[Dave Birch] I was at a workshop last week with a whole bunch of other people to discuss possible architectures for a public sector sort-of entitlement card (I can’t say what for as that would give it away, which I’m not supposed to do). I was really cheered to hear, quite unprompted, someone put forward the idea of pseudonymity as a way to balance some security and privacy issues. To hear the term introduced into a conversation at that level is, frankly, music to my ears.
It’s now a decade since I published my first paper suggesting that the combination of smartcards as a platform and pseudonymity as a concept, might provide a practical solution to the problem of identity management in a networked age. For anyone interested, it was “Smartcards and Pseudonymity” in the proceedings of “Smart Card Technologies”, an IBC conference held in London in October 1996.
To see why I’m so enthusiastic about it, consider the “chatroom paradox” that I’ve written about before: Your kids want to go into a chatroom to discuss [insert name of popular beat combo here]. You will allow them to do this but only if you know who everyone else in the chatroom is. However you will not allow your children to reveal their real identities in the chatroom, so you end up with an unsatisfactory situation. Everyone wants everybody ELSE to provide full disclosure but they don’t want to do it themselves because they don’t trust everybody else. Now imagine a situation where the school issues the children with certificates that confirm that they are in fact of a certain age, in a certain geographic area or whatever, but the children are allowed to choose their own pseudonyms. The chatroom can now verify the certificates on entry so I can be sure that all the other nyms in the chatroom are actually children and not FBI agents or whoever. Similarly the other nyms can verify that my children are actually children without having any idea who they are. If one of the nyms misbehaves, then the certificate issuer (ie, the school in this case) can easily tell the plod who the miscreant is. Pseudonymity does not provide a means of getting away with anything. I wonder if we’re finally getting somewhere in producing a realistic solution to a key identity problem, or am I reading too much into one mention of my favorite word?
I still think that pseudonymity provides a potential architecture for online identity that delivers both privacy and security!
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers