Equifax as a Federated Identity Provider for Hire

This Blog

Home
Contact

Syndication

Published: May 20 2009, 12:43 PM
by Matthew Gardiner

You can think of the Internet identity problem from two perspectives, not only do you have to log-in to too many sites to conduct your daily Web activities, but on the flip-side, too many sites are put in the conflicting position of having to both verify your identity (before issuing you a credential) as well as to authenticate your credential every time you return. How and why is each and every Web site operator supposed to know you well enough to confirm your identity? The current Internet identity "system" is very messed up that is clear. By its very nature it leaves gaping holes for Web criminals to climb through.

Think about how you are authenticated in the real world. Identity confirmation is conducted by entities that "know" you: your government, your bank, your family, your friends, favorite retailers, utility providers, etc. And organizations that don't know you generally refer to one or more of them when confirmation is needed. They become your natural authenticators in the real world. If only there was a business model for entities to offer this equivalent service online.

It appears we might be getting to that point. A recent "Bits" blog on NYtimes.com gives us a glimpse of a future "identity-provider-for-hire" world http://bits.blogs.nytimes.com/2009/05/19/a-service-to-prove-you-are-really-you/. In the article it discusses the impending release of a service from credit bureau company Equifax that will be used to verify your identity as well as certain attributes about you in the online world. Like it or not, credit bureaus often know more about you than you think. The interesting part about this is not whether a credit bureau is the best provider of these identity services compared to your bank or government or someone else, but that a creditable organization sees the potential business opportunity of becoming an identity provider for hire.

If this approach were to fly, everyone could win. Users could receive eased Web access and greater control over personal data, application providers could see reduced identity-theft related fraud, and identity-providers could build a profitable new business by leveraging current business practices into the online identity world. It doesn't really matter which federated security protocol is ultimately used to enable this (SAML, Information Cards, OpenID). What matters is whether this identity-provider-for-hire model can fly economically, while bringing tangible benefits to everyone, except the Web criminals of course.

Share this post:

Tags: IAM Trends, SAML, Information Cards, Security, Federation, OpenID, Identity Management, Equifax, NYtimes{dot}com

By: Matthew Gardiner
Matthew Gardiner is a Director working in the Security business unit at CA Technologies. He is a recognized industry leader in the security & Identity and Access Management (IAM) markets worldwide. He is published, blogs, and is interviewed regularly in leading industry media on a wide range of IAM...
Read More..

1 person has left a comment:

A short time ago I delivered a presentation on identity federation to an online audience as part of a

Posted by: CA on Security Management | August 13, 2009 11:31 AM

* An asterisk indicates a required field

* Name:

Website:

* Comment:

Remember Me?

Submit

CA Community

Equifax as a Federated Identity Provider for Hire

Leave a comment

Leave a Comment