Linda provides another update from this week’s Digital ID World.
Phil Becker asked the question at a Digital ID World breakout session:
“What will make Amazon or eBay start really using the identity infrastructure?”
Those who watch the web, authentication initiatives following on the FFIEC push for strong authentication dating back two years now, and identity have wondered about this for a long time. There is a notion that a third party authentication provider could emerge and provide identity authentication for many sorts of applications. But it hasn’t happened yet. Why not?
There are inhibitors:
- Who do you trust to have identified users? (proofing or authentication)
- How do I manage what users have permission to do what? (roles / claims or authorization)
- What if something goes wrong? (liability)
But the real question may be, what’s the killer application for third party authentication?
The popular answers to this question are: payments, health care, government access, and the proof of age requirements which may get legislated for social networking.
But, if it’s payments, the payment cards provide their own authentication (something you have/something you know), and authorization (does the cardholder have funds), and liability handling (chargeback rules).
If it’s government, we should recall that the natural flow of government process and development is very slow…it won’t happen quickly. And you can similarly explain away every ‘killer’ application someone brings up.
My assessment of a killer application for third party authentication:
- An application that is beyond nice personalization of web pages
- An application that is beyond consumer purchase
- An application with information sensitivity
- Where the application provider cannot or will not perform their own proofing and authentication.
Meanwhile, Jamie Lewis of the Burton Group feels that trust is the key inhibitor, and technology itself cannot solve that. There are important questions about relationships and the structures required for ‘trust’ which technology can’t address.