The Kantara Initiative has been launched to provide Internet users with an identity that they can use across multiple sites and services. Its mission is to integrate the multitude of integration initiatives. Although it is backed by several big players in the vendor, enterprise and government sectors, it will have to produce concrete results if it is to win the credibility it needs to achieve its objective.
Why is Internet identity so difficult to establish?
Peter Steiners 1993 cartoon in The New Yorker carried the caption On the Internet nobody knows you are a dog and succinctly summarised the problem of Internet identity. The Internet brings together people with no common affiliation who never see each other. Many relationships are ephemeral. Some people deliberately hide their identity to mask wrongdoing, or simply to maintain their privacy. Twenty years into the Internet age we are still dependent on a multitude of single-site usernames and passwords. These are difficult to remember and increasingly vulnerable to phishing attacks.
There is no shortage of suggestions for providing a more usable and secure identification and authentication infrastructure, coming from the open source community, from major vendors and from standards bodies such as the Liberty Alliance. We have too many! Interoperability is vital as the proponents will not agree on the best approach. We also need a range of options for trading off ease-of-use against assurance level.
Technology only provides consistency of identity across sessions. The enrolment phase of the identity lifecycle remains resistant to technological advance. The applicants evidence of identity, the identity provider enrolment processes, and trust in the identity provider are factors outside the technical protocols. Some of the protocols require realtime referral to identity providers such as employers, banks, ISPs or government agencies. Complexity is increased by the need to expose different aspects of a persons identity for each service.
The need for interoperable identity is increasing
More high-value transactions are being performed on the Internet while the range of collaboration services is increasing. Web 2.0 technologies and new networking protocols are being added to websites, across the B2B, B2C, C2C and G2C domains. All of these need a secure and easy-to-use identity assurance framework that works across all services.
What is Kantara?
The Kantara Initiative is a not-for-profit organisation set up to bridge the web identity initiatives. It brings together several projects, standards bodies and similar organisations, which themselves have memberships embracing major enterprises, vendors and governments. Kantaras Board of Trustees includes AOL, BT, CA, Intel, Fidelity Investments, Oracle, PayPal and the New Zealand government. There have already been several efforts to promote bilateral interoperability between identity schemes, but Kantara has more comprehensive ambitions and may be thought of as trying to integrate the integration efforts. The currently active initiatives within the Liberty Alliance are moving into the Kantara fold, and Kantara is effectively taking over where Liberty left off.
Sign up for Computerworld eNewsletters.