Sto p the Insanity

Digital IDs address a multitude of access, authentication, and encryption issues.

Jon Udell

When I came to work this morning, I used a card key to unlock the main door, then the door to BYTE's offices, and finally the door to the computer room. My card key identifies me, among the 80 cardholders in this building, as one of only a few with access to all three of these domains.

Then I began typing in passwords: to my machine, the LAN, mail and conferencing systems, Web applications. This is nuts.

To stop the insanity, a broad industry coalition is forming around digital ID technologies. These include:

Certificate Authorities. CAs m int new digital IDs, bind them to people, verify bindings on demand, and revoke IDs if necessary. A major 1998 decision: Outsource to a third-party CA, or run your own internal CA services? To outsource, check commercial CAs such as VeriSign and Thawte. You can customize their "private-label" certificate services for your business. To roll your own, Hewlett-Packard's Praesidium line and Xcert Software (Sentry CA) can provide infrastructure.

Crypto Infrastructure. Today, crypto applications mostly bundle their own crypto support. But the infrastructure belongs in the OS: That's where Microsoft is putting it. MS Crypto API comes with Microsoft Internet Explorer (MSIE). In Windows 98 and NT5.0, it will be bundled with the OS. Sun's Java Cryptography Extension (JCE) will provide key management, digital signatures, encryption, and other services for the Java platform.

Digital IDs must work closely with directory systems, too. Netscape's SuiteSpot 3.0 led the way, enabling u sers of mail, news, and Web clients to identify themselves and then gain permissions based on an LDAP directory lookup. Microsoft's Active Directory will provide a generalized way to map digital IDs to users.

Crypto-Aware Applications. With Netscape's Communicator or MSIE4, you can already use a digital ID to gain access to a protected Web application, sign an e-mail or conference message, or encrypt an e-mail message. With the Communicator newsreader, you can also use a digital ID to gain access to a secure newsgroup. Few users today exploit these features; as 1998 progresses, more users will.

As mainstream applications such as Communicator and MSIE4 educate users about digital IDs, more commercial and corporate developers will begin to deploy their own digital-ID-enabled applications. CryptoAPI and JCE will be powerful enablers.

Smartcards and Readers. Once you use a digital ID on your office machine, you wonder: "How do I use this same ID on my laptop or home machine?" The a nswer now is: "With great difficulty." By 1998's end, card readers (attached to serial-port, PC Card, universal serial bus [USB], or other interfaces) will begin to make using digital IDs as simple as the card key I opened the door with this morning.

---

Where to Find

Public-key cryptography standards:


Internet: 
http://www.rsa.com/




Information on products in the 
security
 category

HotBYTEs
 - information on products covered or advertised in BYTE

---

Two Dig ital ID Scenarios

illustration_link (23 Kbytes)

Digital ID infrastructure can be located inside your company (scenario 1) or outside (scenario 2).

---

Public-Key Cryptography in 1998

illustration_link (11 Kbytes)

AT A GLANCE: Digital IDs will eventually replace almost all uses of passwords and cookies with a mo re secure, more convenient way to control access to private applications and information.

WHO SUPPORTS IT: Core technology: RSA Data Security. Toolkits: Sun, Microsoft. CA service: VeriSign, Thawte, AT&T. Infrastructure: HP/Nortel, Microsoft, Netscape. Apps: Netscape, Microsoft.