Accountability
is the ability to hold an entity, such as a person or organization,
responsible for its actions.
Accountability
is not the opposite of anonymity or the same as total loss of privacy. The
degree of accountability is negotiated
between the parties involved, as in Infocard, for example; if there’s no
agreement, then nothing is disclosed and
they stop interacting. In other words, the sender chooses how accountable he
wants to appear and the recipient chooses
the level of acceptable accountability. If the sender is not
accountable-enough for the recipient, then
the interaction ends with nothing disclosed on either side.
Accountability
requires a consistent identifier based upon a name, a pseudonym or a set of
attributes. When the identifier is based
upon a name, the recipient may use a reputation service to determine whether
the sender is accountable enough. Should
the sender behave unacceptably, then the recipient can “punish” the sender by reducing the sender’s reputation.
When the
identifier is a pseudonym, it must be issued by an indirection service which
knows the true identity of the sender. When
the sender behaves unacceptably, the indirection service may be requested to
reveal the real-world identity to
appropriate authorities by those authorities.
A set of
attributes being used as the identifier requires a certificate, or other
claims mechanism, from a trusted authority.
When the sender behaves unacceptably or the claimed attributes are proved to
be false, then the trusted authority may be
contacted and asked to “punish” the sender by removing him from the trusted authority’s list. Alternatively, the recipient may
choose to remove the trusted authority as not being accountable-enough.
Becoming
accountable does not necessarily mean disclosing anything about your
real-world identity thus protecting
privacy.
Using
accountability as a mechanism for receiving network packets is much more
difficult. Since there is no end node,
packets pass through nodes having no direct relation to the sender, and the
per-packet cost of accountability
verification must be very small to not impact network performance. This makes
checking accountability for network access
very difficult.