Main

April 5, 2010

Open Identity: the end of childhood, the age of assurance

This week is the week of the OpenID summit in Mountain View, California. We are all hoping that 2010 will be another pivotal year for open identity. There seems to be a combination of market forces that are making federated identity more attractive. In fact, we are hearing new compelling use cases for federation. A first example is cloud access and identity management. As enterprises shift their IT infrastructure and information to the cloud (as in IAAS, PAAS and SAAS applications), CIOs need to federate corporate identities with cloud service providers. For cloud resources, the corporate directory becomes the identity providers and the cloud services are the relying parties (and if you don't have a directory or don't want to use it for federation, Google is in the pole position to be your OP). Another interesting vertical ripe for federation is healthcare. Now that the Obama bill for healthcare has passed, one should expect a revival of health information networks (remember the RHIOs). Finally, payment, the mother of al federation, online payment, is seeing a lot of innovation too. From mobile to social games, to high assurance open identity networks led by modern payment systems such as PayPal, Amazon or Facebook could sway consumers, curb fraud and shift merchant liability where Verified by Visa has fumbled to-date.


So, what do the trusted cloud initiative, Obama's new health care bill, and next generation online payment have in common? They all require federation and stronger forms of authentication to enable trust and protect against fraud. These transactions are complex and risky. They are complex because they involve multiple independent, sometime competing organizations. Federation is needed. These transactions are also too risky because the current Internet authentication system based on name and password is too weak. High assurance identity is needed. As government and vertical industries worldwide come to the realization that their cyber security and business agenda require them to enable high assurance online transactions, federation and strong authentication will converge into new compelling trust infrastructures deployed across vertical markets.


The need for high assurance federation may provide a much needed boon for open identity technologies such as OpenID and OAuth. The point is that the adoption of a new identity management model on the Internet by consumers may require much more than single sign on, attributes exchange and authorization. As Dick Hardt put it many times, these traditional identity features are only vitamins. Most people won't go for vitamins alone. Consumers want enablement. Facebook figured that one a long time ago but tying friends discovery and activity streams to Facebook Connect. So, what is Open Identity's mojo then? I dare to suggest that the opportunity for open identity is new transaction enablement. If open identity networks can enable complex and risky transactions that are not possible online today, massive adoption will follow and altering the digital identity experience becomes palatable.


Of course, it is a security guy talking but let us consider the business model too. The business of security and trust is well understood. Credit bureaus, security companies and VISA/Mastercard have clear and compelling transactional business models. Transactional revenue model are also more compelling than advertising. The profit margins for standing in the middle of transactions as neutral third-party and enable high assurance are fairly high. Compare the addressable market to the currently minuscule market size of open identity as it stands today. Whether you look at it from a product, deployment or economic standpoint, I continue to believe that the future of open identity on the Internet rapidly is intimately linked to high assurance identity.


Posted by Nico Popp at 6:39 PM | | Comments (0)

September 11, 2008

DECE or the Digital Content Cloud: Last Chance for DRM.

For almost 18 months, we have been working with the Movie studios on creating a blueprint architecture for rich digital media (a fancy name for digital movies). The concept falls in what I like to call the "big idea" category. The goal is to create an Internet eco-system that re-creates the user experience and commercial success of the DVD: an industry standard shared across all content providers, all retailers, and all device manufacturers.


Like the brick and mortar DVD, this new Internet DVD will share a common brand recognized by consumers worldwide; it will provide a common format with interoperable digital rights protection technology; The Internet DVD will be backed by a common usage policy that is consistent across movie studios and will provide a simple user experience for consumers. Believe it or not, we all believe that these lofty goals are achievable and we even have a proof of concept to support our irrational exuberance. You will just have to wait for this effort to become consumer facing to see it.


If successful, this "Internet DVD" standard, will allow any consumer to purchase and download movies from any online store (pick your favorite ecommerce store), and view it on any device (a PC, an IP TV, a mobile device). From the studios standpoint, the concept of the Internet DVD arises from witnessing the Internet speed transformation of the music industry: loss of sales driven by pirated content, emergence of music distribution silos where the lack of interoperability eventually leads to the elimination of rights protection altogether, a risk that the movie industry is not willing to accept without a good fight.


A key requirement of the "Internet DVD" is to enable DRM interoperability, which is timely considering the focus of regulatory instances, such as the European government. Of course, many will argue that the easiest way to achieve DRM interoperability is to get rid of DRM altogether. My theory (a lonely one in the blogosphere) is that a cloud-based approach is not only technically viable to create DRM interoperability. It is also the only possible approach to creating a user experience that resonates with consumers.


Indeed, the key to making the Internet DVD an insanely great consumer product is both open standards and a cloud approach. The cloud services (including OpenID-based identity services, of course,) are essential to mask the complexity of dealing with multiple DRM systems, multiple content formats and multiple retailers. The other trick is to leverage the cloud to provide additional functionality that the silos dismiss today: rights locker, perpetual ownership and the separation of the purchase from download experience. That last one is likely to resonate with marketers as the Internet DVD will encourage impulse by without forcing consumers to be tethered to a 10GB pipe.


Of course, the proof is in the pudding. We still have a few challenges ahead. We need to prove that the industry can come together and create a compelling joint offering for digital entertainment. We also need to prove that the hereditary vices of DRM can be hidden from consumers by using a cloud-based approach. The immensity of such challenge aside, the immediate lesson to me is that the cloud can be a disruptive force when it comes to new product design. The cloud creates new dimension that can challenge common thinking and alter the status quo, like the well-established thinking that DRM is a dead end. One thing is sure. The movie industry is a fascinating world and it will be fun to see how the cloud allows it to reinvent its biggest commercial success. So, say hi to the Internet DVD, it may be coming to a computer near you very soon now.

Posted by Nico Popp at 11:01 AM | | Comments (0)


ABOUT SSL CERTIFICATES

Search

Categories

Cloud Trust | Cloud computing | Cloud security | Data Portability | Digital Rights Management | Identity | Social networks | Media & Advertising | Mobile | OpenID | Security | Trust | authentication | micro financing | virtualization |

Archives

February 2012
January 2012
October 2011
July 2011
April 2011
September 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
November 2009
September 2009
August 2009
June 2009
March 2009
February 2009
January 2009
December 2008
November 2008
September 2008
August 2008
July 2008
May 2008
March 2008
February 2008
January 2008
December 2007
October 2007
September 2007
August 2007

Recent Posts

The Virtualization of Security and the Rise of Security as a Service
The Four Horsemen of Cloud Brokering
The Perimeter is Dead, Long Live the Cloud Firewall.
Why mobile and cloud security eventually converge
From Windows to the Cloud: "Nothing is created, nothing is destroyed, everything transforms."
Trusted Identities in Cyberspace
Identity Proofing - the Next Mobile Business Opportunity?
Cloud Identity, Trust and the Liability Elephant.
Greek Heroes, Facebook and Trust
PCI for the Cloud

Comments

We encourage comments and look forward to hearing from you. Please note that VeriSign may, in our sole discretion, remove comments if they are off topic or inappropriate.
Powered by
Movable Type 4.21-en
Disclaimer: Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of VeriSign.

VeriSign Legal Notices

Read our Privacy Policy