Brief introductions. Yubico offers Yubikeys that help with authentication: low cost and simple! Acts as a keyboard, enters user password and 32 character passcode. Easier than smart cards (insert into USB port, push a button).
Lots of users: 1M users + 16k customers in 95 countries. Use cases: Google for internal staff, PayPal, Fedora, lastpass. Yubico is self-service: hardware sales on web store, free and open source server components and virtual appliance for remote access (enterprise-class VPN.
Versions of Yubikey: regular: one-time password, OATH (works with OTP – one-time passcode, not same as oAuth) standard, Static password, and Challenge response key. Secure life cycle: “trust no one.” Secure your servers.
Key is robust: sealed, simple. Accidentally went through a washing machine for several weeks and worked fine.
Future vision: one key for all Internet: YubiCloud validation service, 3rd party single sign-on and SAML. High security, Easy to use, Low cost. Plans to work with mobile phones via nearfield communications (NFC).
At this past IIW, I convened a session to ask if and how it might be possible to do a stateless distributed membership for a website. There are two main ideas behind this proposal. First, I don’t really NEED to have a membership database of my own. That is, I don’t need to have another place for you to create an account, user ID and password. We can use OpenID, Information Cards, or other technologies for authenticating and authorizing you. Second, if I want to move toward a world where you control your own data, I don’t need to maintain the database of your comments. I only need to know where your comments are stored so I can properly assemble things as needed. It’s convenient but not technically necessary to own and control all the bits myself.
My proposal for a Stateless Distributed Membership is a mouthful, so I’ll unpack it a bit. There are three parts: a membership, being stateless, and being distributed.
Let me start with the easy part. You probably understand the idea of membership as a group or association of people contributing to something like a conversation or project. They’re members of a group, or in my case, members of a conversation or project on my site. Nothing unusual about this idea.
Next is the idea of being stateless. In computer science, the http protocol that you use to call a web page and associated resources is stateless because you call a page from the URL or a link in your browser, the server responds by sending the page, graphics, or whatever, then you see it. Each request is separate; there’s no need to stay connected to the servers. In my case, being “stateless” means that each transaction is independent. Eve Maler talks about a stateless identity in her post Both a data borrower and a data lender be:
This is a kind of data statelessness, in that when you tell various sites they can set, read, and republish your [information from your Personal Data Store], they’re letting go of any pretense of exclusive hosting control so that they can offer you a different kind of value.
Now, in the IdM and VRM worlds, some of us have been talking aboutidentity statelessness for a while, which is similar but looks more like straight data-sharing (reading) rather than arbitrary service access (setting).
For some reason this is a tougher sell — even though CRM systems and user accounts are shot through with pale copies of stale data (and, in the enterprise case, even though syncing directories and replicating databases is brittle and no fun).
Even when one party — say, you yourself — is authoritative for some piece of personal data (like your home address), all the sites insist on making you provision a copy of this data into their profile pages by hand and by value, and insist on thinking they own something truly valuable even after you move and forget to tell them.
The bottom line: if I don’t insist on “owning” your data, we both will realize more value from our trust and flexibility. It’s daring, and in the larger scheme of things, I believe it’s a Good Thing.
Finally, the term distributed refers to the fact that all parts of the conversation or projects are stored elsewhere on the net. If you wish to add a comment to a conversation on my server, your comment is added to your personal datastore (wherever it is, and whatever form it might take). When you wish to read the conversation, my server compiles the contributions as needed.
In this model, I do need to maintain a database of where to find your comments and a way to authorize you as the person who granted permission for me to include them in the conversation on my website. But think of it: if you want to revoke permission for me to use your comments, you can. How revolutionary (and potentially messy) is that?
Furthermore, you may choose to log in using an identity that’s different from the last one you used. That works on my server. For example, you might wish to be a regular person contributing to most conversations, but if you’re a professional fundraiser and one of the threads is about raising funds for a non-profit, you may wish to disclose your work and position in that context. Your two identities describe different parts of your life, and you may have good reasons to keep those parts separate.
The IIW Session
In my session, I described this concept and asked what people thought about it. I offered three scenarios where people might interact. One of them: a conversation or forum where blog posts and trackbacks can help create a threaded conversation. The session is an hour-long exploration and discovery of the possibilities. If you have questions or can add a piece to this puzzle, I’d love to hear from you.
My heartfelt thanks go to the people with whom I’ve spoken about this, including =JeffH, Eve, the guy at the end of the video talking with me about trackbacks (I’m sorry I can’t find your name), several others who made great suggestions and shared ideas at my session, and Joe, who spent considerable time exploring underlying frameworks with me.
Coaching moment: You probably have more than one account online, and have likely cursed the problem of forgetting user names and passwords. You may have wished that the picture of you holding a beer wasn’t online for your boss to see. Maybe you’ve been spooked by an advertisement for something that you really didn’t want. If you could do things differently, what would you do? How do you handle your accounts now? Do you feel secure about your online practices? Do you even want to be in control? Not everyone does.
I like to think about ways to customize my world, and the digital world writ large, in ways that support and help us explore our unique selves. It is in our very diversity that individual strengths can play out to become our personal best, to help each other grow, and create fertile new worlds.
This indiscriminate personal data hoarding is both an individual and a societal problem. Schmidt’s argument that we shouldn’t have anything to hide is specious (not to mention a double standard: it doesn’t apply to Schmidt). In a 2007 paper called ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy, George Washington University Law School’s Daniel J. Solove convincingly critiques that argument. Indeed we have many things to hide, like our passwords and credit card numbers, certain personal habits and preferences, things that contribute to human dignity and respect. As noted security expert Bruce Schneier writes in his essay The Eternal Value of Privacy, “Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control.”
I’m looking for examples of sites that encourage liberty and demonstrate some respect for its users/clients. I will be reporting on what I find. If you have suggestions, I welcome them.
Coaching moment: Here’s a little thought exercise. Think about a typical day in your life.
What kind of things do you do in private? These might be taking a shower, brushing your teeth, thinking about the day. Some things might be really private as in just you by yourself, and other things may be private in some context, like thinking about your day out loud with your spouse or partner. Once you get a good list, which of those things would make you uncomfortable if they were made public in some way?
Now think of the kind of things you do in public, like driving to work or the store, walking around, having a conversation over lunch. Think about stories that might be told about you from the perspective of not knowing what you were really doing. You might take clues from signs that you walk by, or maybe other people (posture, groupings, facial expressions). Can you think of any stories that are not only wrong but might hurt you?
Finally, think about your online tools. Have you actually looked at the Terms of Service or Privacy Policies that you’re agreeing to? If you knew they were disrespectful to you or even abusive of your personal self and liberty, would you stop using them? Since the answer is “probably not,” what would you suggest these companies change?
When something is authentic, that means the claims made about it (or by it) are true. To authenticate something or someone means to gather evidence sufficient for you to believe that it is as claimed.
For example, I may be authenticated by seeing and talking to me (if you know me), or by my DNA (if there is some reason to require that level of certainty). A driver’s license will also work as authentication to prove I have sufficient privileges to drive or buy adult beverages.
In the case of ATMs and debit cards, you need to prove who you are by providing your card and a secret PIN (personal identification number). Similarly, when you log into most online services, you have a user name and a password. This is called two-factor authentication. That means you need two pieces to prove who you are.
Two factor authentication is supposed to be more secure than single factor (one bit of information). However, many of us use the same user name and password for many or all of our online sites. In this case, it is easy for others who know (or learn) your combination to access many of your services. Is this a risk you are comfortable taking?
Contrast that with people who use different names, passwords, birthdates, and other data on each site. These people may have a hard time remembering all of the different data that they’ve provided, so it might be hard for them to prove that they are who they say they are. Has this ever happened to you?
Coaching moment: There are tools being developed to help you maintain and control your passwords. You might be interested in checking out Vidoop or Sxipper for two browser-based approaches. In a future post we’ll also look at OpenID as a different approach to authenticating yourself.