The Net's gettin' messy
The Net started this way. In the beginning, it was "good enough." Good enough for some forms of communication. Good enough for posting documents that linked to other documents. Good enough for putting dirty pictures online.
But lately, the Net is no longer good enough: identity fraud, viruses, worms, phishing, snarfing, child porn – oh, and endless piles of spam. All of these problems exist because the Net's core infrastructure –its architectural essence is no longer "good enough."
The bottom line is this: the endless schemes, scams, and shams that now dominate the Net are quickly dragging us toward a future wherein the Net as we know it is basically unusable. Put plainly: the Net's getting messy.
Learning from the dinosaurs
The cause of this messiness may be inherent in the structure of networks--that is, if you buy into modern science. The field of complexity theory might argue that the current state of the Internet is just a natural phase in the evolution of networks.
It seems that self-organizing networks (from ecosystems to economies) start with a few connections and, through a process called auto-catalysis, bring more and more connections into being--often with those connections forming around "super-nodes." These super-nodes and connections go through a growth phase that is marked by relative stability. But as the growth continues, so does the number of connections. Eventually, the number of connections is unstable and the system moves toward the "edge of chaos"--that place where the network is in danger of losing its inherent utility and stability. At this point, either the network falls over the edge (i.e., the dinosaurs) or recovers and evolves into something different (i.e. recovering from a recession).
The Internet is not meant for commerce
The Internet was never built for commerce. It was designed more than 30 years ago as a communications system that still closely resembled the structure of ancient communication systems: post, view, reply. Tim Berners-Lee completed the original software for the Net in 1991, adding the "link" variable, which is what made the Internet so powerful. Still, at its core, the Net was built with one assumption: if you were using it, you had been granted the right privileges for access. That assumption came from the simple fact that you didn't get on this "Net" unless you were working at Defense Advanced Research Projects Agency (DARPA) or on a Ph.D. in Computer Science at the University of Michigan, which received the initial contract from the Department of Defense to begin working on the network that became the Internet.
The Net's model of interaction was built to present, represent and point to other pieces of information. But this model of interaction is not the model of interaction that we use in the "real world"--the worlds of social interaction or commerce. As such, the Net's core architecture is unable to adequately accommodate the higher level commercial and social activities that people are now attempting on it. These activities are becoming increasingly exposed via Web services, auction sites and social networking services, for example
In order to accommodate those activities, like commerce and social interaction, that more closely models the "networking" of the real world, the Net needs a well defined sense of identity.
Moving beyond anonymity
The Net's sense of anonymity (or rather, its sense of physical location as a proxy for identity) has been "good enough," to this point. But as the Net becomes more integrated with mission-critical business systems and with the mission-critical components of our everyday lives, it is essential that the Net retain its greatest strengths and evolve to meet the challenges of identity.
Arguably, the Net's greatest strength has been its distributed nature. Moving toward a Net with a sense of identity must recognize and exploit this architecture. As such, the emerging and maturing specifications from groups like the Security Services Technical Committee at OASIS (the group working on the Security Assertion Markup Language, or "SAML"), the Liberty Alliance and the WS-Federation working group are doing the right thing by insisting that existing identity information remain distributed, while becoming linked and more useful.
Granted, the steps these specifications are taking are just the first evolution in a larger process. But these important first steps need to be realized for what they are: good enough. These specifications are good enough in that they are laying the initial groundwork for a much larger undertaking--an Internet with a fine-grained, end-user controlled sense of identity.
As the Internet gains a sense of identity, many important decisions will be made about privacy, piracy and security. But the movement toward that Internet with an identity is nearly inexorable. Without that sense of identity, however, the Net as we know it today will eventually reach a point of being nearly unusable for anything other than posting and viewing web pages.
biography
Eric Norlin is the SVP of Strategic Marketing for Ping Identity Corporation, a company focused on federated identity management. This article, and specifically its title, was the result of a late day conversation that Eric had with Andre Durand, Ping Identity's CEO.