As I May Think...

On his blog, Drummond Reed riffs on some comments I recently made on the OpenID General mailing list concerning the persistence of identity. The upshot is that we should be more aware of the attribute "persistence" when discussing identity systems. This is particularly true when identity systems are intended to model "numerical identity" -- normally assumed to persist -- rather than the often more plastic attributes of qualitative identity.

To better illustrate the issues in this discussion, I propose that we update the well-known "Zooko's Triangle" and create a "Pyramid" that adds the attribute "persistence" to the attributes "Memorable," "Secure," and "Global" which are already included in Zooko's Triangle.

The argument made by Zooko's Triangle is that no naming/identity scheme can provide all three of the attributes Zooko considers essential metrics of identity systems. For instance, while you might be able to build a "Secure and Global" naming system, in doing so, you would undoubtedly need to use identifiers that were not "memorable" -- at least not by mere humans. The importance of these three system attributes and the difficulty of producing systems which provide all three is generally well accepted by those in the naming/identity business.

To the three attributes or axes of Zooko's Triangle, we need to add a fourth axis or dimension which is "Persistence" (i.e. that which relates to the difficult and controversial subject of Identity over Time). The result is a pyramid which allows us to better model constraints on the universe of achievable identity systems. For any of the three traditionally recognized attributes, we need to ask the question "For how long?" (e.g. For how long will an identifier be memorable? For how long will an identity system be secure? What determines the period of time during which a globally unique identifier can be considered "global?")

The debate over programming languages often seems to take on a near religious quality -- now the proponents of the Python language may have some history on their side... It seems that PyGod is the oldest known god of homo sapiens...

Science Daily recently reported that Sheila Coulson of the University of Oslo has discovered the oldest known "ritual" site in a region of Botswana known as Ngamiland and inhabited by the San people. Apparently, this site was dedicated more than 70,000 years ago to worship of a Python God...

Now, we may finally know the language used by the "intelligent designer"...

I can't help wondering if this means that truly dedicated Python programmers will have to prove their worthiness by making at least one pilgrimage to the land of the San people in order to pay respects to the PyGod. Will this help Botswana tourism? Perhaps we'll see the San, as current custodians of the PyGod's den, adopted by the Python community as a focus of charitable giving... Bill Gates' efforts to help Africa, as far as those efforts effect the San, may have results he did not expect. Why code in C# when the PyGod clearly would prefer Python?

bob wyman

[Updated 9-Dec-2006: The recommendations discussed below were later rejected by NIST. See the discussion of this insanity on /...]

A technical group sponsored by NIST, the US government's standard setting organization, has issued a draft report condemning the use of electronic voting. The NIST report calls for paper trails and builds on an earlier paper by Ron Rivest (of RSA fame) and John Wack which defined the concept of "Software Independence" in voting systems: The idea that voting systems should allow election officials to recount ballots independently of voting machine' software. The Washington Post correctly points out that this report "repeats the contention of the computer security community that "a single programmer could 'rig' a major election."

The report states:

... the lack of an independent audit capability in DRE [Direct Recording Electronic] voting systems is one of the main reasons behind continued questions about voting system security and diminished public confidence in elections. NIST does not know how to write testable requirements to make DREs secure, and NIST’s recommendation to the STS [Security and Transparency Subcommittee] is that the DRE in practical terms cannot be made secure. Consequently, NIST and the STS recommend that VVSG 2007 should require voting systems to be of the SI [Software Independent] “class”...