There seem to be new opportunities for doing things online every day. Being able to pay accounts, open bank accounts, books flights, request plane seats, check medical aid claims, read news and purchase a boggling selection of goods definitely makes life easier.
Unfortunately, there is a significant catch: each and every one of these online facilities requires a user name and password.
This is surely the biggest drawback of doing things online. Keeping track of which user name goes with which password for which Web site is a real challenge. And that's just the half of it, as just about every networked application in the workplace also requiring a username and password.
I think it is high time Mark Shuttleworth revisited his Thawte days of Web site certification and came up with an easy way of authenticating individual Web users.
OK, maybe he is too busy chasing other goals, but then at least he should plough some venture capital into helping other South Africans to pioneer a personal Web authentication system. Right now, I can't think of a better project for Shuttleworth's Here Be Dragons funding agency to support.
Defeating the object
Doing things online is great, but the convenience is somewhat undermined by the bother of having to authenticate oneself repeatedly with each online service provider. Collecting a credit card may require a trip to the bank, but getting the bank to hand it over is relatively easy. Producing an ID book is all that's required.
If that's all it takes in the real world, why is doing the same thing online so difficult?
Instead of looking for complex solutions, we should simply be looking for a way of duplicating the real world processes online and using existing government databases.
Warwick Ashford, technology editor, ITWeb
Surely all that's needed is an online equivalent, which could be achieved with a little international co-operation. Think about it. The bank employee is merely confirming a link between the person collecting the credit card and an ID number.
Could the answer to the information age scourge of multiple user names and passwords be as simple as finding a way to enable online service providers to verify a link between an ID number and a fingerprint scan?
Probably not, but it does warrant thinking about. Often, the simplest solutions are the best. Instead of looking for complex solutions, we should simply be looking for a way of duplicating the real world processes online and using existing government databases.
The technology exists, and with such a system in place, accessing any online service would be as simple as entering one number, one user name and submitting a fingerprint scan.
By using national ID numbers, personal details associated with those numbers would remain securely locked in government databases. This would neatly avoid the problems that arose with Microsoft's Passport system because few people trusted the company with their personal data.
Universal access
The potential is enormous. We all know what Thawte's Web site certification did for Shuttleworth. Imagine what a personal universal Web access system could do for anyone who can make it a reality. Security would be a top consideration, of course. McAfee researchers predict that identity theft connected with online fraud will become an even more high-profile issue among businesses, regulators and consumers in the next 12 months.
Getting real about these and other identity-related issues, Oracle this week announced a project to develop specifications for sharing identity data across heterogeneous applications. Oracle says if businesses pull identity-related data out of their IT systems and store data in more centralised repositories, they will be much less likely to suffer the breaches that have left many companies fighting to defend their reputations.
It's encouraging that although Oracle-led, the Identity Governance Framework (IGF) enjoys industry support and goes beyond the Oracle product set. In fact, Oracle says its goal is to take the IGF into a standards organisation as quickly as possible to complement other data governance policies being drafted by groups including the Liberty Alliance and OASIS.
In all likelihood this practical approach to the problem will ease the challenges around identity in the business environment, but that means someone will still have to find a way of enabling personal universal access to Web-based facilities.
So who wants to be a millionaire?
Share