Quite a few people tweeted or posted about the announcement of IBM’s “new” technology in the identity space, now available to developers on its Bluemix cloud platform. Here’s a typical example.
Back in January — on Data Privacy Day, no less — IBM announced Identity Mixer, a new technology for protecting users’ personal data during authentication.[From New IBM tech lets apps authenticate you without personal data | Computerworld]
If this new “Identity Mixer” technology sounds familiar to you, it may be because five years ago it won a well-deserved prize.
Munich, Germany, 5 May 2010—IBM Research was honored with the Best Innovation European Identity Award 2010 from Kuppinger Cole, an analyst firm focused on information security, identity, and IT governance. IBM’s Identity Mixer technology was recognized for its pioneering work that offers simultaneously both strong authentication and privacy.[From IBM Research – Zurich | News]
Now, don’t get me wrong. I think Identity Mixer is a great technology, and IBM’s Zurich research laboratory has done some great work in this space, and I wholeheartedly agree with the idea of using pseudonymity as a means to deliver both security and privacy into the mass market in an effective way.
In its simplest form, Identity Mixer works similar to traditional attribute-based credentials with a few crucial differences. Each user has a single secret key but can have multiple public keys that correspond to it. In a way, this secret key is the user’s secret identity, and users can derive as many public identities from it as necessary.[From Identity Security and Privacy for Electronic User Authentication]
This is a good model for identity. If it sounds familiar, it’s because you will have read something similar in “A Model for Digital Identity” by Neil McEvoy and me in that seminal tome “Digital Identity Management: Technological, Business and Social Implications“, edited by yours truly (Gower: 2007). It’s on pages 95-104, for ready reference. In that chapter, Neil and I put forward the idea that digital identity as a bridge between mundane and virtual identities makes sense in many different ways, one of them being that the use of multiple pseudonymous virtual identities (what the above article means by “many public identities”) is a great way to move forward and a great way to think about identity in an online world. Now, back in 2007, we weren’t the only people thinking this way, because IBM announced a great new technology that was built on the same lines.
Armonk, NY, and Zurich, Switzerland, 26 Jan 2007—IBM (NYSE:IBM) today announced software that allows people to hide or anonymize their personal information on the Web, ensuring protection from identity theft and other misuse. Developed by researchers at IBM’s research laboratory in Zurich, Switzerland, the software—called Identity Mixer—will enable consumers to purchase goods and services on the Internet without disclosing personal information.[From IBM Research – Zurich | News]
Note that when this announcement was made in 2007 the IBM version of the concept was already more than five years old. You can read about it in Camenisch, J. and E. V. Herreweghen (IBM Research, Zurich), “Design and implementation of the idemix anonymous credential system” in the Proceedings of the 9th ACM conference on Computer and communications security (Washington DC, 2002). The new technology that people were telling me about this week has been around for at least 14 years and probably longer.
So, whatever Identity Mixer is, the one thing it is not is new. Hence one is forced to ask the question that if it is such a good idea, how come we’re not using it? Why doesn’t my iPhone allow me to log in to apps and services while selecting dynamically between Dave Birch (my personal ID), David G.W. Birch (my work ID), Leadbelly Gutbucket (my games ID) and Lord Tantamount Horseposture (my ID for arguing with people in newspaper comment sections)? Is the concept of multiple identities and pseudonymity just too difficult for the mass market? I’m genuinely curious to hear what you think!