« A New Frame: Digital Identity Reform | Main | In the interim »

January 08, 2005

more Less Databases...

Right now, you implicitly trust the skills of every dba for every database where your social security is stored. Who are they? Where do they work? How were they trained? It's difficult to say from where you are sitting, isn't it. If you are one of the 1.5 million people who had their info stored in and stolen from a UC Berkeley database, you are know more conscious of the need for reform of how digital identity is managed.

By databases here I am referring to any system that stores user data. Could be LDAP, RDBMS, Legacy - any system that stores identity information. How many  databases storing privileged identity information are connected to the network? The actual number is anybody's guess.

As the Cal story shows, each of these systems holds the potential for loss/theft/misuse/abuse of digital identity - so it follows that the sheer number of them poses significant risk. One of the great hopes of federated identity is the possibility that widespread deployment of systems that can exchange identity information at run time will lead to a decrease in the number of databases that store identity.

I'm not calling for an all out aggregation into a single mongoloid directory - but some aggregation of identity information into centralized systems would be a big step in the right direction. Each aggregation point will be held to higher benchmarks for trust, security, privacy, and open standards than any completely decentralized system can ever attain.

The current eulogies being written for MS Passport tend to dismiss the centralized model for universal identity as a threat to privacy. The fact is that without some degree of centralization it will be impossible to bring commonly recognized and trusted integrity to digital identity.

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83452381c69e200d8346a291e69e2

Listed below are links to weblogs that reference more Less Databases...:

Comments

The only good thing about Passport was at least you knew Microsoft wouldn't buy their database. But you stopped short regarding lowering the number of databases: it should be just one.

I went into a bit more detail about user control of personal information on my blog at http://blog.fen.net/archives/000037.html

sorry - screwed up the URL: shoulda been http://blog.fen.net/archives/000038.html

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

My Photo

My Recent Tweets

    follow me on Twitter

    June 2009

    Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4 5 6
    7 8 9 10 11 12 13
    14 15 16 17 18 19 20
    21 22 23 24 25 26 27
    28 29 30