On Monday 04 September 2006 12:43 am, Dinesh Shah wrote:
Hello Siddhesh,
Your interpretation of the CIS is very simplistic. At this stage I am just proposing to collect the personal information which is simple to gather, it's unique (every one has just one biological mother right?) (on the second thought, what is the status of test tube babes and surrogate mothers?) and inherently secure. (Like who would like to keep his/her mother's name secret?).
Someone raised the public disclose of birthday stating that birthday/date is used for various verifications. But this is due to an assumption that birthday/date is a Private info. However, this info is already in public (you sure have friends with whom you share your birthday/date? :-) ). People give their birthday/date info on-line at many places. It is not really difficult to get some one's birthday/date.
To gather other unique info like digital photo, finger print, retina/iris pattern, DNA will be very expensive. However, they can be collected as and when required.
True, but we do need something that requires minimal user intervention to protect them from temselves in many ways. And the FOSS way is definitely THE best way for such an effort because I guess there are going to be many "BIG BROTHER" concerns over this.
I agree. How about every individual carrying a simple plastic card with basic info printed in human and machine readable format like either bar code or RFID?
This card will be very easy to manufacture and replace. The card can be manufactured in such a way to make it very difficult to make duplicates/fakes.
The highest security cards available are the ones using RSA in hardware. They are very widel used but are not cheap at all. Neither are all the other elements in the processing chain. Further the point of this card is to having confidential data stored on it allowing ready access. The system breaks all the while not because of the card but at various points in the chain which are completely clueless about security -e.g hospital mandated by the insurance agency.
If u are trying to create a unique verifiable id that does not need physical verification of the id there is no such thing. The minority who need to spoof an id can do so even when there is reasonable physical verification (credit card / phones). It is trivial to break a system with no physical verification at the point of issuing a service. And is primarily the requirement of governments wanting to extract their pound of flesh or service providers like banks / insurance trying to cut their exposure. At no point is it needed to provide government / public services.
If one is to make a reasonable model we will have to use methods that humans use to establish identity and then trust. We identify people by name + face and establish trust by their relatonship with other known trusted persons and by referalls. so photoid card with id number and database of related persons is all that is required. Database access and it's security is a problem, but that is a problem not related to identity.
Rgds JTD