Facebook. Who would’a thought.

Against my better judgment I have created a Facebook account. Sometimes I do these things just to see how they work. As I moved about the office I would see people interrupting their normal procrastinating web surfing with long visits to Facebook.

For anyone still reading this who doesn’t know what Facebook is I’ll provide a quick intro. It is an online social networking service that allows you to post up a picture of yourself and a simple profile. You then look for other people’s profiles that you know and then invite them to be friends. Simple… to begin with, but then the links form into networks. Within these networks information is shared and that is where it starts to get interesting…..

So now just watching my own Facebook profile I get a stream of the interesting, the creative, the playful, and (more often than not) the completely inane. It is strangely addictive, but already I have been linked to a couple of people that I have barely spoken to since leaving high school. And it felt good.

That seems to be part of the draw of these types of sites. It is not the silly little messages that appear all day, but the small smile that creeps onto my face when I read them and the tiny inspiration that I get when I see beauty in another’s photos. It is the micro emotional connections that they offer that somehow bring people together that I like.

The inspiration is to do it more in the offline world as well.

Who do You Trust?

FEDERATED DIGITAL IDENTITY

In the context of providing a strong authentication solution the concept of a Federated Digital Identity is often mentioned. This essay seeks to explore this concept to review and challenge the benefits that ‘Federation’ of digital identity management can provide.

However before discussion Federation the concepts of a Digital Identity and even Identity itself will be briefly discussed.

Read more

Identity Blog Comment

Yesterday I respondeed to Kim Cameron’s Identity Blog posting titled INTERVIEW ON OPENNESS AND PRIVACY, discussing an interview between Bill Gates and the Financial Times. I just wanted to get my comment up here in case Kim never authorises it on his site. He may not trust me.

Bill Gates: “That’s called federation, where we take their trust statement and we accept it, within a certain scope. So they don’t have to get another user account password. There’s no central node in this thing at all, there never can be. Banks are a key part of it, governments can be part of it. The US, probably not as much.”

This statement highlights the number one problem that a federated identity system is going to face – the federation of trust. Compared to the problem of trusting ‘trust’ identity management is a piece of cake. Yet the discussion continually seems to revolve around the sharing of identity secrets, but it is the trust of the owners of the identity secrets that is the greatest challenge. It is fairly clear that in the world today trust is an expensive commodity that is not easily transferable.

I believe that there needs to be a way of abstracting this trust problem to one or more (competing?) third parties. The question is ‘who do you trust’?

Identity Blogging

It is time to get this site going about more than just my ‘idle’ mumblings and out of date running updates. There is a topic of conversation that my career has revolved around like a satellite around a planet. It is the story of online identities and their use and misuse.

For me this has appeared in projects where two ISP businesses have brought their customers under one organisation and these customers do not have unique username to identify them selves to the new ISP. What! Two “Fred”s! Will the real “Fred” please step forward? Hmm, if only it was that simple. In the late ’90 when ISP’s and online portals were coming together this happened time and again, and it was always messy.

At around the same time the ‘kiddies’ got their hands on software that would allow them to steal passwords from customers in the school holidays. So now usernames and passwords are under siege. A single stolen password could be reused by the baddies over and over again without recourse.

Then spam came along and polluted the one personal identifier that the whole internet had agreed from the outset would be unique. Bugga. Stopping spam and protecting mailboxes became another major project. Without a way of identifying who the hell sent the spam in the first place, or even being sure who sent what looks like the good email, then all manner of arcane solutions had to be employed.

By now the ‘kiddies’ have grown up and are selling their password stealing skills to the spammers who are selling their spam networks to real criminals, who don’t want you email. They want your bank account. Enter the rise and rise of ‘phishing’.

So now I am looking at ways of improving on the humble static password. When was the last time you changed yours? Are you sure nobody else knows it?

All of these things tie right back to ‘identity’ (as the industry insists on calling it). Who am I? Who are you? And how do we prove it to each other in such a way that it doesn’t get in the way of what we were trying to do in the first place.

I want to talk about this here because there is a lot in this idle mind that I need to get out. I know this stuff and I hear some of the biggest names in many different industries grappling with the same problems and, in my opinion, in quite misdirected ways. This surge of blog energy was inspired by an interview with Kim Cameron on Microsoft’s Channel 9. I get frustrated because i believe that they are trying to solve the wrong problem, and as a result won’t get the outcome they are seeking.