Neoseeker : News : Microsoft, Paypal and others working on new digital identities system
Hardware Newsletter:
Email:

Latest News
Tue, Nov 18
Mon, Nov 17
Sun, Nov 16
Sat, Nov 15
Fri, Nov 14
Thu, Nov 13
send article hardware newsletter   article comments (3)

Microsoft, Paypal and others working on new digital identities system
Kevin Spiess - Tuesday, June 24th, 2008 | 11:25AM (PT)


'Information Card Forum' hopes to end era of usernames and passwords

Microsoft, Paypal and others working on new digital identities system Image 1

A consortium of companies -- including Microsoft, Novell, Equifax, Oracle, and PayPal -- launched a nonprofit organization with the aim of creating new standards for identifying online users. The name chosen for this new group is the Information Card Foundation (ICF).

The goal of the ICF is to create a standardized framework that can be used to develop "Internet-based information cards and virtual founders," according to the website Dark Reading. The idea is to move away from usernames and passwords acting as your access method to websites, and instead, relying on a sort of single Internet-ID card that can be securely verified.

The primary reason companies are doing this is probably to cut down on costs associated with fraud, and people abusing their services with multiple accounts.

“The Internet was never really designed for dealing with people proving who they were. As a result, we have been left with a world of too many user names and passwords,” Charles Andres, executive director for the new ICF, was quoted as saying. "Criminals can exploit the weaknesses in here... We’ve got to do something to make this better.”

The foundation is looking to work with existing online-ID initiatives, such as those from the OpenID, Liberty Alliance, and Project Concordia groups.

It seems that the difficulty with getting this endeavor going isn't the technology behind it -- instead, the problem is setting up a standard the everyone can agree on. After that, the next challenging step  would be encouraging buisneses to get on board with the program.

One possible problem with this security initiative is, well, security. For current systems, if you lose a password and username for one site, you only lose access to the one service (if you maintain different ID's for every different website.) However, if a future, potential "virtual wallet" was apprehended by criminal elements, it seems like they would be able to quickly abuse your identification quickly and easily, to take advantage of multiple online services. By the very nature of the virtual wallet -- being on a computer connected to the Internet -- there is no system that could possibly be developed that would be completely, and certainly, secure.

Source: Information Card Foundation

Section: Internet Related

  Related Stories

back to news    comments or corrections
- This news story is archived and is closed to comments now -

Comments:

June 24th, 2008 12:42PM(PT)
tallteen86
Interesting idea (especially in the fact that it is 'non-profit').

But yeah, the online equivalent to stealing a wallet with a credit-card and cash, coupled with basically assuming your identity....

Would cause a lot of problems for people who get their IDs hijacked. This, in a way, is worse, since there is no 'face' associated with the ID. In the real world, the person who stole your credit card and ID would have to hide their face, but online, they can do all sorts of damage to your personal relationships, by abusing your accounts.

You'd lose credibility...Even if it is all eventually returned to you, some damage isn't so easy to undo....

~|Vitae Mortem Sequens|~
/|\-\_/My Digital Portfolio\_/-/|\
June 24th, 2008 12:48PM(PT)
kspiess
Yes, that would be my fear. Say they setup this virtual ID as a 'legitimate' identification. And then, if someone hijacks your ID and commits all sorts of fraud --where is practically certain to happen -- then it would seem to me you'd have a lot more trouble proving it wasn't you, because the retailers would parrot how "secure" the system is.

BTW tallteen, I checked out your portfolio just now. Good work dude! Nice banners...that's quite a lot of stuff you have on display.
June 25th, 2008 8:32AM(PT)
Kevin Fox
Interesting points, going with the analogy of a wallet being stolen, in real life I would have to contact all my credit card companies, and any other services that my wallet had information on to have everything reset.

With OpenID if your account is compromised you only need to go to your OpenID provider and turn off access from one central area. I would also argue your email address (only protected by username/password) is already a single point of failure today. If I were able to access your email I could do a fair amount of damage.

With all this said it is understood that if you are going to put more data online you need something much more secure to protect it. I work for Vidoop and we have a very secure OpenID provider up at http://myVidoop.com which requires no extra software or hardware to be used. Verisign has a token you can buy that gives you two factor auth as well.


- This news story is archived and is closed to new comments now -

  RSS Feeds

Latest Comments
Most Comments

Latest Net Reviews:
·Palit Revolution 700 Deluxe
·Cooler Master ATCS 840
·MSI Radeon HD 4830 OC
·Asus EN9800GT MATRIX/HTDI/512M
·Cooler Master HAF 932
·Gigabyte GA-EP45-DS3R

Latest Inhouse:


Compare Prices

Motherboards
 Abit
 ASUS
 Gigabyte
 Intel
 iWill
 Shuttle
 Soyo
 Super Micro
 Tyan
 More...

Processors
 AMD
 Intel
 More...

Memory
 SDRAM
 RDRAM
 DDRAM
 More...

Video Cards
 ATI
 Visiontek
 PNY
 3Dfx
 More...
search for lowest prices
(0.0181/mc/nova)