The struggle with PKI to this day is about ease of use. Our deployment of this trading network was not only a struggle of technology but also one of human interface. When you deploy a system of this size and scope, success is not measured by technological ingenuity but by actual usage. The system was only a success if it is was secure and trading happened between all of the systems users. In the end we discovered that clever programming is no substitute for training, support and simplification. In the end, having several thousand traders understand how to obtain, authenticate, authorize and terminate certificates was the hallmark of the system's success.
In your opinion, how important is identity management?
I believe that identity management will play an increasingly important role in society as time goes on. Identity is becoming more than just who you are, but is what defines you in an increasingly anonymous world. When we started moving money between individuals electronically (credit cards, bank cards, etc), identity went through an ideological shift. Identify was no longer defined as a local community's knowledge of an individual, but the vouchsafe given a trusted third party. Because of this, suddenly we could interact at a commercial level with someone half way around the world, but in doing so we reduced our identity from middle-aged father of three to a number and expiration date. As a result we are left with the challenge of protecting our investment in those third parties. And as a result increasingly our management of our identity becomes ever more important.
What developments does NetFrameworks envisage in 2003?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.