Tuesday, June 14, 2011

Identity for Data - MyDataClaims

I've been tinkering with a new concept (at least it's new for me). It's a way to prove that you were in possession of particular data at a particular time. I hope people will find this useful to protect copyright on their creative works, or a way to protect ideas before revealing them to others, or a way to keep rights to your own ideas that you had prior to beginning work for a new employer that makes you sign away your rights to ideas conceived while employed there, etc.

Anything you can represent digitally (even a sketch on a napkin can be digitally photographed) can be given an identifier, and be tagged with descriptive attributes. And a set of attributes including at least one identifier constitutes an identity (in this case identity for data). I call this identity a DataClaim.

A DataClaim is a signed SAML assertion about some data, with an identifier based on a hash of the data, and including attribute assertions about the individual in possession of the data, a timestamp, and some other info. It will be interesting to get some feedback on this concept. Please take a peek at the following URL:


It's not quite in production yet, but the functionality is pretty much in place. After my upcoming vacation I plan to generate a new keys and certificates for signing the SAML assertions, and then I'll declare an official launch of MyDataClaims.

Let me know what you think.

3 comments:

pwnguin.net said...

Seems similar to many other cryptosecure time stamping authorities. http://en.wikipedia.org/wiki/Trusted_timestamping

=marty said...

Yes, it's pretty similar. Thanks for the wikipedia link; it contains pointers to other specs that I hadn't previously heard about.

MK said...

You should be able to do this using hash trees - no signature and no need for secret/private keys. Routine publication of the hash in a newspaper was the low tech way to do this. There is at least one commercial offering of this, from memory, in Japan and in New York Times.