{"id":789,"date":"2007-05-30T22:28:24","date_gmt":"2007-05-31T06:28:24","guid":{"rendered":"\/?p=789"},"modified":"2007-05-31T19:19:13","modified_gmt":"2007-06-01T03:19:13","slug":"unifying-the-experience-of-online-identity","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=789","title":{"rendered":"Unifying the experience of online identity"},"content":{"rendered":"<p>Jon Udel&nbsp;<a href=\"http:\/\/blog.jonudell.net\/2007\/05\/30\/unifying-the-experience-of-online-identity\/\">zeros in on&nbsp;the problem <\/a>of web sites that introduce &#8220;novel&#8221; authentication schemes once these schemes start to proliferate.&nbsp;&nbsp;&nbsp;I had the same&nbsp;concerns when I set out the seventh <a href=\"\/?p=354\">law of identity <\/a>(consistent experience).&nbsp; Jon says:<\/p>\n<blockquote><p>Several months ago my bank implemented an anti-phishing scheme called <a href=\"http:\/\/www.trustedcustomer.com\/Siteid.htm\"><font color=\"#b54141\">Site ID<\/font><\/a>, and now my mortgage company has gone to a similar scheme called <a href=\"http:\/\/www.finextra.com\/fullstory.asp?id=15218\"><font color=\"#b54141\">PassMark<\/font><\/a>. Both required an enrollment procedure in which I had to choose private questions and give answers (e.g., mother\u00e2\u20ac\u2122s maiden name) and then choose (and label) an image. The question-and-answer protocol mainly beefs up name\/password security, and secondarily deters phishing \u00e2\u20ac\u201d because I\u00e2\u20ac\u2122d notice if a site I believed to be my bank or mortgage company suddenly didn\u00e2\u20ac\u2122t use that protocol. The primary anti-phishing feature is the named image. The idea is that now I\u00e2\u20ac\u2122ll be suspicious if one of these sites doesn\u00e2\u20ac\u2122t show me the image and label that I chose.<\/p>\n<p>When you\u00e2\u20ac\u2122re talking about a single site, this idea arguably make sense. But it starts to break down when applied across sites. In my case, there\u00e2\u20ac\u2122s dissonance created by different variants of the protocol: PassMark versus Site ID. Then there\u00e2\u20ac\u2122s the fact that these aren\u00e2\u20ac\u2122t my images, they\u00e2\u20ac\u2122re generic clip art with no personal significance to me. Another variant of this approach, the <a href=\"https:\/\/protect.login.yahoo.com\/\" class=\"broken_link\"><font color=\"#b54141\">Yahoo! Sign-In Seal<\/font><\/a>, does allow me to choose a personally meaningful image \u00e2\u20ac\u201d but only to verify Yahoo! sites.<\/p>\n<p>These fragmentary approaches can\u00e2\u20ac\u2122t provide the grounded and consistent experience that we so desperately need. One subtle aspect of that consistency, highlighted in <a href=\"http:\/\/blogs.msdn.com\/richardt\/archive\/2007\/03\/18\/cardspace-simple-demo-screencast-on-channel9.aspx\" class=\"broken_link\"><font color=\"#b54141\">Richard Turner\u00e2\u20ac\u2122s CardSpace screencast<\/font><\/a>, is the visual gestalt that\u00e2\u20ac\u2122s created by the set of cards you hold. In the CardSpace identity selector, the images you see always appear together and form a pattern. Presumably the same will be true in the Higgins-based identity selector, though I haven\u00e2\u20ac\u2122t seen that yet.<\/p>\n<p>I can\u00e2\u20ac\u2122t say for sure, because none of us is yet having this experience with our banks and mortgage companies, but the use of that pattern across interactions with many sites should provide that grounded and consistent experience. Note that the images forming that pattern can be personalized, as Kevin Hammond discusses <a href=\"http:\/\/blogs.msdn.com\/kevinha\/archive\/2006\/10\/20\/how-i-created-my-own-windows-cardspace-image.aspx\"><font color=\"#b54141\">in this item<\/font><\/a> (via <a href=\"\/?p=618\"><font color=\"#b54141\">Kim Cameron<\/font><\/a>) about adding a handmade image to a self-issued card. Can you do something similar with a managed card issued by an identity provider? I imagine it\u00e2\u20ac\u2122s possible, but I\u00e2\u20ac\u2122m not sure, maybe somebody on the CardSpace team can answer that.<\/p>\n<p>In any event, the general problem isn\u00e2\u20ac\u2122t just that PassMark or Site ID or Sign-In Seal are different schemes. Even if one of those were suddenly to become the standard used everywhere, the subjective feeling would still be that each site manages a piece of your identity but that nothing brings it all together under your control. We must have, and I\u00e2\u20ac\u2122m increasingly hopeful that we will have, diverse and interoperable identity selectors, identity providers, relying parties, and trust protocols. But every participant in the identity metasystem must also have a set of core properties that are invariant. One of the key invariant properties is that it must bring your experience of online identity together and place it under your control.<\/p><\/blockquote>\n<p>The &#8220;novel authentication&#8221; approach used by PassMark and others doesn&#39;t scale any&nbsp;better than the &#8220;pocket full of dongles&#8221; solutions proposed by Dongle queens or &#8211; for that matter &#8211; than conventional usernames&nbsp;and passwords.&nbsp;<\/p>\n<p>So far Information Cards are the only technology that both prevents phishing and avoids the novel authentication and multiple dongle problems.<\/p>\n<p>By the way &#8211; if what Jon calls the &#8220;dissonance&#8221; problem&nbsp;that arises from the use of&nbsp;different images and questions&nbsp;on web sites were to be overcome by reusing the same images and questions everywhere, things would only get worse!<\/p>\n<p>Once&nbsp;sites begin to share the same &#8220;novel authentication&#8221; model, you no longer have novel authentication.&nbsp;<\/p>\n<p>In fact you&nbsp;return full circle to the deepest phishing problems.&nbsp; Why?&nbsp;<\/p>\n<p>If you went to an evil site and set up your reusable images and questions,&nbsp;you would have taught the evil site&nbsp;how to&nbsp;impersonate you at legitimage sites.&nbsp;&nbsp; Thus&nbsp;in spite of&nbsp;lots of effort, and lots of illusions, you would end up further behind than when you started.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Jon says that when you\u00e2\u20ac\u2122re talking about a single site, novel authentication schemes arguably make sense. But they start to break down when you start using them at many sites&#8230;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[16,13,7,23],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/789"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=789"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/789\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=789"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=789"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=789"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}