Thursday, January 22, 2004, 11:56 PM

The Centrality of Identity

There is a community that is developing the concept that identity is key to the further evolution computing. Or at least to the evolution of computer security. I buy into that concept

If we only run programs from entities we trust, then we won't have viruses. If we know exactly who is sending us every email, we won't have spam. If we know exactly who it is who's coming into our digital systems, we won't have as many breaches. If we have better control over the identities in our enterprises, integration of applications could be done a lot faster and cheaper. Buggy software is just about the only security problem that cannot be addressed with the help of strong digital identity.

Phil Becker writes most eloquently on this topic in Digital ID World. One of his predictions for 2005 is that "there will be almost no security problem left that isn't seen as really being an identity problem". Here are a few of his articles making the case:

o Why the Identity Paradigm Matters (January 3, 2004)
o Telling the Identity Story (March 6, 2003)
o Panic Like Its 1984... (April 27, 2002)

Update (February 9, 2005):
o Predictions for Digital Identity in 2005 (January 6, 2005)
o Based on Ilya's comments, I'll change my claim: The root causes of vulnerability are usually in one of these three categories:
(a) bad security (buggy systems design; weak identity systems),
(b) bad software (buggy systems implementation), and,
(c) bad people (untrained or untrustable insiders).

2 Comment(s):

Blogger yale said...

If we only run programs from entities we trust, then we won't have viruses. If we know exactly who is sending us every email, we won't have spamThis is not precisely so and I can tell you why – a human factor. As you said trust is an emotion and is based on this factor. Besides of purposeful abuse issues such as disgruntled trustee etc, there is at least one more problem – all together shall behave. This is utopia otherwise we would not have a la “click-here” viral epidemics even these days in a first place. Once such illiterate/mistaken/naive person exists he can be abused and circle of trust can be compromised.

It can be very tempting to put digital identity as a silver bullet for almost everything. But strong digital identity hardly possible without human factor and human factor can be compromised one way or another.

10:56 PM  
Blogger P.T. Ong said...

Ilya is right. I left out one other source of security breaches. There's (a) lack of strong identity, (b) buggy software, and, (c) bad insiders. I don't claim to know which of these have predominance over which others.

1:44 AM  

Post a Comment

<< Home