{"id":237,"date":"2007-09-25T09:26:18","date_gmt":"2007-09-25T16:26:18","guid":{"rendered":"http:\/\/www.laurenwood.org\/anyway\/archives\/2007\/09\/25\/suns-openid-idp-real-vs-fake\/"},"modified":"2007-09-30T11:32:13","modified_gmt":"2007-09-30T18:32:13","slug":"suns-openid-idp-real-vs-fake","status":"publish","type":"post","link":"https:\/\/www.laurenwood.org\/anyway\/2007\/09\/suns-openid-idp-real-vs-fake\/","title":{"rendered":"Sun\u2019s OpenID IdP: Real vs&nbsp;Fake"},"content":{"rendered":"<p>Part of a series on Sun\u00ad\u2019s OpenID@Work ini\u00adti\u00adat\u00adive; see the <a href=\"http:\/\/www.laurenwood.org\/anyway\/2007\/09\/suns-openid-idp-introduction\/\">intro\u00adduc\u00adtion<\/a> for more context.<\/p>\n<p>Prob\u00adably the biggest dis\u00adcus\u00adsion we had in the entire policy dis\u00adcus\u00adsion was wheth\u00ader to let Sun employ\u00adees use fake or fic\u00adti\u00adtious names, or wheth\u00ader to force the use of real names in what the Open\u00adID simple regis\u00adtra\u00adtion exten\u00adsion calls the <code>fullname<\/code>. The policy dis\u00adcus\u00adsion has value out\u00adside of the nar\u00adrow scope of an Open\u00adID IdP, and the dis\u00adcus\u00adsions we had reflect the import\u00adance of the issue for any sort of iden\u00adtity man\u00adage\u00adment system.<\/p>\n<p>Note on ter\u00admin\u00ado\u00adlogy: in this post, I\u2019ll use the term \u201cname\u201d to mean the Open\u00adID \u201cfull\u00adname\u201d.<\/p>\n<p>There are two com\u00adpet\u00ading prin\u00adciples at work here, and mak\u00ading a decision as to wheth\u00ader to allow fake names and non-iden\u00adtity-reveal\u00ading open\u00adid iden\u00adti\u00adfi\u00aders depends on which is con\u00adsidered more import\u00adant. The argu\u00adment for allow\u00ading fic\u00adti\u00adtious names is based on pri\u00advacy, and the prin\u00adciple that any time you can allow the user to retain pri\u00advacy, you should. Stor\u00ading Per\u00adson\u00adally Iden\u00adti\u00adfi\u00adable Inform\u00ada\u00adtion (<abbr title=\"Personally Identifiable Information\"><span class=\"caps\">PII<\/span><\/abbr>) should be avoided whenev\u00ader pos\u00adsible. Since the Open\u00adID ser\u00advice that we\u2019re provid\u00ading is an opt-in, per\u00adson\u00adal ser\u00advice that Sun employ\u00adees do not need to use for any Sun busi\u00adness pro\u00adcesses, there is no busi\u00adness reas\u00adon that requires the use of their real names (audit\u00ading accesses to cer\u00adtain files, for example, would require know\u00ading the user\u00ad\u2019s real name, so these pro\u00adcesses can\u00ad\u2019t use these open\u00adid iden\u00adti\u00adfi\u00aders).  Even in the case of some store giv\u00ading a dis\u00adcount to a Sun employ\u00adee, the store needs to know where to ship the item and which cred\u00adit card to charge it to, but the Open\u00adID IdP does\u00adn\u2019t need to know any of that inform\u00ada\u00adtion. The IdP veri\u00adfies only that the user is a Sun employ\u00adee, noth\u00ading more. So the pri\u00advacy advoc\u00adates are in favour of allow\u00ading fake names, email addresses that aren\u2019t Sun addresses, and stor\u00ading as little inform\u00ada\u00adtion as pos\u00adsible. Of course, if someone wants to be <b>really<\/b> private, they should\u00adn\u2019t use an open\u00adid iden\u00adti\u00adfi\u00ader from Sun, as that divulges the piece of inform\u00ada\u00adtion that they are a Sun employee.<\/p>\n<p>The case against allow\u00ading the use of fake names is a secur\u00adity and liab\u00adil\u00adity one. If someone can use a fake name, that means they can also use someone else\u2019s name or an open\u00adid iden\u00adti\u00adfi\u00ader that might lead people to believe the user is someone they\u2019re not. Since Sun is provid\u00ading the Open\u00adID ser\u00advice, people might think that Sun is also guar\u00adan\u00adtee\u00ading the vera\u00adcity of inform\u00ada\u00adtion about the user oth\u00ader than the mere fact that they work for Sun (we\u2019re not, Sun veri\u00adfies only that the user is a Sun employ\u00adee, noth\u00ading else). Such imper\u00adson\u00ada\u00adtion could cause repu\u00adta\u00adtion dam\u00adage that could take some time to repair, par\u00adtic\u00adu\u00adlarly if the user does some\u00adthing stu\u00adpid or illegal.<\/p>\n<p>The solu\u00adtion we came up with was a com\u00adprom\u00adise. Users can choose a fake name, a non-Sun email address, and an open\u00adid iden\u00adti\u00adfi\u00ader that does\u00adn\u2019t say any\u00adthing about them. The Open\u00adID IdP stores the inform\u00ada\u00adtion about which Sun employ\u00adee signed up for that open\u00adid iden\u00adti\u00adfi\u00ader, so in the event of a prob\u00adlem, we can trace it back. When a Sun employ\u00adee leaves the com\u00adpany, the open\u00adid account is made inact\u00adive. It\u2019s deleted after 6 months. This way there\u2019s a time gap if someone else wishes to use the same open\u00adid iden\u00adti\u00adfi\u00ader, and 6 months is a reas\u00adon\u00adable amount of time to keep such records in case there\u2019s a prob\u00adlem. We also keep the web serv\u00ader logs for 6 months; since these con\u00adtain the records of which open\u00adid iden\u00adti\u00adfi\u00ader vis\u00adited which site (though not where they went or what they did once there) these are only vis\u00adible for com\u00adpli\u00adance reas\u00adons (I\u2019ll talk more about the data gov\u00adernance in anoth\u00ader post). And finally, the user policy states spe\u00adcific\u00adally that imper\u00adson\u00ada\u00adtion is not allowed, and that inform\u00ada\u00adtion about who signed up for each open\u00adid iden\u00adti\u00adfi\u00ader is stored for com\u00adpli\u00adance reas\u00adons. Telling the user that we know who they are and what their open\u00adid iden\u00adti\u00adfi\u00ader is may help pre\u00advent prob\u00adlems, at least that\u2019s the&nbsp;hope.<\/p>\n<p>If the policy is abused, then we may have to change it, but so far we don\u2019t know of any prob\u00adlems. Sun\u00ad\u2019s exper\u00adi\u00adence with blog\u00adgers has shown that people do take their respons\u00adib\u00adil\u00adit\u00adies as Sun employ\u00adees ser\u00adi\u00adously, and are care\u00adful what they say and how they say it, and we saw no reas\u00adon why that should be any dif\u00adfer\u00adent for Sun employ\u00adees using the Open\u00adID ser\u00advice. Of course, there\u2019s no way of mak\u00ading sure that people really do read the policy, just like there\u2019s no way to make people read the licences for soft\u00adware pack\u00adages that they install, but at least the inform\u00ada\u00adtion is avail\u00adable for those who care to look. And to sign up for an account they have to agree to a dis\u00adclaim\u00ader that con\u00adtains the most import\u00adant parts of the policy as well, so there\u2019s some hope that they will read&nbsp;it.<\/p>\n<p>A related post is Yvonne Wilson\u2019s <a href=\"http:\/\/blogs.sun.com\/yvonne\/entry\/user_centricity_trust_technology_or\">User-cent\u00adri\u00adcity, Trust: Tech\u00adno\u00adlogy or Prac\u00adtice?<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Part of a series on Sun\u00ad\u2019s OpenID@Work ini\u00adti\u00adat\u00adive; see the intro\u00adduc\u00adtion for more con\u00adtext. Prob\u00adably the biggest dis\u00adcus\u00adsion we had in the entire policy dis\u00adcus\u00adsion was wheth\u00ader to let Sun employ\u00adees use fake or fic\u00adti\u00adtious names, or wheth\u00ader to force the use of real names in what the Open\u00adID simple regis\u00adtra\u00adtion exten\u00adsion calls the full\u00adname. \u2026 <a href=\"https:\/\/www.laurenwood.org\/anyway\/2007\/09\/suns-openid-idp-real-vs-fake\/\" class=\"more-link\">Con\u00adtin\u00adue read\u00ading<span class=\"screen-reader-text\"> \u201cSun\u2019s Open\u00adID IdP: Real vs&nbsp;Fake\u201d<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":3,"activitypub_interaction_policy_quote":"","activitypub_status":"","footnotes":""},"categories":[13],"tags":[25,24],"class_list":["post-237","post","type-post","status-publish","format-standard","hentry","category-identity","tag-openid","tag-sunopenid"],"_links":{"self":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/comments?post=237"}],"version-history":[{"count":1,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/237\/revisions"}],"predecessor-version":[{"id":799,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/posts\/237\/revisions\/799"}],"wp:attachment":[{"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/media?parent=237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/categories?post=237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.laurenwood.org\/anyway\/wp-json\/wp\/v2\/tags?post=237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}