Cryptographer Stefan Brands has a new company, Credentica, that allows people to disclose personal information while maintaining privacy and minimizing the threat of identity theft.
I know Stefan; he's good. The cryptography behind this system is almost certainly impeccable. I like systems like this, and I want them to succeed. I just don't see a viable business model.
I'd like to be proven wrong.
My take is that every day the barriers get smaller, the people coming into the work place now, so called digital natives, understand the utility of information assets and have a far greater understanding of threats - Paul Madsen:
My 5-yr old daughter, on the burden of remote identity management (trying to access her Webkinz account from a friend's house)
I couldn't get on because I didnt have my username but I had my secret code so I was able to get my password changed.
I don't think we need be concerned about the abilities of her generation to adapt to new identity models - they'll do just fine.
Perhaps then we should stop worrying about 'My Mother' as the average user for which we design identity systems and skip to the grandchildren - far less constraining.
Could not agree more with Paul's sentiments, not saying that we let go of usability or anything, but things are changing pretty quickly. Security protocols have a long lifespan, we really only have two working security mechanisms - the reference monitor and crypto, we should not be afraid of adding a third, or making the aforemention faster/better/cheaper to implement. Speaking of which, anybody looked at Vidoop?
Gunnar Peterson teaching Web Services Security training, NYC, March 10-11