Thursday, January 22, 2004, 11:56 PM

The Centrality of Identity

There is a community that is developing the concept that identity is key to the further evolution computing. Or at least to the evolution of computer security. I buy into that concept

If we only run programs from entities we trust, then we won't have viruses. If we know exactly who is sending us every email, we won't have spam. If we know exactly who it is who's coming into our digital systems, we won't have as many breaches. If we have better control over the identities in our enterprises, integration of applications could be done a lot faster and cheaper. Buggy software is just about the only security problem that cannot be addressed with the help of strong digital identity.

Phil Becker writes most eloquently on this topic in Digital ID World. One of his predictions for 2005 is that "there will be almost no security problem left that isn't seen as really being an identity problem". Here are a few of his articles making the case:

o Why the Identity Paradigm Matters (January 3, 2004)
o Telling the Identity Story (March 6, 2003)
o Panic Like Its 1984... (April 27, 2002)

Update (February 9, 2005):
o Predictions for Digital Identity in 2005 (January 6, 2005)
o Based on Ilya's comments, I'll change my claim: The root causes of vulnerability are usually in one of these three categories:
(a) bad security (buggy systems design; weak identity systems),
(b) bad software (buggy systems implementation), and,
(c) bad people (untrained or untrustable insiders).