[LINK] ArsT: ' ... US rolls out Internet identity plan'
Brendan
brendansweb at optusnet.com.au
Sat Apr 16 12:02:16 AEST 2011
On 04/16/2011 11:20 AM, Roger Clarke wrote:
> [The US has given up on a national eGovernment id for citizens, but
> hopes that NIST can broker a federated id scheme run by the private
> sector.
>
> [Australia is persisting with its attempt to deliver single-login to
> government services, at
> https://login.australia.gov.au/LoginServices/source/Login.jsp?finalURL=http%3A%2F%2Flogin.australia.gwy%2FLoginServices%2FAuthenticate.do
> https://login.australia.gov.au/TacService/enrolTaci.htm?_flowId=enrolment-flow&_flowExecutionKey=e1s1
>
> [There's no FAQ, but there's a brief explanation here:
> http://australia.gov.au/about/whats-new
>
> [Comments interspersed and at the end.]
>
>
> With passwords "broken," US rolls out Internet identity plan
> By Nate Anderson
> Last updated about 8 hours ago - dopes - 15 April 2011
> ArsTechnica
> http://arstechnica.com/tech-policy/news/2011/04/with-passwords-broken-us-rolls-out-internet-identity-plan.ars
The basic assumption behind all of these schemes is that a number (password/ PKI) is an adequate substitute for a person ("Hey Bob, do you know this guy?") when verifying someone's authenticity. The reason this assumption is made is because computers can process numbers far faster than they can process people. The trade off is a higher rate of false positives against a much greater throughput. Broken passwords and leaked identities are a design feature of all of these systems.
Brendan
More information about the Link
mailing list