The next generation of Identity

September 29, 2006

Yahoo’s Identity Silo

Filed under: Events, Media — Dick @ 3:02 pm

Yahoo has joined Google’s silo building by releasing BBAuth, a mechanism for other sites to access services and data within the world of Yahoo.

Unlike Google’s Account Authentication, Yahoo is allowing their service to be used for SSO and registration.

BBAuth is clearly targeted at Web 2.0 site developers, encouraging them to build apps on the Yahoo platform so that they get access to all those Yahoo users.. While I understand how this helps Yahoo strengthen their relationship with their users, it would seem Yahoo did not learn what Microsoft learned with Passport, as Yahoo is deepening their identity silo, rather then participating in the emerging identity infrastructure.

September 1, 2006

Authentication methods

Filed under: Events, Media — Dick @ 9:44 am

Phil Becker wrote a post on Identity substitutes, tokens and proxies over at ZD Net. Here is the opening paragraph:

We frequently use proxies for identity when the real thing is difficult, inconvenient, or unnecessary to validate. This applies especially in the realm of authentication, as the only true identity based authentication technologies available are biometric. Everything else is an approximation of identity validation to some acceptable degree of risk or certainty. So we often authenticate the identity of one or more things and use the result as an identity proxy or substitute.

The rest of the post provides a day in the life of Adrian has he authenticates himself.

I take issue with Phil’s distinction that biometrics are the only true authentication technology. Biometrics are just harder to copy, and harder to lose. Someone can lift my fingerprint from the case of my laptop, create a facsimile and use that with the fingerprint reader. A fingerprint can actually less secure in some ways then a password. No authentication technology is 100%, just like nothing can be 100% secure. Adding multiple factors to authentication is how we increase certainty.

In Phil’s article he describes how Adrian has a car key that allows him seamless access to his auto. The car is not authenticating Adrian though, it is detecting someone with the key is nearby, and configures the car to the preferences the key holder has. That is why Adrian can give his key to a valet, and the valet can drive . The car does not care if it is Adrian or not.

August 31, 2006

Sun’s Open SSO - too little, too late?

Filed under: Media, Identity Tech — Dick @ 9:01 am

Dana Blankenhorn from ZDNet wrote the following on Sun’s recent Open SSO announcement:

Sun has released its Single Sign On technology under the CDDL giving it the name Open Source Single Sign On (Open SSO), with a roadmap that would make it a federated identity solution across multiple sites.

The code is based on its Java System Access Manager.

The question I have is, could this be too little, too late for federated identity?

Dana continues with

The idea of having a single sign-on for multiple sites has been kicking around for over a decade. It was one of the first concepts I heard, once people started talking about requiring registration.
But it hasn’t happened.

Not that it hasn’t been tried. Remember Microsoft Passport? It’s now called Windows Live ID. Lots of Microsoft sites use it. No one else does. Or what about the Liberty Alliance? They are still around. Sun was one of the original sponsors. Have you used that lately? I haven’t. How about Ping Identity?

OUCH! Dana then goes on to critique the license …

The fact that this code is under the CDDL doesn’t give me a warm feeling, either. I think a key to getting some form of federated identity going would be to put it under the Apache project, which runs so many commercial Web servers, and (not being a lawyer) I don’t know if the CDDL is really compatible with the Apache license.

I agree whole heartily with this point. Developers are not going to want to figure out licensing, and why I often have selected the Apache license for code to be released under.

Next Page »

Powered by WordPress