Chapter-05
"How Things Got This Way"
Cowboys know how to handle themselves on the open range. Further, an open-range cowboy has no use for buildings—office buildings, schools, department stores, or any other type of enclosure. The cowboy is just fine sleeping under the stars.
But our children are spending time online chatting away with strangers under the open sky. Our important files are sitting out there in the open, in piles among the sagebrush. Critical resources by which we manage utility and information infrastructures are strewn around the desert sand as though they were so many prospectors’ pickaxes.
Why has the world paid so much attention to the open-range cowboys? Why do we treat our Internet as though it still fits their romantic but delusional notion of their frontier Internet? Why does the world resist the construction of useful online bounded spaces?
The answer is that the new online space is developing in a manner very similar to the American West. As with the West, there are strong traditions to be dealt with. The romantic notion that the plains must remain open is one of the strongest of the Internet traditions. Tradition has a reputation as something that is built over long periods of time, but there are Internet traditions that are stronger than any of those of the Roman Catholic Church. The strongest of those is the open-plains tradition.
Now, a lot of programmers who were used to Digital’s earlier operating systems did not like those boundaries. They were used to being cowboys on the open range of computing, having all the address space rangeland available for their roaming. But even if we assume that roaming was with the intent of being productive, that presented a problem. Though the cowboys knew that more people were using their computer systems and therefore things had to change, they were nevertheless as hostile and vocal as were the open-range cowboys of the Old West about the new boundaries.
The people who built VMS tried to explain to management in their customer companies why their computer had become too important and too complex to allow the cowboys to continue to roam free. But the cowboys were right down the hall in the engineering computing department, while Digital was a vendor from somewhere in central Massachusetts. So the customers told the vendor, “Our technical people say the access and privilege controls in VMS cramp their style. They say they make them less productive.” Well, of course. And wouldn’t we all like to have unfettered access to the situation room at the White House, and the anchor desk at NBC, and for that matter the offices of the IRS. Wouldn’t that kind of freedom make one more “productive” in entirely new endeavors?
But management didn’t understand what Digital was trying to tell them—that the reason their software people were saying, “Don’t fence me in” was precisely the reason they needed to be fenced in. Think about it: when was the last time someone told you they needed stronger controls imposed on themselves to prevent them from doing you harm? The “technical folks” were the in-house experts. They insisted on being allowed to roam free.
TECO was great fun to use. It was one of those editors that assumed you could keep an entire detailed picture of the file you were working on in your head; it was macho to work in TECO for half an hour without ever asking it to display the contents of the file you were working on. You could move mountains with a few very terse commands. You could inadvertently destroy the company’s receivables files with a single misplaced punctuation mark. At best, in the hands of a well-intentioned worker, TECO was a big hazard. In the wrong hands, TECO was as dangerous as an angry open-rangeland cowboy with a score to settle in modern downtown Oklahoma City. (“Boss, he’s not going to do any harm. All he’s got in that truck is diesel fuel and fertilizer.”)
VMS was distributed with a warning: unless you have a very specific reason for keeping TECO, the first thing you should do is make sure it does not get installed with the operating system. If for some reason it gets installed, get rid of it right away. But at most VMS sites, if you typed “teco” at the command prompt, there it was. TECO typically got installed—and kept. Why? Why would those responsible for such systems leave such a hazard lying around?
Systems people understood how dangerous it could be. But it could also be immensely useful. And after all, who did the installation of an operating system but those who would use it most. Management typically never saw the distribution package, and if they did, their attitude was “My software people said they needed it.” Sure, and your facilities department could probably move walls more quickly if you’d only let them use dynamite to do the job like they asked.
The irony is that without TECO, VMS is one of the most rock-solid-secure and rugged systems around, a marvel of software engineering.
The TECO story has an exact parallel in the Internet world. Somehow the open-range cowboys have got us convinced that the construction of walls and the designation of specific uses and behavior for specific enclosed spaces are tantamount to destruction of the First Amendment. And the bad consequences of the open-range tradition don’t stop with hazards that are visible on the screen. The tradition leads us to believe that we are in a kind of free-will heaven, when in fact it is appallingly easy for any company or government, or even an individual with money, to snoop on our every move while we are on the Net.
The Internet is sometimes still characterized as a highway system. If only we thought of it as just that, and asked ourselves what happens after highways are built. While we do use highways to get to parks and open land, most of what we transport ourselves to with highways are office parks, hotels, conference centers, meeting places, and residences. For those of us who do not spend our days cruising the Interstates just for the joy of being on the open road, those bounded spaces are what make our physical highways truly useful.
Why should it be any different with our online spaces? Should our online highways not also bring us to bounded, secure, manageable online spaces? Is it not precisely the absence of such spaces that causes the problems that we write about?
Furthermore, our physical highways themselves are not exactly places of anarchy. Vehicles are registered, and every vehicle registration is linked to a driver’s license or corporate identity or other means of holding people responsible for the drivers’ actions.
Why then is our online highway system a place of total anarchy and host to a huge number of roadside stands, bars, rest areas, and other public facilities that common sense tells us should be bounded spaces? For some reason we let those who built the highway tell us that everything is a highway, that you can’t use the highway to get to places that are not highways.
Why do we conduct business by the side of the highway? Why do we let our kids hang out unsupervised in Times Square, where filters called ordinances keep some of the pornography from their view but do nothing to prevent strangers from approaching them?
We do these things because the open-range cowboys who best understand the land beneath this new space, and who truly love that land, tell us that’s the way it must be. While we can understand and respect their perspective, we must understand that their perspective is not our perspective. They generally do not need the same things we do. The rest of us need bounded spaces as much in the online world as we need a roof over our heads where we live and where we work and where our kids go to school.
We cannot afford to let our policies be made and our spaces designed and governed from the open-range mindset, just because the people there have a better understanding of Internet technology than the rest of us.
Let’s take a trip. I want to ride along with you on a drive from a small village in Saskatchewan, to a hotel and office complex in Guatemala, where you and I, independent business owners, sell our products.
We go most of the distance on high-bandwidth interstate roadways made available by national governments. We go the rest of the way on roads made and maintained by villages, counties, states, and provinces. The protocol stays the same: stay to the right, stop on red, go on green.
We pass without stopping from one jurisdiction to another, village road to county road to provincial highway to Canadian national highway without having to change to a different vehicle operating on different protocols. Nobody asks us whether the car or its occupants have paid taxes or obtained licensing in that jurisdiction. We just go. Aside from stops for traffic signals, the only places where we are compelled to stop are the three national borders.
That’s the way the information roadway system works too. In fact, it works even better than that. On the information highway we never encounter a border where we must switch to driving on the left. Our packets are not stopped for inspection by customs and immigration officials. This is all very good.
But consider for a moment a big difference between the physical and online highway environments.
When we get to our destination in Guatemala, we go from highway to bounded space. We check into a hotel. The doorway to the hotel is very open and inviting, like an extension of public space. But in order to avail ourselves of the benefit of using this building there are a lot of things to be worked out. The management of the hotel wants to know who we are. They want to know how we will pay for our stay. You want to know whether you can pay upon checkout. They want you to know that you certainly can, provided they have your credit card number and a signature authorizing them to put charges on it.
In other words, they want to be quite sure of your identity in order to ensure that they will get paid.
You are given a room key. That key gives you specific rights to enjoy the use of a very specific set of bounded spaces: a guest room and a meeting room for a presentation. Service people may intrude upon the guest room unless you put a notice to the contrary on your door, in which case it is not to be entered except by you and your guests.
After we have checked in, we go to the adjoining office building to visit the firm that represents our products in Guatemala. The security guard in the lobby notes that it is after hours and you must sign in. (If it had been during the day, his role would have been different.)
On the fifteenth floor we look briefly for the sign of the firm we are visiting, then stop into an office and say who we are: “I am looking for the office of such-and-such company. Can you help me?” I have established my identity as far as that office is concerned, which is no more than a role: a lost soul from North America. I am not a customer, not one of the cleaning people, not an employee, but someone having something to do with an office neighbor. My basic entitlement in that office is to open the door and briefly ask a question. I am not entitled to walk past the reception desk. In this case a role, rather than a real identity, is sufficient.
Having been directed to the correct office, you introduce yourself to the receptionist of your rep firm and state your business. You are led to your representative’s office. She in turn takes you to a conference room where two other people join us. The conference room, like the representative’s office, has a specific set of protocols attached to it. It must typically be reserved, it is available for the use of the group in one end of the office, but another group in another part of the office may use it with permission if their own conference room is not big enough or does not have the right communications facilities.
What’s the alternative? Should we have our meetings by the side of the highway? Why would anybody want to do that? The walls and rules and locks and keys and identification protocols are precisely what make buildings. We build buildings because once the highway takes us freely to our destination we want to use specific bounded spaces for specific reasons.
We are living in an urbanized world of highly specialized human activity, but the online facilities we have built to house that activity are reminiscent of the early efforts of the Oklahoma settlers to fence in the rangeland. We need office parks and conference centers and school buildings. Yet for some reason we have left the design of our online facilities in the hands of cowboys whose object is to move cattle-packets freely from place to place and to sleep undisturbed under the stars. “Information was meant to be free!” is their battle cry.
Well, sure, that’s why we have highways. I really don’t care what you have in that truck as long as you drive it competently on the highway you share with me and my family in our minivan.
But if we happen to stop at the same motel, it’s understood that you are not free to invite my kids into your room while I’m off paying the bill at the coffee shop. We have now gone from the highway to a place with boundaries and a very different kind of rules. If we didn’t need the bounded space, we’d just pull over and sleep by the side of the highway.
Is life simpler without boundaries and rules? Sure, if you’re an open-plains cowboy. But if you live in a world with a need for organization, the idea of living under the stars on the open plains is ludicrous. Let us not repeat the mistake of the managers in organizations that left their cowboys to install and manage their VMS systems with TECO. Our networks have become a vital and integral part of our lives.
The first sentence of this chapter bears repeating:
When we spend time on the Internet, we inhabit territory that was settled by a group of people with needs and views that are different from our own.
The needs of those who manage our systems are not the same as our own needs. Our networks must be installed, configured, and managed to meet our needs. We must be in charge, and we do not need to be “technical” to direct the managers of our networks.
If you agree that identity is the foundation of security, and if the use of your computer on a network is governed by those who manage the network, then you must make your feelings known.
Most importantly, you need to install the building blocks of bounded space in your own computer
Some accidents are truly accidental; others are the result of malice. But for all the accidents I’ve seen on physical highways, I can only recall one that might have intentional. (Garden State Parkway, circa 1989, jealous girlfriend rams boyfriend’s car with her Corvette. Not pretty.)
My experience on the online highway offers a complete contrast. Surely waiting for me in my mailbox as I write this are a couple of instances of the Klez worm, perhaps a Sircam or two, and a loathsome wad of spam. All the packet-vehicles were sent forth on the information highway through some person’s intent. Anonymity is what lets them do it.
We have mentioned the Personal Intellectual Property Infrastructure, a tool for the protection of individual privacy. It allows you to use the highway without disclosing your identity to anyone unless you choose to. It implements other protections as well—if the highway is being used for illegal activity, it allows those who police the highway to use due process to learn the identity of those suspected of wrongdoing.
Privacy activists will note that due process can be abused. It was always so, and it will always be so. But because the judges and law enforcers have to digitally sign everything they do when granting and using permission to snoop, there is a complete and virtually unalterable audit trail on their actions. We have in our hands better protections of due process than have ever been available before.
P. J. Connolly, the noted InfoWorld security columnist, writes
IDENTITY MANAGEMENT is . . . important to business and consumers alike. As I’ve said elsewhere, without a simpler way to handle identity transactions, the Web services model that we’re all scrambling toward will fail.
The first Liberty Alliance specifications, released at The Burton Group’s recent Catalyst conference in San Francisco, address SSO (single sign-on; or simplified sign-on, as some prefer). The specs finally offer a credible start to the process of creating a true federated identity management scheme . . .
But there remains a false assumption in most discussions of SSO: the idea that individuals only want to present one face to the electronic world. Based on my own experience, I’m not buying it.
For starters, I figure that my online activities fall into one of at least three categories: work-related, personal, and private. The sites I visit for my work include vendor information sites, publications, and so forth. The sites I visit in my personal time would include my bank, my HMO, and other publications, with a certain overlap between the sites I read for fun and those I do for work.
Finally, there are sites I categorize as “private,” which appeal to my outlaw or prurient instincts, and shame on you for imagining what those might be. . . .
The problem lies in the overlapping between the three categories. I need to bring some of my “personal” attributes into the office—whether I’m working in the InfoWorld Test Center lab, on the road, or at home. For example, my personnel record contains more than just work-related information; it also contains my Social Security number, a copy of my passport—the kind issued by the State Department, not Microsoft—and my bank routing numbers for the payroll folks.
But you can bet your sweet bippy that I emphatically do not want my “private” attributes following me to work. Yet there’s no reason why I wouldn’t link at least some, if not all, of my work-related identities together and include some of my “personal” identities with them. I might even want to link the “private” identities, even if I don’t link them to anything in my public personae.
Any identity management scheme has to take these three aspects of a person’s identity into account if it’s going to achieve the support and usage needed to be truly beneficial. It doesn’t matter if your focus is b-to-b, b-to-c, or as I put it, “b-to-star”—business to whatever. Role-based authentication sounds nice, but in practice it is difficult to pull off. Ultimately, access rights and their like have to be applied to real, individual people and their multiple personae.
Authentication and authorization are two different things. The way to accomplish what Connolly advocates is by dealing with them separately. You shouldn’t need to resort to changing your identity in order to control what is disclosed about you. You should establish your identity and then decide who has a right to know what about you, and put that personal policy into effect through your Personal Intellectual Property Infrastructure
"How Things Got This Way"
Open-Range Cowboys
When we spend time on the Internet, we inhabit territory that was settled by a group of people with needs and views very different from our own. For sure, the territory could not have been settled without them—the Internet could never have been settled, or built, without the open-range cowboys.Cowboys know how to handle themselves on the open range. Further, an open-range cowboy has no use for buildings—office buildings, schools, department stores, or any other type of enclosure. The cowboy is just fine sleeping under the stars.
But our children are spending time online chatting away with strangers under the open sky. Our important files are sitting out there in the open, in piles among the sagebrush. Critical resources by which we manage utility and information infrastructures are strewn around the desert sand as though they were so many prospectors’ pickaxes.
Why has the world paid so much attention to the open-range cowboys? Why do we treat our Internet as though it still fits their romantic but delusional notion of their frontier Internet? Why does the world resist the construction of useful online bounded spaces?
The answer is that the new online space is developing in a manner very similar to the American West. As with the West, there are strong traditions to be dealt with. The romantic notion that the plains must remain open is one of the strongest of the Internet traditions. Tradition has a reputation as something that is built over long periods of time, but there are Internet traditions that are stronger than any of those of the Roman Catholic Church. The strongest of those is the open-plains tradition.
A True Cowboy Story from the Open Plains
Digital Equipment Corporation’s operating system, VMS, was the first interactive system to really make a complete set of secure access and privilege controls commercially available. It combined a number of identifiers of an account with a number of privileges that an account or a process had. In other words, VMS was kind of like the real urban world, asking the questions, “Who are you? What company do you work for and in what capacity? What are you authorized to do and where are you authorized to be?” That’s a fine place to start thinking about where to design the entrances and common areas and walls and doors with and without locks in a new office building.Now, a lot of programmers who were used to Digital’s earlier operating systems did not like those boundaries. They were used to being cowboys on the open range of computing, having all the address space rangeland available for their roaming. But even if we assume that roaming was with the intent of being productive, that presented a problem. Though the cowboys knew that more people were using their computer systems and therefore things had to change, they were nevertheless as hostile and vocal as were the open-range cowboys of the Old West about the new boundaries.
The people who built VMS tried to explain to management in their customer companies why their computer had become too important and too complex to allow the cowboys to continue to roam free. But the cowboys were right down the hall in the engineering computing department, while Digital was a vendor from somewhere in central Massachusetts. So the customers told the vendor, “Our technical people say the access and privilege controls in VMS cramp their style. They say they make them less productive.” Well, of course. And wouldn’t we all like to have unfettered access to the situation room at the White House, and the anchor desk at NBC, and for that matter the offices of the IRS. Wouldn’t that kind of freedom make one more “productive” in entirely new endeavors?
But management didn’t understand what Digital was trying to tell them—that the reason their software people were saying, “Don’t fence me in” was precisely the reason they needed to be fenced in. Think about it: when was the last time someone told you they needed stronger controls imposed on themselves to prevent them from doing you harm? The “technical folks” were the in-house experts. They insisted on being allowed to roam free.
TECO
Digital Equipment Corporation offered a solution to keep the technical cowboys happy with VMS—it was called TECO. It sounded innocent enough; it was called an “editor.” But calling TECO an editor is like calling a nuclear weapon a large heavy object. TECO was an editor that could go anywhere and do anything within a VMS system.TECO was great fun to use. It was one of those editors that assumed you could keep an entire detailed picture of the file you were working on in your head; it was macho to work in TECO for half an hour without ever asking it to display the contents of the file you were working on. You could move mountains with a few very terse commands. You could inadvertently destroy the company’s receivables files with a single misplaced punctuation mark. At best, in the hands of a well-intentioned worker, TECO was a big hazard. In the wrong hands, TECO was as dangerous as an angry open-rangeland cowboy with a score to settle in modern downtown Oklahoma City. (“Boss, he’s not going to do any harm. All he’s got in that truck is diesel fuel and fertilizer.”)
VMS was distributed with a warning: unless you have a very specific reason for keeping TECO, the first thing you should do is make sure it does not get installed with the operating system. If for some reason it gets installed, get rid of it right away. But at most VMS sites, if you typed “teco” at the command prompt, there it was. TECO typically got installed—and kept. Why? Why would those responsible for such systems leave such a hazard lying around?
Systems people understood how dangerous it could be. But it could also be immensely useful. And after all, who did the installation of an operating system but those who would use it most. Management typically never saw the distribution package, and if they did, their attitude was “My software people said they needed it.” Sure, and your facilities department could probably move walls more quickly if you’d only let them use dynamite to do the job like they asked.
The irony is that without TECO, VMS is one of the most rock-solid-secure and rugged systems around, a marvel of software engineering.
The TECO story has an exact parallel in the Internet world. Somehow the open-range cowboys have got us convinced that the construction of walls and the designation of specific uses and behavior for specific enclosed spaces are tantamount to destruction of the First Amendment. And the bad consequences of the open-range tradition don’t stop with hazards that are visible on the screen. The tradition leads us to believe that we are in a kind of free-will heaven, when in fact it is appallingly easy for any company or government, or even an individual with money, to snoop on our every move while we are on the Net.
The Internet is sometimes still characterized as a highway system. If only we thought of it as just that, and asked ourselves what happens after highways are built. While we do use highways to get to parks and open land, most of what we transport ourselves to with highways are office parks, hotels, conference centers, meeting places, and residences. For those of us who do not spend our days cruising the Interstates just for the joy of being on the open road, those bounded spaces are what make our physical highways truly useful.
Why should it be any different with our online spaces? Should our online highways not also bring us to bounded, secure, manageable online spaces? Is it not precisely the absence of such spaces that causes the problems that we write about?
Furthermore, our physical highways themselves are not exactly places of anarchy. Vehicles are registered, and every vehicle registration is linked to a driver’s license or corporate identity or other means of holding people responsible for the drivers’ actions.
Why then is our online highway system a place of total anarchy and host to a huge number of roadside stands, bars, rest areas, and other public facilities that common sense tells us should be bounded spaces? For some reason we let those who built the highway tell us that everything is a highway, that you can’t use the highway to get to places that are not highways.
Why do we conduct business by the side of the highway? Why do we let our kids hang out unsupervised in Times Square, where filters called ordinances keep some of the pornography from their view but do nothing to prevent strangers from approaching them?
We do these things because the open-range cowboys who best understand the land beneath this new space, and who truly love that land, tell us that’s the way it must be. While we can understand and respect their perspective, we must understand that their perspective is not our perspective. They generally do not need the same things we do. The rest of us need bounded spaces as much in the online world as we need a roof over our heads where we live and where we work and where our kids go to school.
We cannot afford to let our policies be made and our spaces designed and governed from the open-range mindset, just because the people there have a better understanding of Internet technology than the rest of us.
Let’s Take a Trip
Buildings and roadways are so taken for granted that we don’t spend much time thinking about how they work. We take the relationships between roadways and buildings for granted too. At this time, however, it would be a good idea to think a little about the relationships among the elements of the physical spaces we use, to better inform ourselves about our online spaces.Let’s take a trip. I want to ride along with you on a drive from a small village in Saskatchewan, to a hotel and office complex in Guatemala, where you and I, independent business owners, sell our products.
We go most of the distance on high-bandwidth interstate roadways made available by national governments. We go the rest of the way on roads made and maintained by villages, counties, states, and provinces. The protocol stays the same: stay to the right, stop on red, go on green.
We pass without stopping from one jurisdiction to another, village road to county road to provincial highway to Canadian national highway without having to change to a different vehicle operating on different protocols. Nobody asks us whether the car or its occupants have paid taxes or obtained licensing in that jurisdiction. We just go. Aside from stops for traffic signals, the only places where we are compelled to stop are the three national borders.
That’s the way the information roadway system works too. In fact, it works even better than that. On the information highway we never encounter a border where we must switch to driving on the left. Our packets are not stopped for inspection by customs and immigration officials. This is all very good.
But consider for a moment a big difference between the physical and online highway environments.
When we get to our destination in Guatemala, we go from highway to bounded space. We check into a hotel. The doorway to the hotel is very open and inviting, like an extension of public space. But in order to avail ourselves of the benefit of using this building there are a lot of things to be worked out. The management of the hotel wants to know who we are. They want to know how we will pay for our stay. You want to know whether you can pay upon checkout. They want you to know that you certainly can, provided they have your credit card number and a signature authorizing them to put charges on it.
In other words, they want to be quite sure of your identity in order to ensure that they will get paid.
You are given a room key. That key gives you specific rights to enjoy the use of a very specific set of bounded spaces: a guest room and a meeting room for a presentation. Service people may intrude upon the guest room unless you put a notice to the contrary on your door, in which case it is not to be entered except by you and your guests.
After we have checked in, we go to the adjoining office building to visit the firm that represents our products in Guatemala. The security guard in the lobby notes that it is after hours and you must sign in. (If it had been during the day, his role would have been different.)
On the fifteenth floor we look briefly for the sign of the firm we are visiting, then stop into an office and say who we are: “I am looking for the office of such-and-such company. Can you help me?” I have established my identity as far as that office is concerned, which is no more than a role: a lost soul from North America. I am not a customer, not one of the cleaning people, not an employee, but someone having something to do with an office neighbor. My basic entitlement in that office is to open the door and briefly ask a question. I am not entitled to walk past the reception desk. In this case a role, rather than a real identity, is sufficient.
Having been directed to the correct office, you introduce yourself to the receptionist of your rep firm and state your business. You are led to your representative’s office. She in turn takes you to a conference room where two other people join us. The conference room, like the representative’s office, has a specific set of protocols attached to it. It must typically be reserved, it is available for the use of the group in one end of the office, but another group in another part of the office may use it with permission if their own conference room is not big enough or does not have the right communications facilities.
Getting Off the Highway
When we go from highway to real estate we go from an open space, where behavior is governed by protocol rather than identity, to a space where behavior is governed by identity and boundaries—an endless labyrinth of access and usage procedures.What’s the alternative? Should we have our meetings by the side of the highway? Why would anybody want to do that? The walls and rules and locks and keys and identification protocols are precisely what make buildings. We build buildings because once the highway takes us freely to our destination we want to use specific bounded spaces for specific reasons.
We are living in an urbanized world of highly specialized human activity, but the online facilities we have built to house that activity are reminiscent of the early efforts of the Oklahoma settlers to fence in the rangeland. We need office parks and conference centers and school buildings. Yet for some reason we have left the design of our online facilities in the hands of cowboys whose object is to move cattle-packets freely from place to place and to sleep undisturbed under the stars. “Information was meant to be free!” is their battle cry.
Well, sure, that’s why we have highways. I really don’t care what you have in that truck as long as you drive it competently on the highway you share with me and my family in our minivan.
But if we happen to stop at the same motel, it’s understood that you are not free to invite my kids into your room while I’m off paying the bill at the coffee shop. We have now gone from the highway to a place with boundaries and a very different kind of rules. If we didn’t need the bounded space, we’d just pull over and sleep by the side of the highway.
Is life simpler without boundaries and rules? Sure, if you’re an open-plains cowboy. But if you live in a world with a need for organization, the idea of living under the stars on the open plains is ludicrous. Let us not repeat the mistake of the managers in organizations that left their cowboys to install and manage their VMS systems with TECO. Our networks have become a vital and integral part of our lives.
The first sentence of this chapter bears repeating:
When we spend time on the Internet, we inhabit territory that was settled by a group of people with needs and views that are different from our own.
The needs of those who manage our systems are not the same as our own needs. Our networks must be installed, configured, and managed to meet our needs. We must be in charge, and we do not need to be “technical” to direct the managers of our networks.
If you agree that identity is the foundation of security, and if the use of your computer on a network is governed by those who manage the network, then you must make your feelings known.
Most importantly, you need to install the building blocks of bounded space in your own computer
Freedom and Privacy
The open rangeland tradition is closely related to another tradition: the presumption of the right of anonymity. And of course, on physical highways we have the right to be anonymous among other drivers. There is no need to disclose our identity—until we have an accident.Some accidents are truly accidental; others are the result of malice. But for all the accidents I’ve seen on physical highways, I can only recall one that might have intentional. (Garden State Parkway, circa 1989, jealous girlfriend rams boyfriend’s car with her Corvette. Not pretty.)
My experience on the online highway offers a complete contrast. Surely waiting for me in my mailbox as I write this are a couple of instances of the Klez worm, perhaps a Sircam or two, and a loathsome wad of spam. All the packet-vehicles were sent forth on the information highway through some person’s intent. Anonymity is what lets them do it.
We have mentioned the Personal Intellectual Property Infrastructure, a tool for the protection of individual privacy. It allows you to use the highway without disclosing your identity to anyone unless you choose to. It implements other protections as well—if the highway is being used for illegal activity, it allows those who police the highway to use due process to learn the identity of those suspected of wrongdoing.
Privacy activists will note that due process can be abused. It was always so, and it will always be so. But because the judges and law enforcers have to digitally sign everything they do when granting and using permission to snoop, there is a complete and virtually unalterable audit trail on their actions. We have in our hands better protections of due process than have ever been available before.
P. J. Connolly, the noted InfoWorld security columnist, writes
IDENTITY MANAGEMENT is . . . important to business and consumers alike. As I’ve said elsewhere, without a simpler way to handle identity transactions, the Web services model that we’re all scrambling toward will fail.
The first Liberty Alliance specifications, released at The Burton Group’s recent Catalyst conference in San Francisco, address SSO (single sign-on; or simplified sign-on, as some prefer). The specs finally offer a credible start to the process of creating a true federated identity management scheme . . .
But there remains a false assumption in most discussions of SSO: the idea that individuals only want to present one face to the electronic world. Based on my own experience, I’m not buying it.
For starters, I figure that my online activities fall into one of at least three categories: work-related, personal, and private. The sites I visit for my work include vendor information sites, publications, and so forth. The sites I visit in my personal time would include my bank, my HMO, and other publications, with a certain overlap between the sites I read for fun and those I do for work.
Finally, there are sites I categorize as “private,” which appeal to my outlaw or prurient instincts, and shame on you for imagining what those might be. . . .
The problem lies in the overlapping between the three categories. I need to bring some of my “personal” attributes into the office—whether I’m working in the InfoWorld Test Center lab, on the road, or at home. For example, my personnel record contains more than just work-related information; it also contains my Social Security number, a copy of my passport—the kind issued by the State Department, not Microsoft—and my bank routing numbers for the payroll folks.
But you can bet your sweet bippy that I emphatically do not want my “private” attributes following me to work. Yet there’s no reason why I wouldn’t link at least some, if not all, of my work-related identities together and include some of my “personal” identities with them. I might even want to link the “private” identities, even if I don’t link them to anything in my public personae.
Any identity management scheme has to take these three aspects of a person’s identity into account if it’s going to achieve the support and usage needed to be truly beneficial. It doesn’t matter if your focus is b-to-b, b-to-c, or as I put it, “b-to-star”—business to whatever. Role-based authentication sounds nice, but in practice it is difficult to pull off. Ultimately, access rights and their like have to be applied to real, individual people and their multiple personae.
“Who are you? Multiple personalities are a reality that identity management schemes must address,” by P. J. Connolly, InfoWorld, July 26, 2002.