Identity 2.0
by Nick Shelness
Establishing identity and authenticating on the web are a mess. I doubt I’m alone in using the same user id and password over and over again. If they’re hacked once they can be employed a hundred times over. Yeah, some sites make you change your password at regular intervals, but how do you remember them? I write them down, and carry them with me. OK, they’re somewhat encoded, but ...
For some time now, there has been the possibility of improvement under the “Identity 2.0” banner. To the surprise of some (many?), a significant chunk of Identity 2.0 innovation has come from Microsoft, and no, no, no, it’s not “Passport”. It is expressed in two seminal papers: The Laws of Identity and The Identity Metasystem, both by Kim Cameron.
But this is not all. There is a Microsoft product. It’s called “CardSpace” (it used to be called “Info Card”). It ships as part of Vista. It also ships as an automatic XP upgrade, and there are a host of alternatives, including open source ones.
CardSpace and its analogues, on their own, are not a solution. They are a component, albeit a key one, of an Identity Metasystem. What needs to come next is for web sites (“Relying Parties”) to start requesting and employing CardSpace-managed security assertions. This in turn will create a demand for Identity Provision (yes, this is where ActiveDirectory and son of Passport come in).
Will this happen? It’s too early to say. But by seeding the digital world with CardSpace, Kim and Microsoft have taken us a long first step down this path, and IMHO done us all a big favor.
Comments
Nick, did you look at OpenID?
Yes. I've also looked at OpenID. I see OpenID and CardSpace as two cooperating components of the Identity 2.0 Metasystem.
I hope that Google decides to become a OpenID-Provider. I'd love to use my Google Account _everywhere_ in the Web to sign in. And I admit, that I have as well only few login und passwords that I choose in relation to my trust in the site. There's always that little men in my cerebral cortex telling me how careless I am, but who want's to remember dozens of passwords? And there's no really comfortable password safe solution yet ...
Nick, enjoy this legendary video with Dick Hardt:
http://identity20.com/media/OSCON2005/
Before OpenID et.al. become widespread, there is a nice solution, at least for browser passwords: Stanford's PwdHash.
Volker,
Perhaps I should have written
... create a demand for Identity Provision (this is where OpenID, Sxip, and yes, ActiveDirectory and son of Passport come in) ...
Cem,
Yes it's deservedly legendary. I thought about including it in my post, but decided it was one URL too many.
Jan-Piet
I agree that this approach blocks a password replay attack by creating a unique password generated from a common seed for every domain.
Post a comment
Recent comments
Kevan Emmott
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 20:57
Sudeep Reddy Sama
on N70 drops off the network in dual mode at 20:09
Volker Weber
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 17:37
Paul Mooney
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 17:26
Kevin Pettitt
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 16:36
Victor Toal
on Bluehouse does not support my browser at 16:33
Vince Schuurman
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 15:32
michel platoche
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 14:21
Ben Poole
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 13:11
Volker Weber
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 12:34
Ben Poole
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 12:27
Paul Mooney
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 12:12
Gregory Engels
on Lotus Vista? at 09:00
Bruce Elgort
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 03:24
Volker Weber
on Nokia E71 is currently winning at 23:31
Alejandro Aguilar
on Nokia E71 is currently winning at 23:29
Vince Schuurman
on Confirmed: new Apple notebooks next Tuesday at 10am PDT at 23:11
Bob Balaban
on Urban Myth: Microsoft is good at marketing at 22:01
Bob Balaban
on The Job at 21:55
Julian Woodward
on Black Ice prematurely escaped at 20:37
Arthur Fontaine
on Black Ice prematurely escaped at 17:39
Chris Linfoot
on Urban Myth: Microsoft is good at marketing at 16:58
Mathias Ziolo
on Urban Myth: Microsoft is good at marketing at 16:15
Ben Rose
on Black Ice prematurely escaped at 16:10
Paul Mooney
on Urban Myth: Microsoft is good at marketing at 15:22



