[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: "trust management" vs. "certified identity"



On Sunday, January 07, 1996 12:22, Futplex[SMTP:[email protected]] wrote:>Frank O'Dwyer writes:
>[I've adjusted the line breaks for those of us with 80-column displays]

Apologies - this mailer doesn't give me any indication
where the margin is.
[...]
>>a signator's job in signing for my identity is 
>> easier (and less risky) than signing for my trustworthiness.  

>I am doubtful. I can't vouch for the identities of very many people on this 
>list. (I've even met, e.g., Lucky in person and I certainly have no clue
>what his verinym might be, nor do I particularly care.) On the other hand, I
>am willing to sign onto all sorts of judgements about the trustworthiness of
>various people on the list, and other aspects of their reputations. I've
>driven hundreds of miles based on trust developed online with people whose
>identities I still haven't verified. I've even agreed to loan hundreds of
>dollars to someone I knew only as an online pseudonym.

I'm not saying that trust requires identity (it obviously doesn't,
since we all make trusted cash transactions all the time
without having to produce any id.).  But it is usually easier to
determine (and vouch for) who a stranger is than how trustworthy 
they are, if only because there are quick and easy real-world 
mechanisms for this (driver's licence, passport,etc.).   That's all 
I meant.

(BTW, can you lend me a few bucks? :-)
 
[...]
>I am swayed by the view expounded by Carl Ellison that a key, not an
>identity, should be the anchor to which attributes are attached. (Sorry if
>I am misstating or oversimplifying the position here.) I think identity 
>should be hung off the key as just another (optional) attribute.

That's an extremely useful way of looking at it, I agree.
But the lifetime of a key is often less than that of some
attribute.  It's easy to imagine one email address having
a succession of keys.  But then again, one might
acquire and discard email address more often than
keys (I've gone through three addresses in the last year 
or so).  So perhaps a better model is just a loose 
assocation of attributes, with "key(s)" and "identity(s)"
being two very interesting ones, but no one attribute
being primary all the time.

(I'm thinking out loud here -- I'm actually trying to come
up with some C++ classes for this sort of stuff, so this
discussion is pretty interesting to me.  Thus far, I'd got 
to the model you describe - a key has a bunch of 
attributes, one them identity. But now I'm thinking that
this maybe isn't enough, and an 'identity-centric' view is
also needed.  Perhaps there should be multiple views
into the same data?).

>I think your comments apply pretty well to trust relationships in the flesh,
>but don't fully take the net into account.

Right.  I was only talking about 'verinyms', really.

Cheers,Frank O'Dwyer
[email protected]                          http://www.iol.ie/~fod