Last week Bruce Schnier wrote an article that identified a good reason to believe that we won't see federated id's anytime soon. He was talking about all the cards we carry, one from each bank, credit card company, rental car company, video rental store, etc where we do business. The fact is that none of them will give up their brand. To expect that the bank where my checking is at is going to let me use my mortgage company branded card/token/dongle to log in to their site is just not realistic. In addition to the brand issues, when I can't log into one site, who do I call for tech support...any company other than the token issuer is going to point fingers at the other folks. And unless the site belongs to the token issuer, more finger pointing.

It's a pipe dream. The only organization so far that had a chance at becoming the trusted 3rd party was the US Post Office, which tried to offer certificate services back in the mid-90's...but blew it due to an unsophisticated approach. Federated identity for financial services won't happen in this decade.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/141/631#631