Tuesday, November 06, 2007

Hashing it all out

I've tried to stay out of the fracas that Pamela Dingle, Gerald Beuchelt, and Paul Madsen have been engaged in over the merits of self-issued information cards. But Ben Laurie has now chimed in, so I can hold back no longer.

What Pamela and Ben seem to be overlooking is that the first presentation of the iCard to the bank is not the first communication. The bank is not relying on the self-issued card for verification of your identity. As Ben points out, "we have to have a relationship with the bank to get this off the ground in the first place, regardless of authentication mechanism, and, however that relationship works, we can use it to inform the bank about our self-issued card."

The iCard becomes, de facto, a second factor authentication token - but the identity of the holder (and, by the same token, the issuer) is validated out of band by some other mechanism. This is simply not comparable to going to an on-line retailer, for the first time, and being validated with a managed card. Ben adds that this method means there's "no need for IdPs, CAs or any of that stuff." But what he really means is that there's no requirement for CardSpace in this scenario - any second-factor token agreed between the bank and the user would do.

Oops, it seems Phil Hunt almost beat me to the punch here, although his tangent is more tangential than mine...

You can all go back to discussing your social life now, Pam, Paul and Gerry - oh, that's right, he doesn't actually HAVE a social life.... :)


Dave, an information card could certainly initiate a new relationship with a bank.

Right now, people initiate relationships with a bank by filling in an online application. The data from the online form is later vetted and verified, but the original data is self-asserted. Why couldn't the data in the form of a self-issued card not only be used to fill in the form, but to create the initial account credentials?
Pam started it!

cue Dave saying in deep Dad voice "And I'm ending it"
Well, that's the secret ... do I really have no social life? I rather keep that to the physical world, where search engines have some difficulties intruding my privacy ... at least for now. :-)


Post a Comment

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]