[Infowarrior] - Microsoft man seeks to re-engineer the Web

[Richard Forno]

Microsoft man seeks to re-engineer the Web

http://www.theinquirer.net/default.aspx?article=39662

By Wendy M. Grossman: Wednesday 16 May 2007, 15:06

KIM CAMERON'S AMBITION is quite modest, really: he just wants to re-engineer
the Internet so it has what he calls an ³identity layer². Because: ³There is
no mechanism for knowing who you¹re talking to.²

Cameron says he¹s been working toward this his whole career, but his first
big splash was late last year, when he published his paper The Laws of
Identity and proposals for A Privacy-Compliant Identity Metasystem (PDF).
The latter is the basis of CardSpace, identification technology that is
built into Windows Vista and is available for download for XP. Many sites,
he says, have it in beta and it is ³beginning to ramp up².

Cameron calls an ³identity² a set of claims. Cardspace¹s basic unit of
authentication, instead of a user ID and password, is the Information Card,
which is generated securely on the user¹s machine. When a site asks for
authentication, the user selects (or generates) a card from a graphical
display. The information held in the card isn¹t sent to the site; instead
the card generates a security token which completes authentication. A
graphical display verifies to the user who owns the site, where the
underlying business is located, and so on to help the user verify that the
site is genuine.

There are various controversies surrounding this idea. First and foremost is
the question of why Microsoft didn¹t join the existing Liberty Alliance, a
many-vendor attempt at the same kind of thing. When asked about this at the
recent ACM conference on Computers, Freedom, and Privacy ), he said he
didn¹t think Liberty was the same thing at all. ³It doesn¹t give the user
their own agent under their control.²

In addition, critics ask what the threat model is (he says this information
is, for now, confidential although they are considering publishing it), and
what the use case is (³We feel it has to solve all use cases²).

It¹s been a long road to this point. Cameron, a Canadian, fell into
computing while studying physics and mathematics at Dalhousie University in
Halifax, Nova Scotia. He added an MA in sociology at the University of
Montreal ­ and then quit before writing his doctoral dissertation to join a
rock band called Limbo Springs. A bout of teaching led him into a private
company where, in the early 1980s, he built an email system called Zoomit,
based on the old X.400 standard.

The addresses, he says, were ³frightening² ­ and made the need for
directories ³self-evident². Building those was his next project. And that¹s
where he first came up against the idea of the central authority that
everyone would use for everything. Imagine that: it would be incredibly
slow, it would be incredibly expensive ­ but it would be spam-free.

³By this time, I thought it¹s not human nature. It¹s a multi-centered world.
People will be using a bunch of different directories forever. We need to
accept it.² He developed a technology called metadirectory, trying to solve
the problem of keeping information accurate across different directories
while allowing everyone autonomy. That was, he says, the technology that
Microsoft bought in 1999. He arrived in Redmond in time to watch the
centralised idea play itself out again in Passport Microsoft¹s Internet-wide
single sign-on service.

³It seemed a lot simpler,² he says. ³You have a single place where you give
everybody an identity.² Indeed ­ provided that everyone is willing to let
Microsoft own their identity. Unsurprisingly, many people weren¹t ­ but it
wasn¹t the total failure people think.

Says Cameron, ³Passport does a billion authentications a day for Hotmail and
so on. It has 300 million active users. So if you go to the Passport guys
and say it wasn¹t a good idea, they say, ŒI do a billion authentications a
day. How many do you do?¹²

Even so, it isn¹t the direction Cameron thinks is the right one. ³It didn¹t
have the quality of being part of a wider identity system.² µ