I’m at Digital ID World right now, and the next few issues will deal extensively with the people I’ve spoken with and the presentations I’ve listened to at the show. This does seem, then, an ideal time to catch up on some notes from the mailbag as well as go through a few bits and pieces that have been accumulating but keep getting shunted aside for some bigger story.
Reader Larry Tally pointed out that the use of a magnetic stripe, rather than an RFID chip, in passports (see http://www.nwfusion.com/newsletters/dir/2005/0502id1.html) could lead to horrible holdups at border crossings and airport points of entry as passport holders inevitably carry their documents through magnetic fields and wipe out the data. I’d guess that there could be some sort of shielding in the passport to protect it, but I also noted that credit and debit cards seem to be very successful with magstripes holding the data. Still, it might be worth a test to see if the cost of providing duplicates (and the cost of validating “blank” passports) overcame the objection to RFID chips.
Concerning Circles of Trust (http://www.networkworld.com/newsletters/dir/2005/0425id2.html), Maurus Stadnyk reminded me that much of the world of social networking (Friendster, Orkut, Hi5, etc.) is built on circles of trust. To my mind, they more closely resemble the sort of introductions we might make in a bar on Friday night, rather than the imprimatur a trusted source places on a financial deal – but it is a good analogy.
Speaking of “trust”, the Burton Group’s Jamie Lewis has posted a number of snippets to his blog (http://www.burtongroupblogs.com/jamielewis/2005/05/thinking_out_lo.html) under the rubric “Thinking Out Loud about Trust.” Lewis laments the use of the word “trust” – “In short, ‘trust’ serves as an all-too-convenient alias for a lot of hard problems. And in digital identity discussions, it’s impossible to avoid either the term or those problems.”
But he does realize that it has been used for a long time (as part of public key infrastructure – PKI) and wouldn’t be easy to change. Still, he does seem to think that “reliance” is a better term for what we’re trying to accomplish when weighing the risks of accepting a third party’s assurance on a user’s identity.
Rather than using PKI and key pairs as the tunnel for our vision, we might want to look on how we judge the reliability of information obtained from friends, acquaintances and strangers. We’ll talk more about this in the not-too-distant future, but if you send me your thoughts on it now, I’ll include them in the discussion later. Or stop me in the hallway here at Digital ID World and let me know what you think.
Copyright © 2005 IDG Communications, Inc.