December 13, 2006

There is No Money in the Authentication Business

Periodically Martin writes about the need for a way to authenticating intruding callers. He has written before and also in a recent post he suggests entities like Skype can be the middlemen and can hope to “collect a zillion dollars for handing out the security certificate for premium authenticated B2C calls”. Also recently, Jonathan Rosenberg has written about a dated RFC on service provider authenticating caller ID. I am sure service providers see green in the so called “P-Asserted ID”. I am a bit puzzled about comments from these otherwise proponents of disintermediation not advocating an “user asserted” ID. Here I am suggesting that we adopt and advocate the use of OpenID for asserting ones ID.

In case you do not know about OpenID, it is “an open, decentralized, free framework for user-centric digital identity”. The ID is an URI and you prove ownership of this URI through an Identification Provider (IdP). The important thing to note is that the verifier need not have any prior association with the third party’s IdP and secondly, you can be your own IdP.

In this scheme, my SIP Invite message could contain my OpenID and you can authenticate it using the documented mechanism. The scheme also allows for providing additional information that I have authorized the IdP to share it with you. Given this scheme is distributed and open, there is no need for a handful of dominating and intermediating IdPs.

Additionally, it looks like Martin has given up hope on an open user-owned telephony system. But I am more hopeful.

Posted by aswath at December 13, 2006 07:22 PM
Related Posts Widget for Blogs by LinkWithin
If you do not have an OpenID, then please use



Copyright © 2003-2014 Moca Educational Products.