A new approach to identity management?

From Technology Review

As more services migrate online, and as tactics of identity thieves become more sophisticated, people will need better ways to manage their information, says Nataraj Nagaratnam, chief architect of identity management for IBM Tivoli.

Nagaratnam and other IBM researchers have developed open-source software that they think can help. Called Identity Mixer (Idemix), the digital identity management software lets people make online transactions–from filling out forms to purchasing plane tickets–without disclosing personal information. The software lets a person use artificial identity information, in the form of digital “tokens,” to make online transactions. Using these encrypted tokens, which are issued by trusted sources such as the Department of Motor Vehicles (DMV) or a bank, a person can effectively be anonymous to Web services such as Amazon.com or Expedia, never giving out his or her information.

In a typical online purchase, Idemix could obviate the need for a person to fill out a form or reveal her credit-card number. Instead, she could use a token that vouches for her, verifying that she is who she says she is and that she has the appropriate funds and credit to make a purchase.

In addition, these tokens would provide only the information that is needed. For instance, if you’re renting a car online and need to verify that you’re older than 25, a token from the DMV could verify that you can legitimately rent without divulging your birth date, license number, or address. Otherwise, you reveal more than you need to about yourself, says John Clippinger, senior fellow at the Berkman Center for Internet and Society at Harvard Law School. “It’s like using a passport when you buy a Coke.”