About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« You're fingered for it | Main | NFC, privacy and identity infrastructure »

Next generation platform

By Dave Birch posted May 29 2008 at 6:51 PM

[Dave Birch] With the U.K. newspapers focussing on ID cards again, now that the shortlist of the only suppliers who wanted to be on a shortlist has been announced, I wonder if it isn't time to abandon even talking about ID cards, when the practical implementation of identity for the foreseeable future is going to be centred on mobile phones. Since mobile phones can do a great many things that cards cannot, they provide an obvious means to deliver some useful identity services to both individuals and to organisations. Examples might be simple, secure authentication for online services.


Forrester Research analyst Bill Nagel claimed that mobile authentication has taken hold in many countries, and that mobile signatures are a "logical extension... Nearly all of the banks and operators we spoke to said that the technology operates flawlessly and that the experiences of customers who use the system are very good," he said.

[From Mobile signatures given the thumbs up - WhatPC?]

This is an attractive vision. The idea of making the Internet more secure sounds promising at first, but it has many negatives as well. If we make the Internet more difficult to connect to and harder to use, we lose the creative dynamic around it. Therefore, it kind of makes sense to leave the Internet cheap, flexible and insecure and kick the security layer off the end of the Internet and into the phones. Phones start off from a more secure base, because they already have tamper-resistant hardware (ie, the SIM) in place and since this hardware is a general-purpose computer, there is plenty more it can do. This idea fits rather well with the identity-as-utility view that we have been putting forward for some time. The mobile phones works perfectly as the "identity gadget", the universal faucet that we will all use to turn identity on and off (emergency stop: bad analogy detected). We're hardly the only people working along this line of thought.


From Marco, a great HP paper on Identity-Aware Devices, describing some PoC work HP did with Intel around the Liberty Alliance's Advanced Client specifications.

[From ConnectID: Identity-Aware Devices]

In the HP paper, they talk about "identity-aware devices", which I rather like as a way of thinking about practical solutions. They point out that in order to function in a sophisticated environment (in this case, a federated identity environment) the identity-aware device needs some kind of trusted module that can function as an identity provider. This is exactly how I see the SIM: there's no need to invent anything new, just use find a way to get the mobile operators and others to co-operate to implement the kind of ideas that we can all already see are the way forward.

I'll be over at the EEMA conference in The Hague on June 12th, talking about mobile in the ENISA workshop, so if you fancy coming along I'll see you there. The presentation that I will be delivering is called "Mobile phones and the identity utility" and it's here...

    SlideShare | View | Upload your own  

So if you have any suggestions for improving it, please let me know ASAP!

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference Next generation platform:


The comments to this entry are closed.