I agree with most of the speakers and delegates that this is all very exciting: the collision between mobile and web 2.0 does, I’m sure, offer many new possibilities. But surely something has to happen: the identity and authentication problem has to be overcome in order to realise the potential. In this space, though, the identity and authentication problem has a different construction because of the role of the mobile operator and the components in the handset. One can envisage the operator providing authentication (and quite strong authentication at that, because it could be based on location as well as PIN and passwords) for third-party identification services, or one can envisage the operator providing a bundled identification and authentication service that works something like the one demonstrated by Gemalto and Sun at Cartes last year. In either case, the ISP in the fixed internet world is not really an analogue of the mobile operator.
Anyway, I was thinking that the position of the mobile handset as the basis of practical identity management in the real world is becoming unassailable. As Neil McEvoy points out in yesterday’s podcast, it passes all of the tests: it’s portable, has secure storage, has its own keyboard for PIN entry and so on. But as the discussions about NFC have shown, it is controlled by the mobile operators, so people who want better identification and authentication to be used by "ordinary" people (ie, not nerds like me) such as governments and banks will end up having to cut a deal with them. But why wouldn’t they prefer to pay the operator a penny every time you log on to your home banking if it saves them millions and millions in development costs, operating costs and fraud?
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]