Who are you? Who, who? Who, who?

"Keys can get lost. They can get stolen. They can be misused. How do you authenticate that the user of a key is the person who is entitled to use the key?" -- Dana Blankenhorn, October 2007

You say hello, but how do you say goodbye?

"There's a security problem with many Internet authentication systems that's never talked about: there's no way to terminate the authentication" -- Bruce Schneier, February 2005

Digital identity: A meta-standard at best

"Assuming that there will ever be a single digital identity standard - is wrong...we (at best) can at least hope for some sort of meta-standard." -- Marc Canter, December 2004

Why open source matters for InfoCard

"For people to trust the InfoCard implementation, the InfoCard implementation must be available in re-compilable source code to pretty much anybody. If it isn't, neither dissidents nor whistleblowers will ever go near it to assert their identity, and it goes downhill from there in a cascading effect." -- Johannes Ernst, February 2006

How InfoCard could stop phishing

"When people start [to] hand-tailor their cards, it becomes impossible for 'phishing software' to successfully perform social engineering attacks that trick people into thinking a fake CardSpace interface is real.  The phisher has no idea of what kind of graphic or what kind of photo the user has created - so it just can't do a believable impersonation.  The result is that the user immediately recognizes something is very wrong." -- Kim Cameron, October 2006

What InfoCard does

"I'm not arguing that InfoCard is the final word on anything.  I'm arguing that it helps you deal with multiple identity providers, eliminates 'redirection attacks', prevents the evil site from being in control of the user experience." -- Kim Cameron, October 2006

Dangerous identities

"A few minutes ago when I bought an hour of Wifi here at Logan I got yet another new identity. That's so ridiculous, such a waste of time, and so dangerous." -- Dave Winer, December 2004

Overestimating trust

"I just went back to Linked In for the first time in a while, and have discovered that my total trusted network has burgeoned to 1,137,200 people, which really overestimates how much trust in people I have" -- Shel Israel, March 2005

What really matters

"Are we too fixated on identity? It's relationships that matter!" -- Jamie Lewis, September 2006

Someday, an intelligent operating system

"Some day, someone will design an operating system that actually understands what a user is, what a program is, what a document is, what configuration data is, what application data is, and it will know how to organize them on behalf of all those parties." -- Cameron Purdy, February 2004