We’ve all been there. You remembered you created an account on xxxyyyzzz.com, but
can’t remember the password or the account name. You search through your e-mail,
but can’t remember who sent you that confirmation mail. And you have enough of them.
That’s it. You’re note going to create yet another digital identity.

Identity on the net is an important issue. On one side, you got to be careful of the
electronic trail you leave. On the other hand, you need to make it easier on yourself
and limit the number of account names and passwords you use, so you end up
using the same password everywhere. I’ve reached the point that if I can’t
register the username ollej, my interest fades away… I don’t want help from my
web browser to remember, but I know a lot of people do. Changing to another
computer is a crisis situation for them. And letting the web browser handle
your accounts is not a very secure solution.

Identify is an important part of the security framework. It’s about claiming to
be someone (or something) and be able to prove it. This is very often called
AUTHENTICATION.

But that’s not all of it. There are different needs for how you prove your identity
in different situations. The requirement of a 100% correct identity is lower
on Facebook than some other sites, like your Internet bank. A few years ago
some people claimed that all secure transactions on the net required
200% security, being tied to your social security number. That was proven
itself to be incorrect – and you have to compare with daily life. How many
times have you asked your collegues for a passport and a DNA-test?

In VoIP, identification will become important. The PSTN network has a lot
of flaws in regards to handling of Caller ID numbers and names. There’s
only trust between operators, and it\’s easy to work around it. We can do much
better in VoIP, so that you will know with a bit more trust who’s calling
– if and when you need to know. Good identification will make it easier
to avoid SPIT, spamming in the IP telephony network.

We need to tie all of this together. Create good identity handling for
our users and support the open movements for decentralized identity systems that are now growing on the Internet. Orange, a french cell phone service provider, just announced that they will authenticate all of their subscribers with the OpenID standard. In France, there’s nothing better than a telephone bill to prove that you exist and supporting identification seems like a natural move for a french telco.

OpenID is a solution created by engineers in Verisign together
with other companies. In fact, even Microsoft has shown interest.
It’s a distributed platform where you create one or several
identities in a trusted place and use these for logging in to
other systems. It only solves one issue, not all of them, but does
it in an elegant way. You can run your own OpenID server or
use someone elses. This means that different OpenID services
will have different values depending on how the identity is connected
to you as a real-life person or your company as a legal entity.
One account for several services. And they won’t have your password
stored in their systems at all.

Better Identity systems are an important part of the new net,
the personal communications platform. We need to solve
this in a distributed way, following the Internet architecture.

Yours truly – or? Are you sure?

/O