|
|
|
Accountability is
the ability to hold an entity, such as a person or organization, responsible
for its actions.
|
|
|
|
Accountability is not
the opposite of anonymity or the same as total loss of privacy. The degree of
accountability is negotiated between the parties involved, as in Infocard,
for example; if there’s no agreement, then nothing is disclosed and they stop
interacting. In other words, the sender chooses how accountable he wants to
appear and the recipient chooses the level of acceptable accountability. If
the sender is not accountable-enough for the recipient, then the interaction
ends with nothing disclosed on either side.
|
|
|
|
Accountability
requires a consistent identifier based upon a name, a pseudonym or a set of
attributes. When the identifier is based upon a name, the recipient may use a
reputation service to determine whether the sender is accountable enough.
Should the sender behave unacceptably, then the recipient can “punish” the
sender by reducing the sender’s reputation.
|
|
When the identifier
is a pseudonym, it must be issued by an indirection service which knows the
true identity of the sender. When the sender behaves unacceptably, the
indirection service may be requested to reveal the real-world identity to
appropriate authorities by those authorities.
|
|
A set of attributes
being used as the identifier requires a certificate, or other claims
mechanism, from a trusted authority. When the sender behaves unacceptably or
the claimed attributes are proved to be false, then the trusted authority may
be contacted and asked to “punish” the sender by removing him from the
trusted authority’s list. Alternatively, the recipient may choose to remove
the trusted authority as not being accountable-enough.
|
|
|
|
Becoming accountable
does not necessarily mean disclosing anything about your real-world identity
thus protecting privacy.
|
|
|
|
Using accountability
as a mechanism for receiving network packets is much more difficult. Since
there is no end node, packets pass through nodes having no direct relation to
the sender, and the per-packet cost of accountability verification must be
very small to not impact network performance. This makes checking
accountability for network access very difficult.
|
|
|