Friday, February 09, 2007

Within Six Degrees

There is a saying that we are within "six degrees of everyone in the world". At least, that was the saying when I was growing up and we believed there were 4 billion people on the planet - maybe it is seven now!

Anyway, knowing someone, who knows someone else, who knows someone else, etc., etc. seems a little fanciful, doesn't it? Not really...

I found out recently that I am only 3 degrees away from David Kearns - a man whose work I read every week and I have the utmost respect for, though sadly, I have no contact with. Having said ithat, I did sit beside him at lunch one sunny day in 2004 at an Identity Conference in Sydney, Australia!

How did I find this out? http://www.linkedin.com/ that's how!

I know someone, who knows someone else, who knows David. Judging by the number of contacts David has on LinkedIn, I might be only four degrees away from everyone on the planet.

Anyway, http://www.linkedin.com/ is quite a powerful tool in that only people I truly respect and trust are listed as my contacts. I'm quite sure this is true of most people who use http://www.linkedin.com/. Why is this relevant? Well, the ability to verify who you are isn't just a matter of producing a passport, or entering a UserID/Password into a keyboard, or typing a PIN into a "hole in the wall", or using any of the myriad of authentication devices available today. In the old days, verifying your identity could have been as simple as having someone else "vouch" for you.

This still occurs today to some degree - joining some exclusive clubs is more a matter of who you know rather than who you are or what you know! Password resets could potentially be performed in the work-place not by the forgetful employee herself, but by her colleague who is already trusted (although ideally, two colleagues).

Can we computerise the concept of a vouch-for authentication system in the future? Maybe. And maybe, it will be social networks like http://www.linkedin.com/ that will hold the key. After all, I'm not going to let any Tom, Dick or Harry be listed as a contact against my name! My identity is too precious to have it be let down by some unsavoury type!

BTW... If you are desperately interested, my LinkedIn profile can be viewed at http://www.linkedin.com/in/stephenswann.

Thursday, February 08, 2007

Open ID get MS Backing

I typically try to talk about technology in the enterprise which is why I haven't yet mentioned Open ID on this blog - while I approve of the concept and the ideas which the Open ID group are working towards, I don't see that it is something that enterprises looking for staff authentication mechanisms are ever going to have to look into.

However, in the big bad world that is the WWW, a more joined-up approach to user authentication is no longer a nice-to-have. It is an absolute necessity. Personally, I dread to think just how many UserIDs I have online - my last count was ~150 and that is just a record of the ones I have recorded (securely, of course).

According to the BBC (http://news.bbc.co.uk/1/hi/technology/6339813.stm), the Open ID group have been given a boost by the news that Microsoft will give it their backing to the extent that they will share their own technology with the Open ID developers. This has got to be good news if only from the perspective that it will raise awareness of Open ID. After all, an article on the BBC website will only do it the world of good.

Microsoft are to bring their Infocards technology to the Open ID table. (Kim Cameron demonstrates the power of Infocards on MSDN TV: http://msdn.microsoft.com/msdntv/episode.aspx?xml=episodes/en/20060209InfoCardKC/manifest.xml). So are we likely to finally get our joined-up-thinking as for as identity and access control on the internet are concerned? Looks that way, but it's still going to take time.