Tuesday, May 23, 2006

Is security a thing of the past in a Web 2.0 world

I like what SXIP is doing to address security in a Web 2.0 world but, unless I am mistaken, their approach is focused around making life simpler for enterprises as they adopt SOA solutions. SXIP makes it easy to integrate internal access management and authentication with providers of external components, modules or applications. This is a step in the right direction and I applaud them for it. But what is being done for the consumer? The consumer is in the vanguard of the Web 2.0 revolution. We are moving our data on line - our pictures, our data, our schedules, our email. We are collaborating using on line applications. This leads us to the situation where we have accounts with user names and passwords on multiple web sites and there is no easy way to keep the security information in sync. As a result the temptation is to use a common password across all sites, or we use the password management features of the browser on our default desktop or laptop - but what happens when we travel? I believe that there is an opportunity for a consumer oriented, federated authentication service. At present each web service implements its own security scheme and the fragmentation makes life excessively complicated for the consumer. It also imposes a burden on every web application developer in delivering an access management framework. We need to implement a range of tools that increase the confidence of consumers that their information is adequately secured without excessively intrusive password controls.


  1. I have come to the same conclusion. There are some big initiatives such as the Liberty Alliance, but they are trying to solve the whole problem at once, which is huge.

    I am looking for somewhere to store my email address and password and get it to hand it across to my consumer Web 2.0 services.

    In looking and not finding I am thinking of hacking such a service myself. Let me know if you find anything.

  2. The problem with Liberty Alliance and Microsoft Passport (or whatever they are calling it now) is they come across as big business interests that are trying to corner the market for their own ends, namely sell lots of software.

    There are a number of more grass roots initiatives that are emerging. Have you looked at SXIP, OpenId and Yadis? They have some promise.