November 13th 2007
Who are you? Who am I?
We’ve all been there. You remembered you created an account on xxxyyyzzz.com, but can’t remember the password or the account name. You search through your e-mail, but can’t remember who sent you that confirmation mail. And you have enough of them. That’s it. You’re note going to create yet another digital identity.
Identity on the net is an important issue. On one side, you got to be careful of the electronic trail you leave. On the other hand, you need to make it easier on yourself and limit the number of account names and passwords you use, so you end up using the same password everywhere. I’ve reached the point that if I can’tregister the username ollej, my interest fades away… I don’t want help from my web browser to remember, but I know a lot of people do. Changing to another computer is a crisis situation for them. And letting the web browser handle your accounts is not a very secure solution.
Identify is an important part of the security framework. It’s about claiming to be someone (or something) and be able to prove it. It’s very often called AUTHENTICATION. But that’s not all of it. There are different needs for how to prove your identity in different situations. The requirement of a 100% correct identity is lower on Facebook than some other sites, like your Internet bank. A few years ago some people claimed that all secure transactions on the net required 200% security, everything being tied to your social security number. That was proven itself to be incorrect - and you have to compare with daily life. How manytimes have you asked your collegues for a passport and a DNA-test?
In VoIP, identification will become important. The PSTN network has a lot of flaws in regards to handling of Caller ID numbers and names. There’s only trust between operators, and it’s easy to work around it. We can do much better in VoIP, so that you will know with a bit more trust who’s calling- if and when you need to know. Good identification will make it easier to avoid SPIT, spamming in the IP telephony network.We need to tie all of this together. Create good identity handling for our users and support the open movements for decentralized identity systems that are now growing on the Internet.
Orange, a french cell phone service provider, just announced that they will authenticate all of their subscribers with the OpenID standard. In France, there’s nothing better than a telephone bill to prove that you exist and it’s a naturalmove for a telco. OpenID is a solution created by engineers in Verisign together with other companies. In fact, even Microsoft has shown interest.
OpenID a distributed platform where you create one or several identities in a trusted place and use these for logging in toother systems. It only solves one issue, not all of them, but does it in an elegant way. You can run your own OpenID server oruse someone elses. This means that different OpenID services will have different values depending on how the identity is connected to you as a real-life person or your company as a legal entity. One account for several services. And they won’t have your password stored in their systems at all.
Better identity systems are an important part of the new net, the personal communications platform. We need to solve this in a distributed way, following the Internet architecture. OpenID is a huge step forward.
Yours truly - or? Are you sure?/O
No Comments yet »
