Comments on: How Hard Would This Be? http://www.blindside.org.uk/2007/07/07/how-hard-would-this-be/ What's going to go wrong in our e-enabled world? Tue, 06 Jan 2009 03:43:06 +0000 http://wordpress.org/?v=2.3.1 By: wendyg http://www.blindside.org.uk/2007/07/07/how-hard-would-this-be/#comment-536 wendyg Fri, 13 Jul 2007 12:46:23 +0000 http://www.blindside.org.uk/2007/07/07/how-hard-would-this-be/#comment-536 I think there are two problems here. 1) Any identity software, even software you run on your own machine, has to be thoroughly secured. Verifying that is a constant problem. Also, one problem with security hosted on user's own machines is the sort of problem we have now with raging spam: most users are not capable of securing their own machines. (Plus you have the ancillary problems of authenticating who used the machine when x crime was committed, or gaining access to systems when Aunt Myrtle dies and no one knows her passwords). 2) Banks and other organizations do not trust users. Nor do they seem to understand that today's world requires two-way authentication. They believe *they* need to control user identity so they can be sure they can trust the system. So even if you have an identity system on your machine, to do business with others you'll wind up having to use their systems. So instead of simplifying things you're complicating them. Unless I've misunderstood what you're driving at. But this is a problem that, as Ian says, a lot of people are trying to solve. I think the significant problems are cultural and organizational rather than technical. wg I think there are two problems here.

1) Any identity software, even software you run on your own machine, has to be thoroughly secured. Verifying that is a constant problem. Also, one problem with security hosted on user’s own machines is the sort of problem we have now with raging spam: most users are not capable of securing their own machines. (Plus you have the ancillary problems of authenticating who used the machine when x crime was committed, or gaining access to systems when Aunt Myrtle dies and no one knows her passwords).

2) Banks and other organizations do not trust users. Nor do they seem to understand that today’s world requires two-way authentication. They believe *they* need to control user identity so they can be sure they can trust the system. So even if you have an identity system on your machine, to do business with others you’ll wind up having to use their systems. So instead of simplifying things you’re complicating them.

Unless I’ve misunderstood what you’re driving at. But this is a problem that, as Ian says, a lot of people are trying to solve. I think the significant problems are cultural and organizational rather than technical.

wg

]]> By: Chris R http://www.blindside.org.uk/2007/07/07/how-hard-would-this-be/#comment-489 Chris R Mon, 09 Jul 2007 13:02:56 +0000 http://www.blindside.org.uk/2007/07/07/how-hard-would-this-be/#comment-489 Not sure I quite follow all of that (Tamper Alarm??). But there's a ton of work going on in this area. Here are some starting points: http://www.identityblog.com/ http://openid.net/ http://www.credentica.com/ http://www.eclipse.org/higgins/faq.php Not sure I quite follow all of that (Tamper Alarm??). But there’s a ton of work going on in this area. Here are some starting points:

http://www.identityblog.com/
http://openid.net/
http://www.credentica.com/
http://www.eclipse.org/higgins/faq.php

]]> By: Ian Brown http://www.blindside.org.uk/2007/07/07/how-hard-would-this-be/#comment-473 Ian Brown Sat, 07 Jul 2007 07:46:22 +0000 http://www.blindside.org.uk/2007/07/07/how-hard-would-this-be/#comment-473 See the argument that raged over several years about this feature in P3P, which was removed because of privacy concerns. See the argument that raged over several years about this feature in P3P, which was removed because of privacy concerns.

]]>