Digital Identities Now Available

Largecranium writes, "I-names, the only globally unique, resolvable namespace in parallel to the DNS system and compatible with OpenID, are being introduced during Digital ID World in Santa Clara. I-Names are only as useful as the services they enable; the services that are available today are interesting but not life-changing. The ones that are coming in the next 6-12 months could change the way people interact online. I-names and their value (today and tomorrow) are casually explained at iwantmynamenow.com." I-names are the lineal descendant of the technology that began as XNS and continues evolving today as XDI.

Re:A permanent online identity?

[eMbry00s]

I've seen people here at slashdot tell their banks they don't need their SSNs, and after a discussion get their point accepted (as I gather it should be). Since these i-names would be commercial, they certainly wouldn't become a requirement anytime soon.

There's nothing to say they won't, ever, though. Any business has the right to decline doing business with anybody, and thus you can be exiled if you don't cough up the $20/yr.

Re:Big words make BadAnalogyGuy crosseyed

[swillden]

Ever as in: as long as you pay $20 every year?

Just like I pay $35 per year for my domain name. If this becomes widespread (which it probably won't), prices will come down. Plus, these i-names can be hierarchical, like domain names, so you can, for example, register = and then give i-names to all of your family members, and they won't have to pay a thing.

The part of the idea that I'm most skeptical of (well, other than the idea that it will actually be used) is the notion that you can "withdraw" access to your information. I think people and organizations would just snag all of the information you allow them to have, and then store it. Sure it might eventually get out of date, but if you used the i-name mechanism to provide long-lived data like your address or phone number, it will be good for quite a while. Even with a system like this in place, if you want to control access to information about yourself, your only real option is not to ever give it out.

There's also the issue that the i-name servers would become nice repositories of information that identity thieves would love to get their hands on, but it's not like there aren't plenty of those around already.

reasonable idea, just horrible execution

[nfarrell]

I like the idea of being able to give organisations revokable pointers to my details. As long as the organisation which kept the details was transparent and accountable, I'd be fairly happy about using it. Get credit card companies to use it to reduce fraud (somehow) and maybe you've even found a way to finance it: greater online security might encourage more online purchases...

The biggest flaw in the proposed scheme (if I understand it correctly) is that the reference you give each organisation is the same. Even if you can restrict access to personal information, companies can share information and put together your profile, just like a cookie only worse.

Wouldn't a better idea to use a secret key system, and each organisation can generate a request for your details which, if approved, gets signed by your secret key and returned to them. They never get your ID, so they can't profile you more than you want to be profiled. If you like, you can "delete your cookies" every 12 months.

Ideally all correspondence would also go through a level of indirection, meaning they'd never have ANY of your personal details - they'd be given a unique email alias, and a meta-address for snail mail that the postal service would recognise and treat correctly.

Re:Big words make BadAnalogyGuy crosseyed

[Zeinfeld]

There is one name system for the Internet: the DNS.

Establishing critical mass for a directory scheme requires a huge amount of work. Establishing critical mass for a proprietary scheme which is intended to displace a large, deployed and reasonably open scheme is doomed from the start.

The XDI scheme is controlled through a series of patents which have been vested in a 'non-profit' entity controlled by the original owners which in turn re-licensed them back to the original owners. This series of moves is alleged to make it an 'open standard'.

I think that we will end up using a range of URI identifiers with OpenID in different contexts. In the end though the email identifier is the simplest one for people to use and is the least cluttered. People understand username@example.com.

I don't think that the spam issue is a problem. I can use an identifier without accepting email from everyone who uses it. People want to provide a contact address, they just don't want it to be abused. Anyone could post annoynmous, contactless posts to USENET, people used Wizvax and Julf's annoynmous services because they could receive replies.

So one way for identity providers to compete would be by offering better, more effective means of filtering of contacts. Some identity providers would not accept any email at all, others would relay everything unfiltered. Most people would use (pay even) for services that provide filtering of contact requests.