In various blog postings I have seen this name spelled Alan Herrell, Allan Herrell, and Allen Herrell. I presume the first spelling is probably correct, because it returns orders of magnitude more search hits. In principle, the various people who share each of these spellings could claim their unique identities by declaring biographical details about themselves (”I am the author of _____,” “I worked for _______”) and digitally signing those declarations. In practice nobody does, yet, but it’s starting to become clear why we’d want to.

We can already do this with FOAF. Edd Dumbill even has a page on signing FOAF
files.

There’s no reason whatsoever to cut it down. Your point is an excellent one, in line with orcmid’s point about “harder-to-escape” consequences.

As we all seem to agree, reputation is and will remain critical. Going forward, we’ll need to hold two seemingly contradictory ideas in our heads at the same time. First, that online identity can be a more certain construct than it is today. But second, that we must be prepared to doubt it when circumstances warrant, and use other mechanisms to triangulate on identity.

The problem is that none of this has ever really been tested. I’d like to think that a failure of digital identity would trigger other real-world mechanisms which, in turn, could help diagnose the failure and help improve the digital identity infrastructure. But until we do the experiment we’ll never know.

As you don’t have CardSpace enabled here, you can’t actually verify that I am the said same Richard from Kim’s blog. However in a satisfyingly circular set of references I imagine that what follows will serve to authenticate me in exactly the manner that Stephen described. :)

I’m going to mark a line somewhere between the view that reputation will protect us from harm and that the damage that can be done will be reversible. Reputation is a great authenticating factor, indeed it fits most of the requirements of an identity. Its trusted by the recipient, it requires lots of effort to create, and is easy to test against. Amongst people who know each other well its probably the source of information that is relied upon the most. (“That doesn’t sound like them” is a common phrase)

However, this isn’t the way that our society appears to work. When my wife reads the celebrity magazines she is unlikely to rely on reputation as a measure for their actions. Worse than this, when she does use reputation, it is built from a collection of previous celebrity offerings.

To lay it out simply, no matter who should steal my identity (phone, passwords etc.) they would struggle to damage my relationship with my current employer as they know me and have a reputation to authenticate my actions with. They could do a very good job of destroying any hope I have of getting a job anywhere else though. Regardless of the truth I would be forced to explain myself at every subsequent meeting. The public won’t have done the background checks, they’ll only know what they’ve heard. Why would they take the risk and employ me, I *might* be lying.

Incredibly, the private reputation that Allen has built up (and Stephen and the rest of us rely on) has probably helped to save a large portion of his public reputation. Doing a google for “Allen Herrell” doesn’t find netizens baying for his blood, it finds a large collection of people who have rallied behind him to declare ‘He would not do this’.

Now what I’m about to say is going to seem a little crazy but please think it through to the end before cutting it down completely. So long as our online identities are fragile and easily compromised people will be wary to trust them. If we lower the probability of an identity failing, people will, as a result, place more faith in that identity. But if we can’t reduce the probability of failure to zero then when some pour soul suffers the inevitable failure of their identity, so many more people will have placed faith in it that undoing the damage may be almost impossible. It would seem then that the unreliability of our identity is in fact our last line of defence.

My point then is that while it is useful to spend time improving authentication schemes perhaps we are neglecting the importance of non-repudiation within the system. If it was impossible for anyone other than me to communicate my password string to an authentication system then that password would be fine for authentication and it wouldn’t even be necessary to encrypt the text wherever it was stored!

agreed. track records are an imperfect defense here, given examples such as the ones cited. not to mention the drive-bys that will reach quick and lasting conclusions on the basis, very often, of a single entry.

unfortunately, imperfect as it may be, i’d maintain it’s the best defense in that it’s the only one currently available ;)

but i’ll be the first to sign up for strong authentication technologies as they’re made available. i just don’t have the same faith that phil does in the appetite for a solution, at least in a near term timeframe. i think we’ll have to wait either for a generational shift, or some dramatic rise in identity related issues.

Yes, thanks for pointing that out. An evil puppet master who controls your secret key is a fearsomely powerful opponent. And we have, as yet, little to no experience with those harder-to-escape consequences. But sooner or later we will have to grapple with them, and there will be ways to do it. Actions never occur in a vaccum, there’s always context.

To your point about sharing of keys: physical tokens may be a helpful way to discourage that behavior. At least, that’s what Denise Anthony’s research at Dartmouth suggests. I mentioned it here — http://www.infoworld.com/article/04/07/30/31OPstrategic_1.html — and it also came up in my podcast with Barry Ribbeck — http://blog.jonudell.net/2007/03/09/a-conversation-with-barry-ribbeck-about-digital-identity-in-higher-education/

It is the non-repudiation aspect that allowed digital signatures to be accepted as legal under appropriate conditions. That will also make life harder, along with the measures that make such keys harder to lose.