Saturday, May 10, 2008, 8:57 PM

Access Agents

Access agents, which are a form of personal directories, are required to solve multiple problems in digital identity. Access agents should perform the user-centric, end-point management of user-id/password pairs, personal private keys, OTP (on-time password) seeds, OpenID tokens, etc. -- all the credentials an end-user possesses (and is expected to manage). Access agents should follow end-users around to all the end-points where human comes into contact with cyberspace. (I like to think of end-points as the 4P's -- PC's, PDA, phones, and portals.)

There are multiple reasons for end-point access agents:

1. Simplification of the user's world
2. Migration to multi-factor authentication
3. Integration

But the bottom-line is control. Control for the end-user in that he/she can finally stop worrying about dozens of access codes. And with better control comes the possibility of increasing security. Which also results in control for the enterprise in better security and more auditability. (Yes, the access agent can act as big brother for the enterprise.)

Dave Kearns has written a bunch on the need for personal directories. He sees most of the work on identity management, including OpenID and InfoCard, leading to a logical conclusion - the personal directory system.

Links to Dave's Articles
o May 2002, The need for a personal directory (
o January 2007, Someone else wants a personal directory! (