Security, Identity and Japan
by William Crawford
P.J. Connolly's Security Adviser column in InfoWorld this week touches on some of the same Identity Management issues I've been talking about. He points out that people have personas, and that they will want to present different identities as they operate in different roles. (Here's the column: Who are you?).
It seems to me that platform authentication takes care of some of this by both allowing maintenance of multiple user identities on a single system, and by the implict separate of work and personal identities on your work and personal computers.
Several thousand miles away, though, that decision has already been made on behalf of the citizens of Japan, who as of today have a new National ID program in place. Not only does every citizen now have an ID number (stored in MS SQL server, of all places!) they're going to be issuing Smartcard based National IDs sometime next year. The ID cards, much like the ones the US Department of Defense was showing off at this year's JavaOne, will incorporate digital signatures and a cryptography co-processor, allowing the user to carry their digital identity around wherever they go.
The really worrisome thing, though, is that many Japanese citizens appear not to have been informed of this project at all.
Privacy issues or no, it will be interesting to see what applications develop to take advantage of this technology.
On a semi-related note, I subscribe to some of InfoWorld's email newsletters, and got the column mailed to me. When I decided to blog it I had to go on the InfoWorld web site and find the online version, which I eventually did, although it was categorised under Opinions rather than Security. A link in the email itself would certainly have been helpful, and once again the importance of good, user friendly web site design has been underscored. The site was also remarkably slow to respond to my searches, which isn't really appropriate for a magazine serving the Enterprise IT market.
What do you think?