November 2008


The Internet has a dark side. It makes everything accessible as long as you have an access device, a user ID and a password. It also forces us to create multiple identities each with its own password. I don’t know about you but I can hardly remember the password for accessing my emails, online magazine subscriptions, bank accounts, online retail portals like Amazon, and so on.

The first time I watched Star Trek the Motion Picture, Captain Kirk had to go through a retinal scan to verify his identity. And I thought that is great. Experts said you can’t fake someone’s retina but the capillary veins that form the basis for the retina fingerprint do change over time, particularly for people who develop diabetes, glaucoma, retinal degenerative disorders or cataracts.

Retinal scanning is intrusive as you need to  push your face into a scanner. A more recent redevelopment, in the same vein, called iris recognition allows for us to a distance of two feet from the scanner to authenticate the person’s identity. Much earlier this year I was fortunate to witness a palm recognition system from Fujitsu Japan.

So it begs the question: “why can’t we have one universal ID and password that can’t be hacked, is portable, and truely secure?”

How many user IDs and passwords can any one person keep safely? Adrian Seccombe on the Jericho Forum Outlook on Network World wrote that on average a person has upwards of 50 identities at any given time. I don’t have that many but certainly just keeping track of what my user ID and password is for every website I visit regularly is causing my a lot of headache. At one point, it took me four attempts to get online with my bank before i finally figured it out. That included writing a letter three times to have my user ID and password reset because I forgot what my ID and passwords were.

I’m sure if this happened to my Mom she’d revisit the merits of having face-to-face time with a physical person at her bank never mind it took a good 20 minutes to get to her local branch plus another 20 minutes to queue during busy Monday mornings.

Is it possible for us to ever come to the point where we have just one universal ID and password that would allow us to access everything from bank accounts, to credit card transactions, to read and download our favorite subscriptions, etc.?

For sure work has been ongoing to create an identity management system that will is universally supported. The passport is by far the most universally accepted proof of a person’s identity – although we know that like other media, these passports can be tampered with.

In early 2007, Symantec claimed it has developed a new component of its Security 2.0 initiative that would create a universally accepted identity system across all Web sites, helping users manage their online identities in a secure way. Novell released a similar document on the same theme.

How far development has progressed remains a point of discussion? The issue we have at hand is that no single entity will ever likely be allowed to build and deploy worldwide a universal ID that would enable disparate systems, whether government run or business entities, to recognize the holder of that ID. It just carries the potential for bad as much as good.

So would we ever see such a universal ID and password coming to fuition? Certainly not in my lifetime!

Advertisements

In the IT enduser community, the idea of Open Source brings with it a plethora of elation as well as fear. Ask anyone who is an IBM AS/400 and they will tell you that they are stuck in their for life – at least until they decide to get out of what they put themselves into.

Yes, IBM AS/400 (rebranded as IBM System i in 2006 and subsequently replaced by the IBM Power System line) is a very stable platform. The many applications developed for it are rock solid, enterprise-class software that do what they are meant to do. Throughout its period of reincarnation (1988 to present), the hardware and software may have changed but IBM made sure the applications are transplanted. 

I am digressing so let me paraphrase one CIO comment about their AS/400 investment. “We are stuck and we know we are paying through the nose but we have no alternative today!”

Distributed Computing (DC) arose partly in response to the need to get out of the mainframe and mini-computer era of vendor lock-in. Little did we know that while DC hailed the arrival of an army of vendors offering competing and complementary systems, the liberation was partial – because many of the initial technologies created in support of DC are proprietary in nature. Sure they are able to talk to other vendor’s solutions but this is because application programming interface (API) were built to allow for some semblance of interoperability.

Enter Open Source. The idea that a program’s code is freely available to the end-user community to use and modify to suite a particular need. Can a software company survive giving away its software? Red Hat thinks so. In fact, within the Open Source community, Red Hat is a testament to the idea that you can give away copies of your software (even if it was originally conceived by someone else), make money and prosper.

SUN Microsystems is another company that is heavy into the Open Source momentum. But whereas RedHat is 100% open source, SUN still has technology that is proprietary – afterall, SUN started life in the proprietary world. It can be argued that JAVA was SUN’s first experiment in Open Source. Thankfully, the JAVA community thrives today despite competition.

As with all things, proven or otherwise, there are skeptics. In human nature, the biggest fear is always that of the unknown. For many enterprises whose businesses depend on the smooth running of mission-critical applications, the high price associated with proprietary hardware, middleware or operating systems, custom application, and availability of skilled resources is a bitter sweet pill that they’d readily swallow.

(more…)