Tuesday, June 21, 2005

Hey kids, get your on-line liquor!

Andy Harjanto, a Microsoft program manager, has started blogging about InfoCard and today presented An End to End Scenario for how it might be used.

Unfortunately, there are two major holes in his scenario.

First, he blithely accepts that some government entity is able to authenticate the user ("Bob") and validate his driver's license. That's simply not going to happen any time in the near term. There's simply no infrastructure (as well as no budget or desire to set up an infrastructure) to both validate the claim and authenticate the user. After all, up thru now, the driver's license itself has served as an "InfoCard" authentication token for the user!

But the second flaw might be even bigger. Within authenticating and validating the shipping address as that of "Bob," there's nothing to stop Bob from setting up a business to order booze for (and have delivered directly to) any thirsty underage kid with the requisite dollars.

It isn't a question of who orders the alcohol - but who it's delivered to.

There's nothing stopping Bob doing this in the real world as well ?
No, there's nothing stopping Bob from doing this (or the kids from using a fake ID) in the real world - except, of course, the observations of humans who see it occuring. But for identity-based computing to be worthwhile, it needs to do better than mere failable humans.
Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]