[cap-talk] the value of identity

[Karp, Alan H]

Aah.  Now I understand the question.  I thought you were talking about protecting the identity from others.  I now see that you're trying to protect the system against multiple identities controlled by one person.

HP has an interesting approach for handing out digital certificates.  I fill out an online form, and a six-digit code is sent to my office voicemail.  I retrieve that number and insert it into a web form to complete the registration process.  Since there's one voice mailbox per employee and one certificate per voice mailbox, each employee has only one identity.  Unfortunately, I don't see how to make that work in a less constrained environment.  Maybe SMS or snailmail would work well enough.

There are many schemes that limit indiviuals to having a modest number of accounts, captcha/recaptcha, requiring a valid credit card number (some even charge $1.00).  Perhaps requiring the posting of a bond that is forfeited if a user is caught with more than one identity would work, but I've never heard of such a scheme.

I don't see how the IM systems do identity verification in a way that limits a person to a single account.  At best, they can limit a person to one account per (virtual) machine.

________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp