William Gibson, as I (and just about everyone else) always point out, once said that the future is already here, it’s just unevenly distributed. In other words, all of the technologies that will transform IDM over any reasonable timescale for organisational planning already exist (hopefully we’ll get a peek at some of them at the Digital Identity Forum next month). We just need to look around to see where they are being used, try and work out which ones will work in the mass market and then set about deploying them. Easy, really.
I have to say that I’m not sure that untried technologies are required. A well-engineered combination of smart cards, biometrics and PKI would seem to be a reasonable platform from which to build corporate and governmental solutions. The smart card to store your digital identities, the biometrics to authenticate your access to them and PKI to communicate them over networks (together with credentials).
The first step on the critical path must be the smart card, because until we get some tamper-resistent hardware into the identity loop we’re in a world where everything can be counterfeited with minimal effort. Now, the smart card from your bank (on your chip and PIN card) or from your mobile operator (your SIM card) would do just fine. A smart card superglued to the motherboard of your PC (anyone remember Palladium?) would work in some circumstances. But being able to carry your identities round with you and then plug them into whatever device you want to use would be even better. Microsoft would appear to agree and has apparently added support for smart cards and digital certificates to Vista. I’d love to see smart cards integrated with PCs. I hope it’s done the Japanese way: using small contactless readers built in to the laptop or desktop to make contactless verification (using both contactless cards and contactless phones) is so easy, convenient, simple, quick and, well, just plain cool.