- Windows HPC hits top 10 among supercomputers
- Ruby on Rails rolls into the enterprise
- Mobile phone chargers are energy vampires
- 10 IT security companies to watch
- Researchers getting the lead out of electronics
Looking at the development of different technologies in the last two decades, I am amazed at the vast difference between how a technology was first envisioned and how it ended up being implemented.
You start with a tightly coupled, hierarchical, centralized design by committee. Invariably, an august organization is chosen to run it: a phone company, the postal service, the government, a big vendor. Examples of this type of design are: X.25, X.500, X.400, PKI and Microsoft Passport (Windows Live ID). The design languishes for years while politics and control issues prevent its implementation. Then some organization, committee or coder takes the original design, strips it down and implements it as a more loosely coupled, decentralized, ad-hoc version. See IP, SMTP, DNS, Lightweight Directory Access Protocol, the Web and OpenID.
It’s almost like we can’t believe that anything ad-hoc and decentralized could possibly work. If no one is in control, it’s anarchy. It is — but modern technology abounds with examples of "healthy anarchy" such as Wi-Fi or the Web. There’s a lot of junk and risk, but the flexibility of ad-hoc more than compensates for the anarchy.
OpenID is a great example of a technology borne out of the failure of centralized schemes. Simply put, OpenID is a decentralized user-centric identity framework. It replaces dozens of username/password pairs with a single Universal Resource Identifier (URI). Let’s say I wanted to have a unique ID that was under my control. I create an ID on an OpenID compliant identity server and add a link to it on my personal Web site, Web page, blog and so on. Thereafter, I use my Web address (say www.antonopoulos.com) as my logon identifier on various sites. Instead of registering a separate ID on each site, I hand them my URI and the Web server I am visiting hands off the authentication to my chosen identity vendor.
How secure is OpenID? The framework is a better approach than trying to keep track of dozens of scattered IDs. As for the security of each OpenID, that depends on the identity server. You can pick and choose depending on the level of security, anonymity or convenience you need. I might have multiple OpenID handles for blogging, banking or shopping — some anonymous, some pseudonymous, some notarized, some requiring two-factor authentication with biometrics. Or, I also can use a service that auto-generates bogus throw-away IDs on-demand.
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
RE: OpenID: User-centric identityBy noj on October 31, 2007, 11:43 amOpenID supports the requirements of: authentication, authorization and/or access control, and to explain what is meant by "user-centric" in this context . In doing...
Reply | Read entire comment
View all comments