« Liberty vs. Tyrrany | Main | Authenticating Their Social Fields »

May 22, 2006



So, what's a better key? Seriously, a lot of people will need to know. Say that you need to authenticate someone who's registering at your site for the first time. Or say that you have to look up a person in someone else's database of a million-plus people, and you may or may not know how to spell their name correctly or know where they live (Bob Smith, Robert Smith, Rob Smith, R Smith -- and people move around a lot). You shouldn't see anyone else's records but be able to specify one and only one individual. How're you gonna do it?

Too many entities need a unique identifier for every single citizen. If it's not the SSN, and we simply issue a "citizen ID card" with a different number, you know that's the one they're going to use next for authentication. What's the solution?


@JSQ -

Sorry for the misinterpretation. Not sure if I just read it differently or had a predisposition on what you would write.

@WPN -

The SSN is useful as an identifier for U.S. Citizens simply because it is used everywhere. But it is an awful authenticator. So the key is to bind that SSN identifier to a true authenticator. I favor public/private keys in certificates, but it doesn't really matter what you use. Of course, this means that the trusted third party is critical lest spoofing remain commonplace.



No problem. My experience with books is that different people will come up with different interpretations, some of them refreshingly novel.

One difference between a book and a blog at least in my case is that with a book I go out of my way to imagine readings other than what I intended and to reword and to write redundantly until it seems fairly obvious what I'm getting at and hard to misinterpret. With a blog, I usually go for one way of writing it and count on readers to comment back with how they read it; this seems to result in interesting conversations.


The comments to this entry are closed.

My Photo

Risk Reading

Blog powered by Typepad