26 October 2003
DIDW: A physical key
The Sandström family from Espoo, Finland, found their neighbour smiling from their TV because they'd failed to change the default password on their receiver.
Devices are network endpoints too, so must have identities of their own. Nico Popp (from VeriSign), speaking at Digital ID World, suggested that a range of credentials - and perhaps combined credentials - is required. He also argued that it makes sense to embed existing authentication methods in devices (e.g. smart card technology or USB in mobile devices) and combine management of access to networks with access to the physical world.
And what he proposed was not just an authentication device but a device with file encryption and signature capabilities, a personal data vault (Flash RAM), and physical access (RFID) as well.
My notes from his DIDW talk follow...
Nico Popp, A Physical key for a digital world
Proliferation of devices (and rogue devices):
What defines the strength of an identity?
Expensive to create, so economies of scale.
Universal strong authentication:
Must support range of credentials, and perhaps combined credentials.
Offline and online (from web SSO to passport visas) - combine management of access to networks with access to physical world.
Propagating strong credentials requires industry collaboration (between chip & device manufacturers; platform vendors e.g. .NET; applications; integrators and customers).
Goals: ubiquity, interoperability, accessibility
Open technical blueprint:
Key concept 1: All-in-one devices
Key concept 2: 802.1X Everywhere
Access rule for identity and device combination.
Key concept 3: Built-in and activated on-demand
Device-embedded credentials and clients (at time of manufacture)
Universal strong authentication in the context of federated identity
Assume identity assertion interoperability gets solved
Trust remains key issue. Identity federation created dependency and liability issues. These issues drive the need for strong identities that can be shared.
Steps from identity management to federated identity management
1. Directory and identity management
2. Strong identity – stronger credentials
3. Best practices – security, ops and privacy best practices
4. Certification, compliance, audit and identity security services
TrackBack URL for this entry:
Listed below are links to weblogs that reference DIDW: A physical key: