Tuesday, June 14, 2011

Identity for Data - MyDataClaims

I've been tinkering with a new concept (at least it's new for me). It's a way to prove that you were in possession of particular data at a particular time. I hope people will find this useful to protect copyright on their creative works, or a way to protect ideas before revealing them to others, or a way to keep rights to your own ideas that you had prior to beginning work for a new employer that makes you sign away your rights to ideas conceived while employed there, etc.

Anything you can represent digitally (even a sketch on a napkin can be digitally photographed) can be given an identifier, and be tagged with descriptive attributes. And a set of attributes including at least one identifier constitutes an identity (in this case identity for data). I call this identity a DataClaim.

A DataClaim is a signed SAML assertion about some data, with an identifier based on a hash of the data, and including attribute assertions about the individual in possession of the data, a timestamp, and some other info. It will be interesting to get some feedback on this concept. Please take a peek at the following URL:

It's not quite in production yet, but the functionality is pretty much in place. After my upcoming vacation I plan to generate a new keys and certificates for signing the SAML assertions, and then I'll declare an official launch of MyDataClaims.

Let me know what you think.


pwnguin.net said...

Seems similar to many other cryptosecure time stamping authorities. http://en.wikipedia.org/wiki/Trusted_timestamping

=marty said...

Yes, it's pretty similar. Thanks for the wikipedia link; it contains pointers to other specs that I hadn't previously heard about.

MK said...

You should be able to do this using hash trees - no signature and no need for secret/private keys. Routine publication of the hash in a newspaper was the low tech way to do this. There is at least one commercial offering of this, from memory, in Japan and in New York Times.