Social Networking a Tool for More Secure ID Management?
Among battle-hardened IT security practitioners, social networking is often seen as either a security joke or a bona fide security threat. For one example, see Slapped in the Facebook: Social Networking Dangers Exposed.
But when Facebook Platform Engineer Luke Shepard suggested social networking could be a force for stronger identity and access management (AIM) Wednesday at CSO Magazine's Digital ID World conference, nobody was laughing.
Maybe that's because many security practitioners are addicted to Twitter, LinkedIn and Facebook despite the risks they often warn about -- see Facebook, Twitter, LinkedIn: Security Pros Warm to Web 2.0 Access]. Or, it's because the speaker before Shepard, IDC Research Director Charles Kolodgy, suggested that social networking and IAM might just be compatible after all.
Shepard pointed out that the basic Facebook set-up allows for trust enhancement. For example, when the user receives a friend request from someone they may deem a stranger, the user is able to see who among their friends are also connected with the stranger. The more common connections, the less of a stranger that person becomes. LinkedIn works in a similar fashion, he acknowledged.
"This is at the core of how identities are established on Facebook," he said. "Adding to the level of trust is that 25 percent of users share their cell phone numbers. With sites like Facebook and LinkedIn, you have what we call real-world identity."
He noted that Facebook profiles are being used in ways beyond their original intent, much the same as how the value of a driver's license has evolved well beyond its original purpose over time.
"Driver's licenses used to be about being able to drive a car, but it has since become required by retailers, government agencies and others as a way for someone to confirm their identity," Shepard said.
One key for making social networking a potent force in IAM is in the various social networking sites coming together to hammer some form of standardization, he said.
He noted that Facebook Connect -- a tool that allows people to use their Facebook account to log into a growing pile of outside websites and services -- has been increasingly embraced by the likes of Netflix, USA Today, Digg, YouTube and Salesforce.com as a way to verify identities and allow those identities to share content with other trusted entities.
"We are working on ways to help other companies enhance communication and trust through Facebook Connect," he said. "This tool really isn't just for Facebook. It's a broader trend that companies are offering real-world IDs. The key is to find a way to standardize all of this."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
On Twitter now
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
