While there are still a lot of bad assumptions regarding Identity, (and let me remind you I coined the 'term identity management" to create new approaches and this has clearly taken off with it's own momentum!) I have an opinion. It's the harmonization and management part that is a challenge.
This thing about a virus having economic impacts is well known. It goes beyond lockdowns. There is a long history of which 2020-21 is one chapter, and the effects are unfortunately predictable. They were predictable when there were only a handful of infections in the US and before there was uncontrolled community spread. It is the nature of how the economy is wired before the pandemic and how much change can or should occur. There are cascading sets of requirements that inevitably coalesce around identity. Other concepts like mobility and tourism also play a role. So of course everyone thinks about the International Vaccination Record or Yellow Card.
While it took some time for the "identity gang" to create some definitions that were beyond the ISO concepts in the x,500 Directory they managed to persevere. Along the way came concepts for privacy that involved the use of multiple identities for different purposes. And also the perennial anonymous versus identified attributes that has been updated to SSI, or self sovereign identity rather falsely compared to "centralized" approaches. This is highly relevant to a vaccination, and vaccination proving approach and thus has a long history. A lot of this surrounds the issue of "Trust" which lies as a central concept of security controls. In fact, we overload trust with too much baggage. We need to replace trust to the extent that we can with math. The concept was studied by Lincoln when he read math texts in his tent. It is built into c=US in terms of equality and thus is highly relevant to the problem at hand.
So throw a lot of technology and startups at a problem and still aim for harmonization using existing standards.
There are now lots of competing companies and standards in the identity space, while c=US is arguably the original with a clear provenance back to at least 1993. One can read the RFC on the Internet side, and see where it started. One can also see how cryptography as developed under ISO x.509v3 greatly enhanced commerce, but also represented in the recipe a loss of identity for the end user.
Obviously one will have an entirely different view of the elephant depending on one's orientation.
So having a software architecture that preserves privacy is important. Let's see how that can be at each layer of the business process model. In other words, don't lead with doing facial recognition because some hacker will gladly spoof that approach, or a finger print. Sure it makes for great graphics like the illustration in the video, but also consider how facial recognition is being applied in China.
Using smartphones. Sure why not. We can already build apps, and of course so we do. Will that serve everyone? Probably most border crossing travelers. But not everyone.
Is it ethical to make economic decisions based on presumed covid-19 immunity? That is worth considering in depth, but in fact it is already taking place in the real world. The question is then how to achieve the privacy requirements.
No comments:
Post a Comment