This was originally a comment on a blog post by Jeremy Grant, Senior Executive Advisor at NSTIC, titled: Interim Identity Ecosystem: “Are we there yet?” Follow this link to read that blog.
The guiding principles of NSTIC are great. However, great ideas need equally great execution.
As CEO of Gluu, I talk with organizations every day about security and privacy. Gluu’s business is quite global: we have customers in the U.S., Europe, Asia and the Middle East. I am in the frequent position of apologizing or joking about privacy in the US.
Let’s address the gorilla in the elevator: if the US government is going to get on its high horse about security and privacy, it better stop hacking into corporate systems like Google. This undermines the integrity of your effort to develop a privacy protecting ecosystem that assumes the participants abide by the rules.
Mike Hearn’s recent blog sums it up: “In the absence of working law enforcement, we therefore do what internet engineers have always done – build more secure software.” In other words, trust no one… not even the government.
So perhaps before NSTIC committees try to herd a bunch of cats at great expense, it would be expedient to take those sacred privacy principles to Obama and ask him to instruct the agencies of the US government to eat their own dog food.
If the goal is to make the Internet a safer place, fix the front door: authentication.
Without an Internet infrastructure for authentication, we can’t even build the next generation of privacy protecting technologies that will enable the enlightened goals of the NSTIC guiding principles. NSTIC should be doing more to support OpenID Connect to make affordable open source software available to all Internet domains to protect themselves from hackers (and the NSA).
Subscribe to Get News and Product Updates
our RSS Feed