Identity 2.0: can we move beyond the frivolous ?
This week I am inaugurating a first guest post with the inclusion of some thoughts from Mark O’Neill, Founder-CTO of Vordel and a guy who knows a thing or two about security in a webservices world (he wrote the book) and blogs about it too. It is a first post about identity 2.0 in a series on the topic. We are not trying to get technical here, just to ask the big, simple questions about about identity / authentication in a web2 world:
“In your blog, I’d be interested to read anything you come across concerning identity and Web 2.0. Who is thinking about this, from an identity perspective? It seems to me that it was server-side identity that drove e-Commerce, since it all exploded once SSL was bedded down and you could assign certificates to Websites. But Web 2.0 seems to be a lot more about the user identity. And the fact that the identity problem hasn’t been solved seems to be limiting Web 2.0 to fairly frivolous applications.
At one point, certificates were proposed as the way to do this, but now I think any startup pitching that that would have VCs spluttering their coffee across the table at them.
Microsoft and Google are both thinking about this, and Yahoo to a lesser extent (with their Flickr authentication Web Services API). Google is a lot more stovepipe than Microsoft’s Infocard approach (run by Kim Cameron — nice iceberg, Elastigirl).
It feeds into DRM too. You can’t license digital content without knowing that “you” are “you”. You can do it in a stovepipe manner and control the distribution, as Apple do, but it means that a record company (for example) can’t setup its own DRM-ed site easily because it needs to create its own customer identity-validation system (and users may not sign up because of the hassle of yet another login to remember).”
Well, we’ll explore this over time… Thoughts and ideas welcome.