« Looking Back to 2009 | Main | I Can See APT From Here »



I can't help but think of a per-device type of authentication such as that used in DRM. Of course in DRM, it's the provider that's being protected. But there is also authentication. My device can read this eBook file but your device can't, for example. This is essentially used in the e-commerce side of the Kindle as well. We know it's me because it's my Kindle calling. This is the approach I would expect for this "new paradigm."

Of course, this is positive identification and privacy should be a big concern.

If an e-commerce site can have access to it, any site can. And if it all has to flow through a limited set of channels, then whoever owns those channels knows who exactly is doing what exactly.

You could limit the ability for a site to challenge, but this should lead to questions about net neutrality or an open web versus closed.

If we let some group decide what is a legitimate site that can challenge for this strong authentication, then established giants could start to bar entrance for their competition. Of course, a per challenge fee could have the same effect.

So hooray, username and password are dead! Alas, privacy will be a huge problem!

The comments to this entry are closed.