Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Technology Stocks : Novell (NOVL) dirt cheap, good buy? -- Ignore unavailable to you. Want to Upgrade?

To: Bearded One who wrote (28110)	9/14/1999 5:18:00 PM
From: Paul Fiondella	Respond to of 42771

DigitalMe communities I think what Scott is referring to is the capability within digitalme to set up different kinds of communities. You may want to store your financial identity with identity vault maintained by a bank. You don't want to share that information with a group of people with whom you share an interest in scuba diving nor with some insecure scuba diving web site. I assume that digitalme can handle this. The question remains whether all identity vaults would have to have the same rules for rigidly identifying you as a bank. Here I feel that in licensing the technology Novell will have to differentiate in some way between the ultra-secure ecommerce use of the technology and other uses. Think of it as two circles. In one circle is the label "ecommerce". In another circle is the label "virtual communities". A larger circle can be drawn around both circles labeled "identity vault owned by Citigroup for transaction processing", or a smaller circle can be drawn around just the virtual community circle and labeled "scuba world". You or I could buy the components to put together "scuba world". Or even better, having begun as a "special interest card" within the secure identity vault at Citigroup, we could split off and buy our own server and set up "scuba world". I think people like Scott have a lot of ideas here. In some sense I feel as if I'm looking into the future of the internet.

To: Bearded One who wrote (28110)	9/14/1999 7:35:00 PM
From: Scott C. Lemon	Read Replies (2) \| Respond to of 42771

Hello Bearded One, > Scott- You've been dropping some clues here, let me see if I can > put them together: I've actually been trying to voice one opinion of how such systems would be architected. I try to look around me and design software systems based on the real world around us. I like to think of this as leveraging the billions of years of evolution to do systems design! ;-) > 1) Anyone can be a trusted store. I believe this to be the case. As long as you have someone who trusts you, then you can be a trusted store. It is the same with the real world ... you might choose to use a safety deposit box, or you might stash your valuables in your locker as the pool, or in the humidor(?) at the local cigar shop! ;-) > 2) Multiple communities interacting. I'm not sure that there is the requirement for communities to interact, although one community might have an "identity" in another community. If you look at the work that the folks at ZeroKnowledge have done, I really believe that they are a better example of a shipping product with a good architecture. As long as I have the ability to interact with multiple communities, then my needs are met. > Ok, let's see. I want to start a community and allow others to > engage in transactions. I set up some sort of digitalMe server, and > people interact with my server using their client digitalMe > software. This is one place that I want to be clear ... I can not speak for digitalme or what it can or can not do! I have nothing to do with this project, and haven't for quite some time. I'm no longer an employee of Novell, and I'm not sure that I feel comfortable speaking in terms of "digitalme". We could re-phrase your question like this: > Ok, let's see. I want to start a community and allow others to > engage in transactions. I set up some sort of community server, and > people interact with my server using their client community > software. Yes ... this could be the case. > Why should I trust them? You might not. That's the point. So you would be very selective about what you allow them to do, until you verify their identity to your satisfaction. Likewise, since they are not sure about trusting you, they might not put all of their confidential information on your server ... only the parts they trust to be there. This is what I would call "selective replication" of information. > Well, ok, that means digital signatures so that I can verify that > Mr. X is not impersonating Mr. Y. Actually, the authentication to your server provides that. Since they would have to authenticate as a member of your community server to access the community. > The key question is, why should they trust me? Well, trust me to > what? To prevent me from identity theft, I have to be forbidden > from viewing their info in cleartext (like not seeing a SSN or > credit card number). Yes ... and now you have hit upon a very important issue when designing systems like this. I believe that this is where some "vault" concepts begin to break down. If I want my information to be stored securely, then I need to encrypt the information. If I have encrypted the information, then other people can't see it. At that point I can't share it ... oops ... I thought that's what we wanted to do! ;-) So a couple of things that I think are necessary ... one, for the member to have the ability to pick and choose what information is to be encrypted from everyone. And two, that I share information with other people through trusted communities for exchange. And this leads back to multiple communities ... > Again, using digital signatures, we can do that if you register > your public key with the credit card company and you send me your > credit card number/expiration date with your private key. I wouldn't want to send you my private key, but you have the right idea. By looking at mechanisms like Kerberos, etc. there are ways to give you a piece of information and a "ticket" which you can use to verify the authenticity of the information. > So basically, you have a whole bunch of digital signatures and > nothing ever gets passed around unencrypted. We're talking two-way > anonymous transactions. What's interesting is that you might interact with me, and we exchange some information or even funds, and you might be dealing with one of my many identities which has no connection or traceability. Well ... it could be traced to the community, but if they don't log or keep records, or they exist in a country with different laws, then I would be protected. And I believe that it is just this capability which will drive the market (or black market) for the creation of such software. > I'm sure I'm missing some essential portions, but did I get some of > it right? You're on the right track ... and I think that if you try to find real world examples that match, you'll see the "common sense" in this approach. We all deal with each other through a distributed set of communities in the real world ... some of which have no idea of the others. And we all have various identities in this communities already ... I'm just waiting for the software company that reproduces this in the Internet ... Scott C. Lemon