[OpenID] OpenID and e-journals

Bob Wyman bob at wyman.us
Fri Dec 29 18:43:49 UTC 2006 

On 12/29/06, Valerie <vlecharl at gmail.com> wrote:
>Oh yes, I can understand that IP recognition is insecure and
privacy-invading.

Security and privacy aren't the only problems... As you pointed out in your
emails, another problem is that reliance on IP address for identity results
in creating a larger class of authorized users than the one you wish to have
authorized. Essentially, what is happening here is that you're being forced
to accept "attribute based" or "qualitative" identity when what you want is
numeric or "countable" identity.

By pinning licenses to the numerically unique IP address, Wiley is
essentially giving you a license based on the attribute or quality of "those
who use the IP address" -- i.e. employees of the company. They are then
charging you based on the number of people who are in the class of "users of
the IP address." However, what you seem to want is to identify a group of
countable individuals who are a subset of those who share the attribute
"users of the IP address." Undoubtedly, Wiley will tell you that this would
be nice, but due to the vagaries of computer systems, they simply don't have
the ability to be more granular. This is, of course, a very standard trick
to force an "up-sell" of metered or controlled access services. You end up
buying more than you want but the vendor justifies it by pleading that you
have provided capabilities to a large class.

This is precisely the sort of silliness that got me into the "Software
licensing" business back in the 80's. That business is now known as "Digital
Rights Management" or DRM. Our initial motivation was to drastically improve
the range of licensing techniques that could be applied -- in an attempt to
better serve our customers' needs (at Digital). Thus, we built systems that
could associate licenses with any arbitrary numerical or qualitative
identifier. However, even though we've known for almost 20 years now how to
build flexible licensing or DRM systems, most users of such systems have
found that clients are so ignorant of the technical possibilities that it is
quite easy to force them accept licensing and DRM schemes that are not in
their interests.

One positive side effect of improving the "identity" infrastructure may be
that in the future, it will be harder for vendors to force customers to
accept licensing based on qualitative identity when what customers often
want is licensing based on numeric identity.

bob wyman
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20061229/cbc95eb0/attachment-0002.htm>

More information about the general mailing list