Social Networking a Tool for More Secure ID Management?
Among battle-hardened IT security practitioners, social networking is often seen as either a security joke or a bona fide security threat. For one example, see Slapped in the Facebook: Social Networking Dangers Exposed.
But when Facebook Platform Engineer Luke Shepard suggested social networking could be a force for stronger identity and access management (AIM) Wednesday at CSO Magazine's Digital ID World conference, nobody was laughing.
Maybe that's because many security practitioners are addicted to Twitter, LinkedIn and Facebook despite the risks they often warn about -- see Facebook, Twitter, LinkedIn: Security Pros Warm to Web 2.0 Access]. Or, it's because the speaker before Shepard, IDC Research Director Charles Kolodgy, suggested that social networking and IAM might just be compatible after all.
Shepard pointed out that the basic Facebook set-up allows for trust enhancement. For example, when the user receives a friend request from someone they may deem a stranger, the user is able to see who among their friends are also connected with the stranger. The more common connections, the less of a stranger that person becomes. LinkedIn works in a similar fashion, he acknowledged.
"This is at the core of how identities are established on Facebook," he said. "Adding to the level of trust is that 25 percent of users share their cell phone numbers. With sites like Facebook and LinkedIn, you have what we call real-world identity."
He noted that Facebook profiles are being used in ways beyond their original intent, much the same as how the value of a driver's license has evolved well beyond its original purpose over time.
"Driver's licenses used to be about being able to drive a car, but it has since become required by retailers, government agencies and others as a way for someone to confirm their identity," Shepard said.
One key for making social networking a potent force in IAM is in the various social networking sites coming together to hammer some form of standardization, he said.
He noted that Facebook Connect -- a tool that allows people to use their Facebook account to log into a growing pile of outside websites and services -- has been increasingly embraced by the likes of Netflix, USA Today, Digg, YouTube and Salesforce.com as a way to verify identities and allow those identities to share content with other trusted entities.
"We are working on ways to help other companies enhance communication and trust through Facebook Connect," he said. "This tool really isn't just for Facebook. It's a broader trend that companies are offering real-world IDs. The key is to find a way to standardize all of this."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
