Online trust requires a context-based understanding of who we transact with. Attributes about us are needed to build that trust, but in many transaction contexts we share more than we need to.
To pick a simple example, the law says you must be 21 to buy alcoholic beverages but our current method of proof is to show our driver’s license, an unnecessary oversharing of personal information. Why show that creepy barkeep where you live when you only need to prove you were born before 1997?
Steve makes the case that security and identity professionals continue to encourage the oversharing of personal data. Now that we have sophisticated network-based fraud management tools – device fingerprinting, behavioral analytics, machine learning and AI – that generate a crisp profile of our devices and our behavior, the attributes that a user must provide could be limited to just what’s required and no more.
An “attribute wallet” under the user’s control – yes, another role for the smartphone – might prove to be a valuable authentication enabler.
This episode concludes with Steve’s report on comments made by some of the deans of modern cryptography on the threat that quantum computing represents. It sounds like good news.