IBM Emphasizes Security with OpenID and NSA Commitments
February 11, 2008 Dan Burger
The emerging Web authentication standard known as OpenID, has received a high-profile boost as IBM, Microsoft, Google, Yahoo!, and VeriSign have joined forces to bolster security (to whatever limited degree that is possible) on the Internet. The security blanket offered by OpenID is that it increases individual control of digital identities and the personal information shared with participating Web sites. The above-mentioned companies were seated as corporate board members of the OpenID Foundation.
The OpenID Foundation supports and promotes OpenIDs, which can be thought of as portable Web identities used in a single sign-on fashion. The newly formed corporate board will use their collective might to push for widespread adoption of the OpenID specification. It’s a powerful move for the foundation, which will mark its first year of existence in June.
For individuals, OpenID–if it lives up to its potential–leads to both security and simplification. Rather than having personal information at risk in many locations, it cuts down on the number of potentially weak links in the chain. And rather than having dozens or even hundreds of user names and passwords to manage, OpenID allows users to convert to single digital identifiers.
For online businesses, the benefits could include lower password and account management costs, reduced liability related to limiting the amount of customer personal information businesses need to store and protect, and increase user traffic by lowering the barriers to Web site entry and re-entry. According to the OpenID Foundation, more than 10,000 Web sites support OpenID logins. A great percentage of these are blogs, but this is likely to change as the corporate world begins to take notice, which is certain to happen with heavy hitters sitting on the OpenID Foundation board.
For everyone concerned, this amounts to improved Web site interoperability. That’s not to say it wipes away all the worries regarding the security of personal information. For some people, the idea of one user name and one password causes worries to compound.
“Privacy concerns have been escalating rapidly because of repeated incidents involving unexpected personal information loss and user identity theft,” said Anthony Nadalin, an IBM Distinguished Engineer and chief security architect for Tivoli software. “This is an important step in IBM’s collaboration with other industry leaders to continuously enhance open source projects for user-centric identity.”
IBM is also scoring points for its security efforts that resulted in a technology and services contract with the U.S. National Security Agency (NSA). IBM and the NSA are working together to design and develop the next generation of high assurance workstations, servers, and pervasive computing technology. The contract has an estimated contract value of $9.4 million over 15 months.
The goal of the High Assurance Program (HAP) is to support secure virtualization, compliance checking, cross-domain collaboration, and enterprise management for government and private sector organizations. Secure virtualization technologies, as one example, are aimed at reducing the need for multiple classified workstations and servers. It may also help agencies achieve “green” data center consolidation goals.
The IBM team will collaborate with General Dynamics C4 Systems, a business unit of General Dynamics and an existing contractor for the HAP program. IBM’s subcontracting business partners include Trusted Computer Solutions, Harris Corporation, and Innovative Security Systems/Argus Systems Group.