| So, one of my soundbites is: "Who are you?" is the most expensive question on the Internet. No matter how you get it wrong, you're fucked. Thing is, I think we're missing the point on "identity". It really devolves into a set of related, though nonidentical, considerations: * Authority: Should you be allowed to do the thing you're trying to do? * Reputation: What is your credibility or history? Closely related to trust. * Integrity: Is this thing with your name/identifier on it actually yours, and the same as when you created it? The point is that identifiers are cheap and easy. Reputation should be exceedingly expensive. Integrity is very nearly a simple technical problem. Authentication, similarly, and it carries the additional challenge that People Lose Their Damned Keys. I'd like to see a signet ring or similar mechanical, worn, replaceable, contact-based device replace or complement password and other mechanisms. Which means establishing some kind of standard (you need a detector / sensor on a wide range of devices). And that happens to be a Hard Problem. |