{"id":891,"date":"2007-11-06T11:50:32","date_gmt":"2007-11-06T19:50:32","guid":{"rendered":"\/?p=891"},"modified":"2007-11-06T12:29:17","modified_gmt":"2007-11-06T20:29:17","slug":"ready-or-not-barbie-as-an-identity-provider","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=891","title":{"rendered":"Ready or not: Barbie is an identity provider&#8230;"},"content":{"rendered":"<p><a href=\"http:\/\/blog.wired.com\/27bstroke6\/2007\/11\/barbie-becomes-.html\" class=\"broken_link\">From Wired&#39;s <em>THREAT LEVEL<\/em><\/a>, news of an identity provider for girls.<\/p>\n<p>Just today at the CSI Conference in Washington, DC, <a href=\"http:\/\/www.csinetsec.com\/\">Robert Richardson <\/a>was saying&nbsp;he saw signs everywhere that&nbsp;we were &#8220;on the cusp of digital identity truly going mainstream&#8221;.&nbsp; Could anything be more emblematic of this than the emergence of Barbie as an identity provider?&nbsp;&nbsp;It&#39;s really a sign of the times.&nbsp;<\/p>\n<p>From the comments on the Wired site (which are <a href=\"http:\/\/blog.wired.com\/27bstroke6\/2007\/11\/barbie-becomes-.html#comment-88822472\" class=\"broken_link\">must-reads<\/a>), it seems Mattel&nbsp;would be a lot better off giving parents control over whitelist settings (Law 1:&nbsp; user control and consent).&nbsp; It would be interesting to review other aspects of the implementation.&nbsp; I guess we should be talking to Mattel about support for &#8220;Barbie Cards&#8221; and minimal disclosure&#8230;&nbsp; I certainly tip my hat to those involved at Mattel for&nbsp;understanding the role identity can play for their customers.<\/p>\n<blockquote><p>At last, a USB security token for girls!&nbsp;<\/p>\n<p>Pre-teens in Mattels&#8217; free <a href=\"http:\/\/www.barbiegirls.com\/\"><font color=\"#007ca5\">Barbie Girls<\/font><\/a> virtual world can chat with their friends online using a feature called Secret B Chat. But as an ingenious (and presumably profitable) bulwark against internet scum, Mattel only lets girls chat with &#8220;Best Friends,&#8221; defined as people they know in real life.<\/p>\n<p>That relationship first has to be authenticated by way of the Barbie Girl, a $59.95 MP3 player that looks like a cross between a Bratz doll and a Cue Cat, and was recently <a href=\"http:\/\/money.cnn.com\/2007\/10\/02\/news\/companies\/hotdozen_2007\/index.htm?postversion=2007100211\" class=\"broken_link\"><font color=\"#007ca5\">rated<\/font><\/a> one of the hottest new toys of the 2008 holiday season.<\/p>\n<p>The idea is, Sally brings her Barbie Girl over to her friend Tiffany&#39;s house, and sets it in Tiffany&#39;s docking station &#8212; which is plugged into a USB port on Tiffany&#39;s PC.&nbsp; Mattel&#39;s (Windows only) software apparently reads some sort of globally unique identifier embedded in Sally&#39;s Barbie Girl, and authenticates Sally as one of Tiffany&#39;s Best Friends.<\/p>\n<p>Now when Sally gets home, the two can talk in Secret B Chat. (If Sally&#39;s parents can&#39;t afford the gadget, then she has no business calling herself Tiffany&#39;s best friend.)<\/p>\n<p>It&#39;s sort of like an RSA token, but with cute fashion accessories and snap-on hair styles. THREAT LEVEL foresees a wave of Barbie Girl parties in the future, where tweens all meet and authenticate to each other &#8212; like a PGP key signing party, but with cupcakes.<\/p>\n<p>Without the device, girls can only chat over Barbie Girls&#8217; standard chat system, which limits them to a menu of greetings, questions and phrases pre-selected by Mattel for their wholesome quality.&nbsp;<\/p>\n<p>In contrast, Secret B Chat&nbsp; lets girls chat with their keyboards &#8212; just like a real chat room. But it limits the girl-talk to a white list of approved words. &#8220;If you happen to use a word that&#39;s not on our list (even if it&#39;s not a bad one), it will get blocked,&#8221; the service cautioned girls at launch. &#8220;But don&#39;t worry &#8212;&nbsp; we&#39;re always adding cool new words!&#8221;<\/p><\/blockquote>\n<p>By the way, <a href=\"mailto:kevin_poulsen@wired.com\">Kevin Poulsen<\/a> <em>has<\/em> to get&nbsp;the &#8220;High&nbsp;Tech&nbsp;Line of the Year Award&#8221; for &#8220;a PGP key signing party, but with cupcakes.&#8221;&nbsp; Fantastic!<\/p>\n<p>[Thanks to Sid&nbsp;Sidner at ACI&nbsp;for telling me about this one&#8230;]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wired calls it &#8220;a PGP key signing party, but with cupcakes.&#8221;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[52,6,8,7,11,44],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/891"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=891"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/891\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}