Kenneth Klingenstein
Evangelist, Trust and Identity
Internet2
After twenty-five years of developing Internet identity and creating a complicated set of relationships among participants in digital interactions, we are faced with a critical set of decisions on implementing privacy in this complex ecosystem. It is not only that the questions are difficult, but also that who gets to answer them is unclear. Each of the participants — identity providers, librarians, users, browser manufacturers, device manufacturers, relying parties, portal operators and governments — are interested in answers that optimize their own value in the ecosystem, and the tussle among these forces is increasing. Many of the decisions to be made are around the issues of sharing personal information and tracking Internet usage. One prime example is in the sharing of attributes in the classic research and engineering multilateral federation. Today, decisions on what to share are primarily answered by identity providers, but a broad array of other stakeholders — notably governments, portal operators, and users themselves — are interested in making that decision. Another key example is in an effort by browser manufacturers to deprecate third-party cookies. While its intent is to stop the most common forms of Internet tracking, it has unexpected consequences on federation and relying parties. If the question of how to minimize tracking is answered by browser designers, other major stakeholders will face problems in their services. Even the question of who creates a trust-anchored identity, typically done by an official government document of some type, is being challenged by distributed identities with reputation-based trust. This discussion will examine the major privacy crossroads we are at in the digital ecosystem, and who might chart the paths forward.