[Neil McEvoy] I’ve been at the EEMA e-Identity conference in Tallinn, Estonia. I’ve heard a lot of people say that relying parties need to know the ‘level of assurance’ that can be ascribed to someone’s claimed identity, or in some attribute associated with an identity. A somewhat stronger version of this that I’ve also heard is that they must know the ‘probability’ that a claimed identity (or attribute) is correct.
This leaves me perplexed. If I see a die that looks like a regular cube, I can postulate that there is a one in six probability that if I throw it once I will get a six. I have implicitly assumed a couple of things; that my vision is sufficiently acute to spot any irregularity in its shape, and that the die is of an even density (strictly speaking, that the distribution of mass has cubic symmetry). I can test my proposition by throwing the die (say) 96 times. If I get roughly 16 of each number, my confidence will be increased (in a way which can be quantified) that it is a true die and that my initial postulation is correct. The points here are that:
- my assertion on the probability rests on a limited number of assumptions
- it can be tested
- the more tests I do, the more confidence I can have
- the past is a reliable guide to the future.
None of these are the case when trying to assess the veracity of a claim to a certain identity. If you receive a bundle of bits that encodes ‘Neil McEvoy’ (with some ancillary bits that indicate that some process, designed to validate the claim to my identity, has occurred), you cannot know the probability that I caused that bundle to reach you. I either did or I didn’t; but the number of ways in which I might not have is not known to you—or anyone. Neither would you generally be in a position to repeat the process a hundred times and check the number of times that it is me or isn’t me. And, even if you could, there is no way that you can be sure that the past experience is a reliable guide to the future.
If we want an analogy with a die, it is that you receive some bits from me that purport to represent one throw of one die. Now, a die may not have been thrown—I could have made it up. It may have been thrown and I reported the wrong number, by accident or design; someone may have told me to type ‘6’ while holding a gun to my head; someone may have tricked me by handing me a die with two sixes and no ones; someone may have stolen the credentials I use to ‘prove’ that I entered a report; someone may have broken the cryptographic algorithm used to sign the transmission; or, for that matter, some Rumsfeldian ‘unknown unknown’ may have occurred. I think it is pretty clear that the probability that a report reaching you is truthful cannot be calculated, nor divined by any experiment.
So what should a relying party want? Clearly, not to be told by a provider that they can provide electronic identities that are 99.9% truthful, for such a person is a fool or a knave. By all means, he should expect the provider to have confidence in his service; but that is worth nothing unless he puts his money where his mouth is. The provider who accepts liability and has the balance sheet or the insurance to meet any losses that might ensue from your reliance on a false claim, that they have endorsed, is the only one that is worthy of your business. They will have every incentive to employ cost-effective business processes and technical measures that will limit the necessity for meeting claims.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers