[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] SV: Copyrighting schemas, Hailstorm
Comments inlined. Main argument: identification asserts identity, contrary to the claim that identity does not exist. Therefore, he who controls assertion of identity (or validation of identity claims), has leverage on identity itself. /Dimitris -----Ursprungligt meddelande----- Från: Bullard, Claude L (Len) [mailto:clbullar@i...] Skickat: den 1 juni 2001 20:12 Till: Dimitris Dimitriadis Kopia: XML DEV Ämne: RE: Copyrighting schemas, Hailstorm The difficulty is authentication and what one can reason as to facts based on it. There is no such thing as identity: there is only identification. [dd] As indicated above, I think this claim is quite bold. Thinking that identification is the only real thing and identity does not exist forces you to adopt an ontology I think most people would refrain from. If, on the other hand, you mean that identification is the link between who-, or whatever, acts as one part in some kind of activity or exchange, and the other part, then I see your point. Still, then, we should concentrate on what makes identification what it is, how it is relevant to such things as integrity, assertions, and the like, and not discard the concept of identity all together. The central dilemma is identification. My identity is NOT clbullar@i... or cbullard@h.... These are two strings that enable a system to locate machines to which I have access and put something in part of memory of those machines. I cannot control completely: [dd] So, then let's shift away from looking at the abstract concept of identity and instead look on what it means for a system to keep track of machines to which I have access, which in turn is important since (presumably) most things I do in the future will be done via machines of that sort (whether I use them actively or they just see to that my fridge gets filled with my favourite foods at regular intervals). [...] Public safety databases (your 911 systems, police databases, etc) are rigorously designed to stop that sort of thing. Why? Because the enemy of your police is not your criminals. Criminals are product. The enemy is lawyers. The jurisprudence system goes to some pain to err on the side of the accused and if it can be shown in any way that a database can possibly be tampered with (remember OJ), the case usually goes to the defendant. Lawyers do some pretty bizarre things to show "possible" and the only way the prosecutors can get their jobs done is to go to bizarre lengths to make their case "airtight". But every venue, judge and jury doesn't work the same way or see this the same way. To some, "quacks like a duck" is all they need to know. Now, do a little global traveling in which in every venue you visit, pig loving donkeys get treated differently, but access to the fact that your email address was in the DonkeyLovesPigs data base is a global fact. [dd] So, if I've followed your argument correctly, we should all collectively give our means of identifications away to be stored somewhere safely, so that none of us can violate the rules of identification? Some kind of trusted third party? And this should be a company? Just in order to make sure of everybody ending up in a peculiar situation, and not just some of us? So before we even get to who owns the software, we have to be very scrupulous about what the information can be used for, and when machine-reasoning has to be questioned as to interpretation. And the problem here is: We Don't Control That. At that point, disconnecting looks like the safest option. Kiss the NewNew Economy goodbye. [dd] Again, this is not a software issue. I wouldn't care less if it were done with pen and paper. And to be quite frank, the way things are going, I think we should seriously think about unplugging. At least for a while. On the other hand, it could be argued that we, instead of unplugging, should Start Controlling That, instead of looking for a Trusted Third Party. So who does control that? Today, anybody. As soon as you sent the first piece of email, or signed up for the first subscription, you said goodbye to the ability to control the use of that string if not the right. [dd] Not exactly anybody. Subscribing me to DonkeyLovePigs is not the same as reading my email through a web interface or bying stocks for me. So something like Hailstorm has to happen. So now you have the next problem of administration. If a someone can sign you up to DonkeysLovePigs, how can you be sure someone can't get your Hailstorm information and sign you up to something even more incriminating? And that's a simple case. Identity theft is big business. [dd] I wasn't primarily referring to Hailstorm, but any similar idea/framework. Besides that, i'm not sure it _has_ to happen. If your point is that it has to happen because people will let it happen (since their identity is protected in any series of government-controlled databases), then it's just a new business model proposal. My main point is that we will see dynamic effects in a magnitude that will make it very much harder to control how we ourselves infer things, make decisions, raise our voice and so forth. Making active people passive by thinking for them is not the same as people being happy because they can by goods at a somewhat lower price. The first is a paradigm shift in the principles of society, the second a well-needed change of the way we buy stuff. [dd] Returning to your closing sentence: of course identity theft is big business. I just don't see why you draw parallels between the simple case (in which one of my many "facets", that is an email adress I use, gets used to subscribe me to obscure mailing lists) and the more complex case (in which a whole lot of information about me is stored and manipulable and searchable and predictable and so forth). Those are two very different issues. And I sincerely don't think something like that exists today, at least not commercial, not to that degree. And, hopefully, neither will it in the near future. My intuition is that companies who make the software for authentication can't own the services as well. Imprudent. Yet even then, depending on how used, these services require oversight to protect the public from abuse. That is the way public safety systems work and in that one, we are mainly protecting the accused.... ... and everyone with a driver's license, a gun permit, a pawnshop ticket and so on. That's why those systems aren't on the web. [dd] Prudence very rarely stands in the way of big business. And actually, there are systems that do expose information on driver's licenses over the web. I just questioned an insurance company's website to get a pricequote for insuring a car I want to buy, by giving them my social security number to which my driver's license (as well as history about if I've crashed my car, stolen anything, been behind bars for having been drunk and driven) is connected. [dd] So, following your line of argument, if I wasn't the one that asked for the quote, but it was someone else, who would the insurance be issued for, if ordered, since identity doesn't exist? The identified party? Who in that case would be? [dd] In closing however, would you prefer that companies that owned the means of identification were not allowed to own the services? Wouldn't you be a bit alarmed that means of identification (in a more serious sense than email and so forth) were owned to begin with? I'd happily let companies own the services as well, if they owned those means. As if preventing them from owning the services would make any difference. Kindest regards (and very much looking forward to continuing the discussion) /Dimitris Len http://www.mp3.com/LenBullard Ekam sat.h, Vipraah bahudhaa vadanti. Daamyata. Datta. Dayadhvam.h
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|