[OpenID] OpenID Registration Scenario
John Wang
jwanggroups at gmail.com
Thu Jul 12 15:43:47 UTC 2007
On 7/12/07, Peter Williams <pwilliams at rapattoni.com> wrote:
>
> "The average user doesn't think about too much about security,
> especially back in the day, but they want portability. The fact you couldn't
> transparently log in from your home machine, a work machine and a public
> library machine with a client cert was a major usability problem. "
>
>
>
> So, isn't the same true with smartcards (e.g. the coming US national id
> card?), or USB tokens, or mifare cards, or TPM-equipped PCs that can use a
> Euro-passport-chip's bio data. These all (like client certs) require
> universal terminal-capability - the USB port, the drivers, the special
> device readers, etc
>
>
>
> If we assume this propositions, we are surely left with limiting ourselves
> to conventional passwords – or perhaps also those OFFLINE password keyfob
> dongles generating one-time-passwords every 60s – devices that are (a)
> portable, and (b) require of the PC terminal nothing other that which
> conventional passwords require (i.e. a keyboard to enter OTP and pin)
>
I think we see the issue the same way but have different optimism levels
about the non-portable solutions. So far, in the US, I think just about
everything other than passwords and OTP keyfobs can be considered a failure
in terms of consumer adoption and issuer ROI, except for perhaps the AmEx
Blue smart card which was successful in generating subscribers, not actually
having the chip be used. A while ago, I used to travel to Europe often where
Barclays, among others, had issued chip/magstripe credit cards. When I would
go into a hotel and ask them how many people used the chip reader they had
at the front desk, the answer was almost none.
For nationally issued ID documents, I wouldn't be surprised if government
agencies like customs will have readers, but I doubt most individuals will
have readers (that require external hardware and software drivers) to use
them from their personal computers. After all, why don't end users have
magstripe readers for credit cards with their personal computers today? The
hardware as been available but I don't think the benefits justify the
additional costs.
While past adoption is no guarantee of future adoption, I'd say the track
record for portable solutions is very good and the track record of
non-portable solution is the opposite. I hope it changes but the probability
of it happening is the issue. Of course, potential issuers and vendors of
these solutions will see the situation differently.
--
John Wang
http://www.dev411.com/blog/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070712/81c33778/attachment-0002.htm>
More information about the general
mailing list