveal their real identities in the chatroom, so you end up with an unsatisfactory situation. Everyone wants everybody ELSE to provide full disclosure but they don’t want to do it themselves because they don’t trust everybody else.
Now imagine a situation where the school issues the children with certificates that confirm that they are in
fact of a certain age, in a certain geographic area or whatever, but the children are allowed to choose their own pseudonyms. The
chatroom can now verify the certificates on entry so I can be sure that all the other nyms in the chatroom are actually children and not FBI agents or whoever. Similarly the other nyms can verify that my children are actually children without having any idea who they are.
If one of the nyms misbehaves, then the certificate issuer (ie, the school in this case) can easily tell the plod who the miscreant is. Pseudonymity does not provide a means of getting away with anything.
I wonder if we’re finally getting somewhere in producing a realistic solution to a key identity problem, or am I reading too much into one mention of my favorite word?
