This morning I awoke at 5:00 a.m. (Austin, TX time) and posted an entry
on my blog in response to Rohan Pinto’s response
to my blog yesterday.
By the time I arrived at the Sun office at 8:30 a.m., Rohan had already posted
a thoughtful, detailed exploration of how vulnerable the whole authentication
process can be to Identity Theft. I encourage you to read his
post.

Let me share the comments I posted on his blog:

I believe you are absolutely correct that stolen identities can destroy
the whole authentication process. It was a recent article
I referenced in my
blog that got me thinking along this thread:

Your point that some method is necessary to make sure that the device from
which the authentication claim is issued is absolutely valid.

I recently learned from a good friend of mine, Dick
Luebke, about of a startup company in the Portland area, Iovation,
that is tackling this problem:

They claim the heart of their technology is "the Internet’s only
Device Reputation Authority™." I understand this to be sort of
a secure digital fingerprint for a device such as a PC or cell phone.

You may want to check it out.

Rohan is right that multiple steps of authentication are necessary to reduce
the doubt about an Identity claim to an acceptable level. As James Kobielus
stated in the Network World article I referenced above and previously, "… trust
– the foundation of identity-management federation – is in jeopardy if the industry
doesn’t proactively address identity theft on many levels." Perhaps Iovation can help provide the answers.

Tags:
Identity
Digital Identity
Identity Management
Rohan Pinto
Dick Luebke
James Kobielus
Iovation
Identity Theft
Federation