Open Gardens

Wireless mobility - Innovation - Digital convergence - mobile web 2.0

 

Now Available
for FREE Download
as an E-Book

Operator Open Innovation
by Ajit Jaokar and Chetan Sharma

About Open Gardens

Open Gardens is published by futuretext

Recently, the OpenGardens blog was rated amongst the top 10 mobile blogs as per technorati stats.


On W3C/Planet Mobile

Blog Directory - Blogged
Rated 8/10 on Blogged.com

Wikio - Top Blogs - Technology


RSS Feed

Subscribe By Email: Enter your email address:

Delivered by FeedBurner

About The Open Gardens Blog

I (Ajit) founded the blog on May 26, 2005 based on my vision and philosophy of OpenGardens i.e. the philosophical opposite of 'walled gardens' especially as applicable to the mobile data industry.

Today, the OpenGardens blog is one of the few blogs that span both the Web and the Mobile domains.

The blog covers wireless/mobile applications, open networks and mobile web 2.0. My vision behind the OpenGardens blog has been :

  • The blog is about the Mobile data industry and Digital convergence('Mobile web 2.0')
  • Analysis is more important than story/controversy. I don't believe that bloggers are true journalists. The blog is not about the latest 'story' but it's more about independent analysis/viewpoint
  • The OpenGardens blog is broadly about opening up the networks, growing digital usage and digital businesses i.e. we don't advocate closed networks, broadcast media etc
  • It is about disruptive digital technologies

Founder and Chief blogger : Ajit Jaokar

Ajit Jaokar is the founder of the London based publishing and research company futuretext (www.futuretext.com) focussed on emerging Web and Mobile technologies -including Web 2.0 and Mobile Web 2.0.

His thinking is widely followed in the industry and his blog, the OpenGardensBlog (www.opengardensblog.futuretext.com), which was recently rated a top 20 wireless blog worldwide

In 2009-2010, Ajit was nominated as part of the Global Agenda Council on the Future of the Internet by the world economic forum. He hopes to use this opportunity to further extend the pragmatic viewpoint of the evolution of Telecoms networks in an open ecosystem.

(Note: The Network of Global Agenda Councils plays a significant role in shaping the global agenda by monitoring global issues and elaborating recommendations to address them. Each Council, comprised of 15-20 Members, serves as an advisory board to the Forum and other interested parties, such as governments and international organizations. The Global Agenda Councils also act as the intellectual drivers of the World Economic Forum's Global Redesign Initiative, an unprecedented international, multistakeholder and multimedia dialogue that aims to develop a 21st-century vision of global cooperation. Members of the G20, the UN and other International Organizations have pledged their support for this initiative. )

Ajit is best known for his books Mobile Web 2.0, Social Media Marketing. Two new books ('Open Mobile' and 'Implementing Mobile Web 2.0') are being released in 2009.

His consulting activities include working with companies to define value propositions across the device, network, Web and Social networking stack spanning both technology and strategy. He has worked with a range of commercial and government organizations globally including The European Union, Telecoms Operators, Device manufacturers, social networking companies and security companies in various strategic and visionary roles

His recent talks and forthcoming talks include: CEBIT 2009;MobileWorld Congress(2007, 2008, 2009); Keynote at O Reilly Web20 expo (April 2007);Keynote at Java One; European Parliament – Brussels – (Electronic Internet Foundation); Stanford University's Digital visions program;MIT Sloan;Fraunhofer FOKUS ; University of St. Gallen (Switzerland); Mobile Web Strategies (partner event of CTIA in San Francisco)

Media appearances include BBC – Newsnight – 3phone launch; CNN money; BBC digital planet

Ajit chairs Oxford University's Next generation mobile applications panel and conducts a course on Web 2.0, Social networking, Mobile Web 2.0 and LTE services at Oxford University.

Ajit lives in London, UK, but has three nationalities (British, Indian and New Zealander) and is proud of all three. He is currently doing a PhD on Privacy and Reputation systems at UCL in London. Ajit is a fan of animation especially Tom and Jerry, Tintin and Asterix and likes the music of ZZ Top and other rock bands

You can contact me at ajit.jaokar at futuretext.com

You can follow me on twitter at http://www.twitter.com/AjitJaokar

See a video of my talk at CEBIT in Hannover
(intro in german - presenttion in english)

MORE

► CONTRIBUTING BLOGGERS

  • Ajit Jaokar on Twitter

March 4, 2010

Solving the minimum disclosure problem: The significance of Claims based Identity system

claims based identity model.jpg

I first saw this initiative at Kim Cameron’s Identity blog where he talks of Microsoft’s announcement at the RSA conference about Minimal Disclosure, End to End trust and Claims based Identity system.

The service has been implemented in Germany in partnership with Fraunhofer FOKUS – who are good friends (I have been invited to speak at FOKUS events for a few years now and I highly recommend it for some cutting edge thinking).

The initiative is significant since it is addresses a problem which we are facing increasingly but are not addressing adequately.

There are two scenarios:

Firstly, we are all users of online services. Each of these services want us to provide our credentials. Thus, users are giving up their credentials at many places which is a problem (password protection, phishing etc). On the other extreme, many services are ‘free’ and in return, they want us to provide personal information for behavioural targeting, which is also a problem in the long term.

Claims based Identity systems and the principles of minimum disclosure potentially provide a third way and hence they are significant.

The overall goal is: to enable citizens to use their electronic identity cards as the basis for accessing online services with minimal disclosure of information for both Cloud services and offline services.

Read Write Web/Kaliya Hamlin also cover the same announcement when they say that:

Anonymity and verified Identity are at the opposite ends of the spectrum. Customers have to balance between these two elements. The verified Identity is easier. In many cases, customers need to also maintain anonymity and there are many cases where the verified Identity is not needed.

It seems like the two ends of this spectrum can’t go together. You can’t be anonymous and verify yourself by sharing all of the details on a credential from a government issuer who has asserted they have checked these things are true.

Microsoft demonstrated today how you can achieve anonymity and identity verification together at the same time, giving you verified anonymity. This technology (that relies on some pretty complex cryptography) lets you prove things without giving away too much information about yourself.

For example:

• Proving you are over 21 without giving away your actual birth date

• Proving you live in a certain congressional district and are a registered voter but not having to give away your name or address

• Proving you are a kid at a middle school in San Jose without giving away which school or which grade you attend

Behind this goal is the vision of Claims based Identity model.

We are moving away from rigid, closed identity systems to a more open Identity system where the concepts of authentication and authorization are unified. This shifts the focus to the user who present claims that indicate who they are and what they want to do in order to gain access to services. The move is slowly gaining momentum especially in a world dominated by Cloud based services.

The claims-based model has three components : the relying party, which needs the claim to decide what it is going to do; the identity provider, which provides the claim; and the user, who decides what if any information they want to provide. Claims can contain static information such as birth date, relationship-based information such as group membership or derived claims that make general assertions such as the user is over 21 years of age. There are also meta-claims about how information was verified, such as in-person registration, or how it was issued. The model also incorporates a Veto power for claims instead of domains implicitly trusting one another.

Other systems like SAML2 and WS-Trust address some of these goals but not holistically as a usable system.

In this scenario, as has happened with the German government, the government could play a role in the providing trusted services for the Cloud. The government already provides some form of identifier(such as a passport). But passports and other mechanisms are not readily usable for more mundane services (like borrowing a book, registering in a course or renting a video). Thus, the claims based model ensures that the provider (ex hospital) is not in the business of authenticating the credentials

To encourage broad community evaluation and input, Microsoft announced it is providing core portions of the U-Prove intellectual property under the Open Specification Promise, as well as releasing open source software development kits in C# and Java editions.

In a cloud computing world, we are likely to see this requirement in increasing number of cases and it is also relevant for governments

Definitely one to watch

Image source : wadewegner.com

Post to Twitter Tweet This Post

Filed under: Uncategorized — ajit @ 11:52 am

2 Comments »

  1. Good to see you explaining that privacy and verification are not polar opposites. Your explanation puts it simply and clearly – hard to do. I look forward to further conversation. Kim

    Comment by Kim Cameron — March 14, 2010 @ 5:54 pm

  2. Many thanks for your comments Kim kind rgds Ajit

    Comment by Ajit Jaokar — March 15, 2010 @ 9:19 am

RSS feed for comments on this post. TrackBack URL

Leave a comment

Open Gardens is published by futuretext