Discussions About The Future of Internet Naming and Identification
Overview of Think Tank Meeting #2
To follow the 1st discussion, my goal was to have the group dive down deeper into a topic identified during the first meeting. We laid out some ground goals of the meeting which included:
- Purpose: to think about these problems at a high level
- Think outside the box
- Non-goals: to blame, stop or replace existing work
- Outcomes: to be defined in the future – today just "thinking"
We had 10-12 people in attendance at this particular informal gathering.
Privacy vs Discoverability
This time we dove down into a singular topic.
What's the right balance between privacy vs discoverability?What are the parameters that can optimize for both?
How can users create entries not tied to their personal identifiers (e.g. names)?
We spent a third of the meeting going around the table getting everyone's immediate opinions on this topic, followed by an open discussion where everyone could contribute at will.
Wes' consolodated notes from the discussion
- We need classifications of the different naming systems in various
levels of privacy: e.g. "friends list on facebook" is different
than other naming systems
- There are multiple models to think about and what makes the data private and who it matters to. end-users need to use this in the end.
- "Scope for the user" is difficult to educate and manage
- "Discovery services" plays a critical role for usability
- Is unique naming and addressing is critical
- UUID type naming is helpful for unique identification, but we need separation between what the user is seeing and what is used to reach to the system (like an address)
- Open question: do we need another layer of indirection?
- We need a name that is unique for the lifetime of the device or service
- But people are now used to imprecise naming, such as google searches rather than knowing the precise name we need. Searching is becoming predominate over naming knowledge.
- Most people are using stuff in apps that aren't based on the DNS and global naming. People are moving back into walled gardens like facebook messaging, etc. Facbook, google, skype, instagram, etc are the new directories.
- The IoT space is also divided into their own spaces as well. Each device manufacture has their own system.
- Thoughts on Privacy
- "give it all to google or another data vendor" is the simplest thing to do, so it wins most of the time.
- How do you have privacy, give it out sparingly and remember how to do next time?
- Other models worth studying
- Worth looking at science fiction authors to see what they had to
say, as they've spent a lot of time thinking about these
problems (both for good and evil)
- "The Quantum Thief" science fiction author - entire new models of privacy
- NEW: Did anyone see The Circle? (not well rated though)
- biological systems have built in identity and interactions. Could look at them as an example.
- Worth looking at science fiction authors to see what they had to
say, as they've spent a lot of time thinking about these
problems (both for good and evil)
- Content Centric Networking
- objects are associated with a signature. We have to build a whole new set of trust models to manage it.
- users don't know where the content is; a URL pointing to a server name no longer works. Instead they want an object with content ID XXXX, please get it for me using any means possible.
- Privacy and discoverability management
- It is likely that people will have to outsourceq our privacy
controls to specialized AIs that can manage our privacy.
- NEW: turns out CMU has created an app to do just this
- Right now everything many systems need to be managed for privacy rights, like multiple social media systems.
- We need to, but how do we, publish objects with access rights that can't be overridden.
- Parts of "the tree" [applies to multiple trees] you may want to keep private ; do we still want to think about it as a tree or overlapping name spaces?
- Disposable identities are becoming very popular in the younger generations. New E-mail addresses and accounts are created frequently. And they're deleted just as quickly when they start attracting too much spam. They don't define their personal identity by long lived accounts and are fine with "looser" connections.
- Companies want to exploit our data, often as their primary purpose.
- How do we deal with bad identity things like ad trackers, and keyboard loggers, etc that are managing identities for us? We have identities assigned to us and our devices that we don't want attached.
- DOA system: ITU countries are trying to push this because every object would get a unique identifier and oppressive governments can control and track them.
- Looking back at history, we say "though were so unhygenic in the midevil period" and I suspect the future wil look back at us with a similar view of our digital selves today.
- It is likely that people will have to outsourceq our privacy
controls to specialized AIs that can manage our privacy.
- Contextual challenges
- A "multiple brothers" problem. When someone says "my brother", it is often expected that the listener knows which I mean when I say "my brother" when I may have mulitple brothers.
- What about access rights where you have to be a member before you can have access. You can't reach a service in a bank unless you're a client of the bank. You should be given a unique token to a service. The TOR system is like that: you have a unique key to an object.
- How do you publish information and only want to make it discoverable, but only by the people you want it to be discoverable by?
- How do we enable a private name space per person?
- You might need an authorizing token to be in a certain namespace
- Can we think about addressing schemes that have local limited communication schemes where the quantity of information given out is different per context? I'll give Starbucks my first name, but not my full name and address.
- So do we do context and sphere cleanup? When was the last time you walked through all your friends on your facebook list to do some cleanup.
- Discoverability is a huge challenge
- I still don't know what your contact email address is and I end up using something else because it works rather than try to figure out something else.
- jabber/xmpp land is difficult because you have to find all those services
- The world needs search criteria that accesses meta-data beyond just names; we need to search relationships and other data too.
- People are very social people; kids learn to be social very early on. That is frequently how discoverability works. There is a large concept of out-of-band initial contact info sharing still. (you watch someone else find your instagram account while physically together).
- Social exclusion networks are maybe needed. EG, search results limitation through exclusion.
- Multiple contexts and spaces
- We have a lot of human decision making about relationships
- How do we create a positive system around all of these multiple authorities?
- What do most other people do without training? Is it just us that is concerned about these wall gardens and privacy?
- Machine to machine identifiers need context specific discover ability that often must translate to a human need in the end. A friend needs my printer, they must find me first via context. Thus, they must find the printer of Bob who is friends with Alice and Eve and works at this hospital in Sydney.
- Other thoughts
- What is the economic consequence of complexity?
- similar to bluetooth: how do we do out of band mechanism for binding?
- How do we evualuate the the various languages and cultures and how they deal with naming? They're each different and may need to influence any sort of long-term naming and context solutions
- people are invading the spheres we intended for a particular purpose because one friend is in multiple spheres
- Is it possible for the owner of an identity be in control of it?
- Thinking toward eventual goals
- One useful outcome would be to definite a property set in order to evaluate all of the multiple naming solutions that exist. It should not be up to us to define a solution, but we can create a set of evaluation criteria.
- Are we the right group to be doing this? A bunch of DNS geeks are likely not the right group of people to bring about a revolution that is as big as something like the RSA public keying mechanism. Who are the right people to get involved?
- For "today", we are not ready to define goals. But it is agreed that without goals at some point there is no purpose to meet. Consensus was "maybe we'll start defining goals in Prague".