Trust/threat model for OpenID
Roland Sassen
sassen at thinsia.com
Wed Aug 2 19:43:10 UTC 2006
Hello Dan, a solution for your bike-ride organization could be to use
HEARTBEAT-ID numbers.
Such a number is obtained by an organization, for example
www.heartbeat-id.com/22000 <http://www.heartbeat-id.com/22000>
or by an person, for example
www.heartbrat-id.com/15 <http://www.heartbrat-id.com/15>
At the heartbeat-id.com/22000 site, people who want to make a
registration and people who like to be a volunteer can make their
registration, as usual, or they just give in here their personal
heartbeat-id number. The (up to date) information about the person will
then be obtained from their personal heartbeat-id web-site. When some
personal information is changed, the people themselves change this on
their heartbeat-id site.
James and Jim with a common last name now have a unique heartbeat-id number!
"what time various individuals passed through each of several different
checkpoints"
People could have their heartbeat-id number on their shirt. A camera and
a computer will do the rest.
In some time we will be able to scan their real unique heartbeats, no
number on a shirt needed anymore.
"If I send them mail, to whom do I address it?"
To change the information on their heartbeat-id sites, people will be
able to login with their i-name,
This is a (I think very good) suggestion of =victor.grey.
<http://2idi.com/contact/=victor.grey>
For this to be possible we will implement OpenId and a i-names connector.
On their side, people can put the email address of their choice,
preferable their i-name
Also they can tell if they belong to some clubs, have some memberships etc.
"And when I get it wrong people notice, and comment. "
In this way you cannot do much wrong, every person is responsible for
her or his
own contact information.
Roland
Dan Lyke wrote:
> On Tue, 01 Aug 2006 13:40:37 -0700, Dan Lyke wrote:
>> As a potential user I'm much more interested in building a consistent
>> identity between sites than in building a bunch of little Balkanized
>> identities. That's one of the reasons that YADIS/LID/OpenID excite me
>> so much, they're the opportunity for me to have a finite number of
>> online identities.
>
> Oh, I should also add...
>
> I'm currently co-volunteer coordinator for an organized bike ride (The
> Marin Century/Mt Tam Double). This coming weekend we're expecting
> somewhere on the order of 2,200 people to descend on us, and we have
> to make sure that those people have a safe route (six of them,
> actually, from 31 to 200 miles), a large variety of foods, adequate
> water, emergency and support services, a cheerleading section, and,
> for about 250 of them, we need to verify to the California Triple
> Crown organization at what time various individuals passed through
> each of several different checkpoints. This is not an easy task. Even
> the subset which is making sure that each of the stations to serve
> these folks has enough warm bodies isn't an easy task.
>
> The levels to which we're going? Next year we're looking at RFID tags
> in bibs and gates at rest stops to track individual riders (ie: when
> can we close a rest stop? is it likely that someone's off course or
> having problems? even when is the next big group going to hit this
> rest stop so we can cut up fruit and have it fairly fresh?). This
> year, several of our sag vehicles will have transponders that'll
> transmit their position back to a big projected map at headquarters,
> in an area with no cell phone coverage.
>
> To coordinate the hordes of people necessary to put this on I have to
> convince well off residents of one of the richest regions in the
> country that they'd really enjoy spending a day in the hot sun doing
> the sort of counter-service work that their high school kids normally
> get paid $10/hr to do; thus I need to show each person that I contact
> that I care about *them*, that I want them to be a part of our team,
> because this isn't about serving food and doing menial labor, this is
> about building community, meeting cool people, and having *fun* (damn
> it!). I'm looking at our membership roster, I'm going through our
> volunteer list from last year, and I'm tapping three different other
> organizations, each of which has overlapping membership with ours, and
> there are a few others that are taking care of their own organization
> but that have overlapping membership. This is making me *very*
> conscious of issues in identity.
>
> Are James and Jim with a common last name the same person? Bob Smith
> is signed up as a "family" member, is Nancy Smith his wife? George
> Smith their son? Do we contact them three times, or one? The phone
> number we have for the two entries is different, is one a cell phone
> and one a home phone? George and Martha have the same email address,
> is that a transcription error, or do they live together and share an
> email address? If I send them mail, to whom do I address it? In in at
> least one place that's an outdated entry and those people have gotten
> divorced, so mis-addressing them is going to at the very least lose me
> a volunteer.
>
> Dealing with these very real world identity issues has consequences.
> People hate to get emailed or called multiple times, especially when
> they've already volunteered or said "no, I'm out of town". Nothing
> here is life or death, but I'm trying to write Perl scripts to make
> sense of four or five different lists and treat each person as
> politely as they, who are putting in tremendous efforts for our
> various organizations, deserve.
>
> And when I get it wrong people notice, and comment.
>
> Yes, there are potential privacy issues with having a single
> identifier for each of these people, and as a libertarian nerd I'm
> conscious of many of them, but between me and the people I'm
> contacting I think most of them would be absolutely overjoyed at the
> advantages that a single identifier confer.
>
> Email is kind of that identifier for this task, although it isn't
> universal, but even that has shifted some in the year that we have a
> member as active. Phone numbers really have.
>
> Next year what I want to do is build a web page where people can go to
> sign up to help out, and we're going to need to correlate those
> sign-ups with the various spreadsheets and databases and printouts
> that we have now, and we're going to be adding a few other helper
> organizations.
>
> Most of those people aren't technically savvy enough to understand why
> they would or wouldn't want a single ID, but they sure'll tell me when
> the lack of that ID causes me to call 'em extra times, or email them
> too much, or whatever.
>
> Today I've been re-assigning people, trying to keep track of who's
> working where, shuffling folks around, and this is a real world
> problem that I need to solve, 'cause when someone's put "B Smith" on a
> note on a spreadsheet, I have to know if that's "Bob" or "Barbara". If
> I can get enough penetration with YADIS and OpenID or LID or whatever
> *right now*, a whole bunch of people will be happier.
>
> And *none* of them care that the Leukemia and Lymphoma Society knows
> that they're the same person who signed up with the Marin Cyclists,
> but most of them would be quite happy if they didn't end up with
> double the mailing list load because of their membership in both
> groups, or that contacts from both groups could be more focused and
> more personalized because of that sharing of knowledge.
>
> Which is why I'm so intent on solving the problem ahead of me, and
> letting the other ones work themselves out when they become an issue.
>
> Dan
>
>
-------------- next part --------------
Skipped content of type multipart/related
More information about the yadis
mailing list