Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

IBM to Open Source Novel Identity Protection Software

Posted by Zonk on Fri Jan 26, 2007 04:18 PM
from the keeping-anyone-else-from-being-you dept.
Security Privacy
coondoggie handed us a link to a Network World article reporting that IBM plans to open source the project 'Identity Mixer'. Developed by a Zurich-based research lab for the company, Identity Mixer is a novel approach to protecting user identities online. The project, which is a piece of XML-based software, uses a type of digital certificate to control who has access to identity information in a web browser. IBM is enthusiastic about widespread adoption of this technology, and so plans to open source the project through the Eclipse Open Source Foundation. The company hopes this tactic will see the software's use in commercial, medical, and governmental settings.

Related Stories

[+] Your Rights Online: Digital Credentials Offer Enhanced Privacy 49 comments
John Q Random writes "Stefan Brands's company credentica.com announced their U-Prove library and SDK implementing ID tokens — also known as digital credentials or private credentials. (Private Credentials are a cool PKI replacement and anonymous e-cash tech that allows you to prove certified attributes like age, credit rating, group membership, etc. without revealing who you are; to allow you to have a digital life without the digital dossier effect inherent in a central databases.) Following this announcement, Adam Back announced credlib, an open source implementation of Brands credentials (and the older more basic Chaum certificates). These developments relate to recent news from IBM's Zurich labs on their identity-mixer project (previously discussed on Slashdot) that is based on the less efficient Jan Camenisch and Anna Lysyanskaya credentials."
This discussion has been archived. No new comments can be posted.
IBM to Open Source Novel Identity Protection Software | Log In/Create an Account | Top | 40 comments | Search Discussion
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • a novel approach (Score:5, Funny)

    by User 956 (568564) on Friday January 26 2007, @04:21PM (#17775862)
    (http://www.atomjax.com/)
    Developed by a Zurich-based research lab for the company, Identity Mixer is a novel approach to protecting user identities online.

    which novel? I hope not 1984.

  • Glad it's Friday (Score:2)

    by Aqua_boy17 (962670) on Friday January 26 2007, @04:22PM (#17775878)
    Anyone else read that as Novell Identity Protection Software and thought WTF? It is definitely beer-thirty.
  • Anyone remember maybe a year or two ago when IBM was doing something with rather intrusive software to mine data on people?

    It seems IBM doesn't really have a clear policy on whether to be Good or Evil. They seem to try doing both at the same time...

    Guess we need to label IBM as Chaotic Neutral...

    • Re:The right hand does't know what the left is doi (Score:4, Interesting)

      by Xtifr (1323) on Friday January 26 2007, @05:01PM (#17776564)
      (http://xtifr.w.googlepages.com/home)
      IBM's been like that for a long time. Remember when the PC division refused to sell the company's own operating system? (Of course, the PC division ended up being sold to a Chinese company, so I guess the OS/2 developers got the last laugh, but a bit too little too late.)

      Big, diverse companies often seem to be going in several directions at once, and in this industry, pretty much nobody is bigger or more diverse than IBM (still).
      [ Parent ]

  • ms passport (Score:4, Funny)

    by dcskier (1039688) on Friday January 26 2007, @04:32PM (#17776088)
    what, you mean people don't like ms passport?
    • Re:ms passport by User 956 (Score:2) Friday January 26 2007, @04:38PM
      • Re:ms passport by finite_automaton (Score:1) Friday January 26 2007, @05:01PM

  • What's really new? (Score:2, Informative)

    by neonux (1000992) on Friday January 26 2007, @04:38PM (#17776184)
    I mean what's new in this compared to current LiveJournal's OpenID [openid.net] ?

  • Haven't We Seen This Before? (Score:2, Interesting)

    by VorpalRodent (964940) on Friday January 26 2007, @04:43PM (#17776286)
    From what I read in the article (and I could be wrong, I admit), it sounds like people are simply controlling the amount of personal information that goes to the third party. So, I want to buy something, and only the pertinent information goes to the vendor.

    How is this different from things that have been tried in the past? Furthermore, how is this different from the various other situations we hear about occurring at financial institutions and the like, where a database is inadvertently printed or placed outside a firewall (or whatever)?

    What makes this better than me simply typing my credit card number into the secure web site of an online store (or have I missed the intended purpose)?

  • It's about time! (Score:2)

    by null etc. (524767) on Friday January 26 2007, @05:04PM (#17776626)
    Thank God! Seriously, whoever thought that doing web security within HTML forms was a good idea really needs to be taken to the shed.
  • Am I the only one who read the title and thought Novell instead of novel?
    • 1 reply beneath your current threshold.

  • more details on the project (Score:3, Informative)

    by ivar (31153) on Friday January 26 2007, @05:33PM (#17777094)
    can be found here [ibm.com].
  • Today if you want to conduct virtually any kind of commerce over the Net, you have to provide a whole dossier of information about yourself. Whether this information is technically necessary or not is irrelevant -- if virtually all companies demand it, then individuals will have to provide it.

    So here's some technology that allows you to anonymize your data or just not send it in the first place; what is the incentive for businesses to adopt this technology (at great cost to them)? Perhaps in Europe it will be mandated by law but I don't have any hope here in the USA.

  • Patented? (Score:4, Insightful)

    by SiliconEntity (448450) on Friday January 26 2007, @06:55PM (#17778348)
    idemix [ibm.com] which is the software in question appears to be covered by a number of patent applications [uspto.gov] submitted by the inventor, Jan Camenisch. What's the point in open-sourcing it if IBM has half a dozen or more patents covering the technology being used? Or will this process grant use of any IBM-owned patents necessary to run the code? And if so, what happens as people start modifying the code; how far can they go and still be indemnified against IBM patent infringement?

    Patents and open source don't mix well. I don't see how this is going to work.
    • Re:Patented? by Wesley Felter (Score:2) Friday January 26 2007, @07:50PM

  • CardSpace (Score:1)

    by nr1 (164056) on Saturday January 27 2007, @05:16AM (#17782130)
    (http://www.sulistyo.de/)
    This sounds similar in concept if not execution to CardSpace (http://msdn2.microsoft.com/en-us/netframework/aa6 63320.aspx/ [microsoft.com]).
    Any thoughts on this?

  • Do you need this, if set to "no one and never"? (Score:2)

    by pla (258480) on Saturday January 27 2007, @11:31AM (#17783616)
    (Last Journal: Monday April 03 2006, @07:23PM)
    The project, which is a piece of XML-based software, uses a type of digital certificate to control who has access to identity information in a web browser.

    Well now, that certainly seems like a complicated way to deny all cookies, disable the browser cache, block most "web bug" images, and have FireFox's "Clear Private Data" tool set to purge everything on closing the browser.

    All these companies trying to make it "easier" for me to share my info with those who I "trust" have completely missed the point - I don't trust any of them!

    I fill out every forced (yeah, not really "forced", in that I have a choice of not getting that content - Let's not play naive here) registration form with completely bogus personal info[1]. If it needs a "real" email address to send some sort of login info or an annoying "you must respond to this to activate your account" message, I make a one-off email address, get the message, and delete the address. Even most "real-world" companies with whom I do business don't have my real contact info - If I want to talk to them, I'll call; I don't really care if they want to talk to me.

    We need to take back our privacy. Letting companies even pretend they have the right to talk to us without our initiating the conversation, goes too far. Tools like the one described show that not only do they think they can talk to us, but that we might even want to share our info with them.


    1) You need to explain this concept to your non-geek friends and relatives. It absolutely shocks most people when I tell them that "Yes Virginia, you can lie" when a website asks for your name or email address.

  • Re:Open source simple? (Score:5, Insightful)

    by Xtifr (1323) on Friday January 26 2007, @05:06PM (#17776670)
    (http://xtifr.w.googlepages.com/home)
    Yeah, 'cause clearly, nothing [openbsd.net] is more secure than a closed source [microsoft.com] solution. Security by obscurity is the ONLY ANSWER! And advice on computer security by random slashdot posters is far more trustworthy than anything from a company that's been making secure systems for longer than most of us have been alive [ibm.com].
    [ Parent ]
  • 7 replies beneath your current threshold.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.