cacert-policy - Re: [CAcert-Policy] What's the name for?

Subject: Policy-Discussion

List archive

Re: [CAcert-Policy] What's the name for?

From: Ian Grigg <iang AT systemics.com>
To: cacert-policy AT lists.cacert.org
Subject: Re: [CAcert-Policy] What's the name for?
Date: Mon, 25 Jul 2005 23:46:37 +0100
List-archive: <http://lists.cacert.org/cgi-bin/mailman/private/cacert-policy>
List-id: Policy-Discussion <cacert-policy.lists.cacert.org>

On Friday 22 July 2005 15:48, Duane wrote:

> >>5.  do we key everything on some external
> >>    datum or on our own internal number?
> >
> > I don't understand completely what you mean here.
>
> The system uses it's own internal number, but assurers utilise name,
> date of birth and email address as key points to identify an individual.

Right, that's the issue there.  In identifying people
or things, we have a choice between using an
existing identifier or making our own.  This is a
tricky question when it comes to storing people
identity.  One could argue that things like SSNs,
TINs, and passport numbers are the best but they
are also subject to legal restrictions (in Australia,
storing on TINs will get you more than a slap on
the wrist).

Names are fudgeable.  They simply aren't that
good at uniquely identifying people.  Adding
DOBs helps some but doesn't change the problem.

Banks and other institutions solve this problem by
creating account numbers.  That is, the number
becomes the identifier for the relationship between
the individual and the bank.  In relational terms,
this is much cleaner, as the account number can
then point to other information such as the collected
due diligence, and also to other things like alternate
aliases.  Once you have a number there is no need
to worry overly about using the name, that's just one
of those additional details.

It would seem that one way to move forward would
be for everyone to use numbers, and then the
assessors would simply create a new record (let's
call it a Due Diligence Record) that documented
their check on number #1234 that found these
ID docs.

The reason for this is that they don't even then
need to ensure who the person is.  A later phase
by another person called an "allocator" could
simply allocate the points based on how close
it all was.

I'm whiteboarding here... I can see drawbacks in
this notion.  But it's important to examine all aspects
of how this data is stored, as we are entering a new
phase in the life of data and the individual.

iang
--
Advances in Financial Cryptography, Issue 2:
   https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting

Re: [CAcert-Policy] What's the name for?, (continued)
- Re: [CAcert-Policy] Changing Name and Points, Duane, 07/20/2005
  - Re: [CAcert-Policy] Changing Name and Points, Russell Smith, 07/20/2005
    - Re: [CAcert-Policy] Changing Name and Points, Duane, 07/21/2005
  - Re: [CAcert-Policy] Changing Name and Points, Florian Lohoff, 07/21/2005
- Message not available
  - Message not available
    - [CAcert-Policy] Re: What's the name for?, Philipp Gühring, 07/22/2005

List archive

Re: [CAcert-Policy] What's the name for?