Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IBM to Open Source Novel Identity Protection Software

Zonk posted more than 7 years ago | from the keeping-anyone-else-from-being-you dept.

Security 40

coondoggie handed us a link to a Network World article reporting that IBM plans to open source the project 'Identity Mixer'. Developed by a Zurich-based research lab for the company, Identity Mixer is a novel approach to protecting user identities online. The project, which is a piece of XML-based software, uses a type of digital certificate to control who has access to identity information in a web browser. IBM is enthusiastic about widespread adoption of this technology, and so plans to open source the project through the Eclipse Open Source Foundation. The company hopes this tactic will see the software's use in commercial, medical, and governmental settings.

cancel ×

40 comments

Sorry! There are no comments related to the filter you selected.

a novel approach (5, Funny)

User 956 (568564) | more than 7 years ago | (#17775862)

Developed by a Zurich-based research lab for the company, Identity Mixer is a novel approach to protecting user identities online.

which novel? I hope not 1984.

Re:a novel approach (1)

jurt1235 (834677) | more than 7 years ago | (#17776298)

1984 or not, identity mixer is already disturbing enough as an idea. It suggests it helps to mix identities!

Reproduction (1)

User 956 (568564) | more than 7 years ago | (#17776316)

1984 or not, identity mixer is already disturbing enough as an idea. It suggests it helps to mix identities!

Mixing identities? Nature already provides that functionality. This being slashdot, I'm sure many people may be unaware of that.

Re:a novel approach (0)

Anonymous Coward | more than 7 years ago | (#17777052)

Well, since there very well could be patents involved (doesn't IBM hold more patents than any other company in the world?) your identity's protection, if this system gains widespread use, may be subject to paying royalty fees to IBM Corporation. That sounds something like 1984 to me. Certainly, very dystopian...

Re:a novel approach (1)

Miseph (979059) | more than 7 years ago | (#17779056)

If you open source something, you make your own patents unenforceable insofar as they apply to the thing in question. IBM is not capable of suing people for patent violation on software they distribute or allow others to distribute.

Glad it's Friday (1)

Aqua_boy17 (962670) | more than 7 years ago | (#17775878)

Anyone else read that as Novell Identity Protection Software and thought WTF? It is definitely beer-thirty.

Raises Hand... (1)

aardwolf64 (160070) | more than 7 years ago | (#17775906)

Me. I already tagged it as: notnovell

Re:Raises Hand... (1)

Aqua_boy17 (962670) | more than 7 years ago | (#17776102)

lol...after actually RTFA'ing (a little) apparently Novell actually was involved in the earlier development - perhaps before then went to the dark side ^H^H^H^H^H^H^H^H^H^H^H^Hsigned with Microsoft.

Anyway, back on topic. Can anyone tell me why this is not just another implementation of SSO which (I saw Novell's original version and loathed it) is usually a really bad idea?

Re:Glad it's Friday (0, Troll)

anagama (611277) | more than 7 years ago | (#17775948)

yep. I was really straining my brain to think how IBM could do that.

Re:Glad it's Friday (1)

BobPaul (710574) | more than 7 years ago | (#17776242)

Yeah, I did that.

"How can IBM open up Novell's software??"

The right hand does't know what the left is doing (4, Funny)

Ceriel Nosforit (682174) | more than 7 years ago | (#17775912)

Anyone remember maybe a year or two ago when IBM was doing something with rather intrusive software to mine data on people?

It seems IBM doesn't really have a clear policy on whether to be Good or Evil. They seem to try doing both at the same time...

Guess we need to label IBM as Chaotic Neutral...

Re:The right hand does't know what the left is doi (3, Interesting)

Xtifr (1323) | more than 7 years ago | (#17776564)

IBM's been like that for a long time. Remember when the PC division refused to sell the company's own operating system? (Of course, the PC division ended up being sold to a Chinese company, so I guess the OS/2 developers got the last laugh, but a bit too little too late.)

Big, diverse companies often seem to be going in several directions at once, and in this industry, pretty much nobody is bigger or more diverse than IBM (still).

Hey now (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17775984)

Mixmaster Mike on the Mic BOOOOOOOOOOOYYYYYYYYYYYYYY

I'm on that beat box, son

Open source simple? (-1, Troll)

adambha (1048538) | more than 7 years ago | (#17776056)

uses a type of digital certificate to control who has access to identity information in a web browser
Sure, store my identity in a digital certificate, provide full source code freely, and then ask yourself how long it will take the haxor community to find a way in.

Re:Open source simple? (4, Insightful)

Xtifr (1323) | more than 7 years ago | (#17776670)

Yeah, 'cause clearly, nothing [openbsd.net] is more secure than a closed source [microsoft.com] solution. Security by obscurity is the ONLY ANSWER! And advice on computer security by random slashdot posters is far more trustworthy than anything from a company that's been making secure systems for longer than most of us have been alive [ibm.com] .

Re:Open source simple? (1)

RobertLTux (260313) | more than 7 years ago | (#17780044)

yes of course if you know International Business Machines the you realize that they in their inventory (of past products) have servers that have been proven By Actual Troops
to be bullet proof (with actual bullets!!)

Re:Open source simple? (1)

Jah-Wren Ryel (80510) | more than 7 years ago | (#17780140)

International Business Machines the you realize that they in their inventory (of past products) have servers that have been proven By Actual Troops
to be bullet proof (with actual bullets!!)


I don't know about that. But HP has some systems that are bullet proof, with actual videos of the shooting. [hp.com]

Re:Open source simple? (1)

itlurksbeneath (952654) | more than 7 years ago | (#17780454)

I've always been impressed with HP's engineering in their UNIX line of servers (can't speak to the PC based ones). I had a server (actually a B class workstation functioning as a server) several years ago that was knocked off a table onto the floor by the cleaning staff. Even after a 3 foot tumble, it never missed a beat. Never even rebooted. The only evidence was a little scuffing on the case. Nice stuff.

ms passport (4, Funny)

dcskier (1039688) | more than 7 years ago | (#17776088)

what, you mean people don't like ms passport?

Re:ms passport (1)

User 956 (568564) | more than 7 years ago | (#17776186)

what, you mean people don't like ms passport?

My name is Werner Brandis. MS is my passport. Verify Me.

Re:ms passport (1)

finite_automaton (302001) | more than 7 years ago | (#17776566)

My name is Werner Brandis. MS is my passport. Verify Me.
Too many secrets

Re:ms passport (1)

rmallico (831443) | more than 7 years ago | (#17778948)

Seatec Astronomy...

What's really new? (2, Informative)

neonux (1000992) | more than 7 years ago | (#17776184)

I mean what's new in this compared to current LiveJournal's OpenID [openid.net] ?

Haven't We Seen This Before? (2, Interesting)

VorpalRodent (964940) | more than 7 years ago | (#17776286)

From what I read in the article (and I could be wrong, I admit), it sounds like people are simply controlling the amount of personal information that goes to the third party. So, I want to buy something, and only the pertinent information goes to the vendor.

How is this different from things that have been tried in the past? Furthermore, how is this different from the various other situations we hear about occurring at financial institutions and the like, where a database is inadvertently printed or placed outside a firewall (or whatever)?

What makes this better than me simply typing my credit card number into the secure web site of an online store (or have I missed the intended purpose)?

Re:Haven't We Seen This Before? (1)

beakerMeep (716990) | more than 7 years ago | (#17776508)

What makes this better than me simply typing my credit card number into the secure web site of an online store (or have I missed the intended purpose)?

it lets you enter your card into that phishing site you fell for faster

We have seen it before. It's P3P (0)

Anonymous Coward | more than 7 years ago | (#17780878)

This sounds a lot like the Platform for Privacy Preferences (P3P). EPIC has a review [epic.org] of it. It was marketed as a Privacy Enhancing Technology when in reality it was anything but.

The idea was that you would have settings in your browser to indicate what personal information you would reveal before connecting to a web site. However, it was supposed to be negotiable. The web site would specify what personal information you would have to reveal before you could connect. The reality is that if P3P ever took hold, all web sites would demand enough to identify you at a minimum. Enough people would blindly follow directions and release the information. Those of us vigilant of our privacy would have to configure our browsers to do the same or be out of touch with 90% of the world.

you fail i7? (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17776442)

It's about time! (1)

null etc. (524767) | more than 7 years ago | (#17776626)

Thank God! Seriously, whoever thought that doing web security within HTML forms was a good idea really needs to be taken to the shed.

verbing equals weirding. (0)

Anonymous Coward | more than 7 years ago | (#17776702)

You don't open source something. You open-source something.

Thus any literate speaker of English reading the headline would be left guessing what "novel identity" is. Or without the word "novel", obviously IBM is unveiling software to protect the identity of source code, for example allowing companies to selectively use FLOSS code without fearing that it might make its way into closed software projects.

ie "IBM to release software to protect source identity."

That is all.

Anyone have a link that doesn't suck? (0)

Anonymous Coward | more than 7 years ago | (#17776736)

Can someone find a link that describes what this actually does?

The writeup and the article both sucked.

Novell Identity Protection Software (1)

finity (535067) | more than 7 years ago | (#17776898)

Am I the only one who read the title and thought Novell instead of novel?

Re:Novell Identity Protection Software (0)

Anonymous Coward | more than 7 years ago | (#17780738)

You and that one other guy are the only ones to misread "Novel" as "Novell" I'm sure. Slashdot editors would never dupe us, just the stories.

more details on the project (3, Informative)

ivar (31153) | more than 7 years ago | (#17777094)

can be found here [ibm.com] .

Algorithms and code can't fix power imbalances (1)

Wesley Felter (138342) | more than 7 years ago | (#17777322)

Today if you want to conduct virtually any kind of commerce over the Net, you have to provide a whole dossier of information about yourself. Whether this information is technically necessary or not is irrelevant -- if virtually all companies demand it, then individuals will have to provide it.

So here's some technology that allows you to anonymize your data or just not send it in the first place; what is the incentive for businesses to adopt this technology (at great cost to them)? Perhaps in Europe it will be mandated by law but I don't have any hope here in the USA.

Patented? (3, Insightful)

SiliconEntity (448450) | more than 7 years ago | (#17778348)

idemix [ibm.com] which is the software in question appears to be covered by a number of patent applications [uspto.gov] submitted by the inventor, Jan Camenisch. What's the point in open-sourcing it if IBM has half a dozen or more patents covering the technology being used? Or will this process grant use of any IBM-owned patents necessary to run the code? And if so, what happens as people start modifying the code; how far can they go and still be indemnified against IBM patent infringement?

Patents and open source don't mix well. I don't see how this is going to work.

Re:Patented? (1)

Wesley Felter (138342) | more than 7 years ago | (#17779016)

IBM patents everything it can. If IBM doesn't patent something that they create, then another company will, and that company might not be friendly to open source developers. Most newer open source licenses include an explicit grant of patent rights which should eliminate most of these problems.

mDod up (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#17778566)

I won't bore you you down.( It was

Do you need this, if set to "no one and never"? (1)

pla (258480) | more than 7 years ago | (#17783616)

The project, which is a piece of XML-based software, uses a type of digital certificate to control who has access to identity information in a web browser.

Well now, that certainly seems like a complicated way to deny all cookies, disable the browser cache, block most "web bug" images, and have FireFox's "Clear Private Data" tool set to purge everything on closing the browser.

All these companies trying to make it "easier" for me to share my info with those who I "trust" have completely missed the point - I don't trust any of them!

I fill out every forced (yeah, not really "forced", in that I have a choice of not getting that content - Let's not play naive here) registration form with completely bogus personal info[1]. If it needs a "real" email address to send some sort of login info or an annoying "you must respond to this to activate your account" message, I make a one-off email address, get the message, and delete the address. Even most "real-world" companies with whom I do business don't have my real contact info - If I want to talk to them, I'll call; I don't really care if they want to talk to me.

We need to take back our privacy. Letting companies even pretend they have the right to talk to us without our initiating the conversation, goes too far. Tools like the one described show that not only do they think they can talk to us, but that we might even want to share our info with them.


1) You need to explain this concept to your non-geek friends and relatives. It absolutely shocks most people when I tell them that "Yes Virginia, you can lie" when a website asks for your name or email address.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?