The next generation of Identity

Recently this question was posted to the Identity Gang mailing list. It is a good question, as it makes sure that we are working on something that is not focused on being cool and technically innovative, but that is actually useful to real users. I’ve posted my response below for those of you not on the list.

1) Strong authentication ROI

As the value to the user of interacting online increases, ensuring
that only the intended user can access the online application
increases. Multi factor authentication provides more certainty that
it is the user and implicitly requires more then a password. Having
multi factor authentication for all important sites is impractical.
By using strong authentication to log in to their identity agent, the
user only logs into one place, and does it securely. Authenticating
into other sites can then use cryptography and one time tokens.

2) Software assisted attribute exchange.

Besides the example others gave in response about ensuring a site has
up to date contact info on me, moving around large amounts of
attribute data is very hard and sharing a third party claim is not
possible. I envision a person traveling to a new city to be able to
share their favorite music, movies, books, food etc. to an online
concierge that would be able to recommend hotels, restaurants and
entertainment. Then there is proving you are over 21, star alliance
gold, citizenship etc. I believe moving around this type of identity
data will be of high value to real users.

3) Security.

Users are being phished. An identity agent can assist the user in
verifying the identity of the site the user is releasing their data
to. Cryptographic tokens for authentication rather then passwords
stop the attack vector of stealing the user’s password.