The End of Passwords is Neigh
Until I read this in The BBC today about proof of online identity, I realised I had missed Bill Gates' speech on the subject last week . Basically Gates is saying "out with passwords, in with InfoCards".
Whilst TW readers may be skeptical about letting M$ loose with their identities, he does have a point about the web struggling towards a solution for online identification (I have had to fax documents that need a signature, for example). And the BBC makes a good point about gratuitous identity theft when leaving blog comments (cornwall disappears to add some juicy comments to blogs under other peoples names )
Microsoft has described InfoCard as a technology that gives users a single place to manage various authentication and payment information, in the same way a wallet holds multiple credit cards.InfoCard is Microsoft's second try at an authentication technology after its largely failed Passport single sign-on service, unveiled in 1999.
Microsoft on Tuesday announced the first beta of Microsoft Certificate Lifecycle Manager, a tool meant to streamline provisioning, configuration and management of digital certificates and smart cards, the company said.
When it comes to online identity, it's clear that Microsoft has looked closely at the work of the Liberty Alliance, an industry consortium that has been struggling for years to persuade users and service providers that digital identity is a serious problem.Their approach is based on what they call a "federated identity". Each organisation I deal with, whether it's a bank or a bookseller or a government department, keeps its own data, but once one of them knows who I am then the others will accept that identity.
One area that has achieved too little attention is the growing use of comments in blogs and news pages. Many blogs will let you post comments under any name you like, since all they try to check is that you are a real person rather than a spam-posting piece of software.Even reputable news sites often only check that the e-mail address you have given is valid, but make no effort at all to verify that you are who you claim to be online.
VeriSign wants in on that
VeriSign wants in on that market too. They are looking from sort of mobile device angle.
IMHO they should make their
IMHO they should make their signing of software w/certificates work first... It's a total mess, let alone finding (a place to purchase) the right certificate in the first place... And here we're talking about people willing to pay money and go through some amount of hassle to identify themselves..
identity verification
I found the last section of that article really interesting (subtitled "Is that me?"), because the company I work for, Trufina, is doing exactly that. We verify a person's identity then give them a credential they can use on other sites, whether they are blogs, auction sites, or whatever. We haven't tied it in with any of these authentication standards yet, but it's a natural fit and should be pretty easy once things get established.
Sounds to me like MS wants
Sounds to me like MS wants to revive/rebrand Passport.