ID mgmt. without all the complexity

Opinion
May 30, 20053 mins

In the 1980s, PCs entered the enterprise through the backdoor. Employees snuck them in while MIS wasn’t looking, then used that new-fangled ‘local area networking’ to hook them together within departments.

In the 1980s, PCs entered the enterprise through the backdoor. Employees snuck them in while MIS wasn’t looking, then used that new-fangled “local area networking” to hook them together within departments.

In the 1990s, Windows entered the enterprise through the backdoor as employees, used to the “wow” factor of a GUI on their home machines, snuck in Windows computers, or forced beleaguered IT personnel to order the new interface for them.

In the late 1990s, instant messaging entered the corporate network through the backdoor as employees took the tools they were using to communicate with their friends and turned it into a way to set up lunch dates with colleagues, contract meetings with partners and sales calls with both clients and vendors.

What technology will be brought in the backdoor of the enterprise this decade?

Public Key Infrastructure (PKI) has been around for more than 15 years. It’s always being proposed as the way for secure identity and access management to occur. And it never quite caught on. It’s clunky to use, obtuse to learn and users are just not convinced that they want to use it unless they absolutely have to.

Now the experience gained in two different areas of consumer browsing might be brought together as a way to build identity management from the ground up, rather than from the top down.

PKI supposedly is about trust, but in real life we trust people based on their reputation (at least, their reputation as we see it). People’s experience with eBay (which gathers feedback on transactions) as well as ratings for reviewers and vendors at sites such as Amazon.com or pure opinion sites such as Epinions or TripAdvisor are making the possibility of building a “trust metric” for online people much easier.

Social networking (such as LinkedIn, Friendster, Match.com and many others) let people build their own identity online. One outgrowth of this phenomenon is the rise of identity networks such as Sxip and LID which let people build their own personal identity object in coordination with a referring network (see www.sxip.com if you’re not sure what that means).

Now take the pioneering efforts of Sxip and add to it reputation feedback and you can come up with an identity-management system that bypasses PKI, Liberty Alliance, Microsoft, IBM, Sun, Novell and all the other top-down players to bring real identity management in to the enterprise through the backdoor.

Kearns, a former network administrator, is a freelance writer and consultant in Silicon Valley. He can be reached at wired@vquill.com.