Security/identity · 13 Feb 2006

Not just a spectator sport

That’s the title of an article that Robin Wilton, Pat Patterson, and I wrote on Sun’s behalf for the inaugural issue of a magazine put out by EDS called synnovation. (The link goes to the magazine’s online presence; to read it, as Robin notes, you have to download a free reader.) The magazine offers thoughts from the members of the EDS’s Agility Alliance, its merry band of major business partners.

The theme we explored in this issue was identity in the Participation Age. Here’s the introduction:

Globally, the Participation Age is about changing the balance between the 1 billion richest inhabitants of this planet and the other 5 billion. Today, only 14 percent of the world’s population is online, and yet those of us in the online community are seeing the profound effect that technology can have in terms of enriching our lives, opening up our communities, and stmiulating our economies. The Participation Age is about extending the edge of the network, and capitalizing on the fact that wherever it extends, there’s the opportunity to create and empower new participants.

And this snippet comes from the part where we introduce the connection to identity:

…. The old paradigm, based on remote execution models such as remote procedure calls (RPC) or object-oriented remote method invocation (RMI), tended towards the view that if the request that arrived was correctly formatted, that was proof enough of authenticity.

In cases where the requester is a human being, that’s not a very good match for the way trust works in real-world transactions. In the growing number of instances where the requester is another application, it becomes a very risky way to expose your services online.

The magazine people added some pretty cool visuals. (They also came up with our article title, which I like.) One design element in our section is a huge fingerprint-like whorl made up of URLs. So whether it’s for the pretty pages or the pretty content :-), check it out!