Doc Searls posts his thoughts about identity at IT Garage. My interpretation of the discussion so far is one of the need to gain some control. I'd like to propose a modest shift which might help the most expensive part of Identity problem, credit cards.
Current credit card systems rely mostly on one thing... keeping a secret. The secret consists some fairly public information (Name, Address) and a true secret (the account number). Insofar as the company is concerned, this is the ONLY key required to make transactions as part of your relationship with them.
I believe it's all this way because of inertia... perhaps I'm wrong, but it seems very quaint and obsolete to me.
Because there is really only one secret number, you have no way of keeping your identity separate as far as the credit card system is concerned. The companies like to pretend their is a difference between the card holder, and a vendor, because it helps maintain the illusion that the system is secure.
Every time you give your account number to someone, for all intents and purposes, you give them your identity. Furthermore, they can use it later, at any point in time or space until the expiration date, without restriction. Your identity gets propogated everywhere, in their backups, on the laptop their webmaster uses to update things, and the person who buys the hard drive after he upgrades. ANY of those people can use your identity.
It's just not possible to keep all of these copies secure. It's stupid to try if there are alternatives available.
For basic transactions, I propose a change to the model... non trival, to say the least, but relatively simple to implement and execute. Allow us to use one time keys for each and every transaction. Don't allow it to be reused, EVER. This makes the value of an old key go to zero, as soon as it gets used.
This makes the worry about the secret getting stolen go away. 8)
Relationships require more detail, as they extend over time, and include a much bigger chunk of information. I'd still go with the one time secret, but keep the terms and conditions transparently available to BOTH parties at the credit company site. The customer needs to be able to track and modify the conditions as time progress, and it's logical that the credit card computer is the place to do this.
If the key gets locked down to a specific vendor account, the value to thieves goes down dramatically (not to zero, but substantially none the less). This makes the worry about the key getting stolen go down proportionally as well.
Those are my thoughts about it. I'm not calling for new infrastructure, and I don't even begin to deal with Single Sign On... but I do address the most expensive mess related to identity (I think).
I'm curious to see how this gets remixed.
--Mike--
Subscribe to:
Post Comments (Atom)
1 comment:
don't know if I missed the point here, but how is this "one time key" generated, and in turn verified by the credit card company?
Post a Comment