End to end trust

While the rest of the security industry is currently living it up at the RSA conference, I’m in Vienna, having completed another local security review, looking out of the window of the airport lounge in hope that my flight home might both arrive and depart on time. Would I prefer to be in San Francisco? Yes!

On saying that, I do like Vienna – it’s one of my favorite cities. Friendly people, beautiful architecture, and great food. In fact, here’s my latest recommendation for a good meal: Figls.http://www.figls.at.

I usually dislike travelling because, frankly, I’m not really into all the small talk that one is often forced into making with the person in the next seat on the aircraft, or the elbow politics over the centre armrest. I prefer to pick who I sit next to. This trip has not been so bad because my wife has accompanied me and I can just about make small-talk with her! Being ever entrepreneurial I suggested to her that we start a website dedicated to the theme of hooking up like-minded people who happen to have the same travel arrangements so that you end up sitting next to somebody you don’t mind having to converse or share personal space with.

However, inevitably the discussion turned to the theme of security and the pitfalls of such a service. How would you prove the online identity of your travel buddy? How would you protect your own (i.e. you’d be telling the world that you’re going away from home and potentially leaving your house empty) and so on.

So, that led me to thinking about the whole online identity issue and in turn that brings me full circle back to the theme of the current RSA Conference where Microsoft’s Scott Charney has been talking about “Creating a More Trusted Internet.” In the accompanying article, Scott states

We need to create a system that allows people to pass identity claims (sometimes a full name perhaps, but at other times just an attribute such as proof of age or citizenship). This system must also address the issues of authentication, authorization, access and audit. Finally we need a good alignment of technological, social, political and economic forces so that we make real progress. The goal is to put users in control of their computing environments, increasing security and privacy, and preserving other values that we cherish such as anonymity and freedom of speech.

The associated white paper elaborates on these themes and it’s well worth a read. Download it here .

The privacy buffs will no doubt claim that such initiatives will see the end of Internet anonymity. But would that be such a bad thing? Scott Charney, himself, states “The fact that anyone can connect to the Internet without paying for the costs of an identification regime has certainly enhanced its growth.” And just look at the storm over Phorm at the mearest suggestion that anonymity might be compromised. But I think it’s time for this initiative and I’m not unhappy about Microsoft taking the lead – after all I’m writing this blog on a Microsoft powered PC and I’ll bet of the millions of you out there reading this that the majority of you are doing likewise.

So, good food for thought…and as it’s looks like todays flight is running to schedule, it’s time for me to sign off!