AlwaysOn is apparently planning on launching an online identity sort of service, pulling profile data from other services into the AlwaysOn portal. SiliconBeat notes that the idea has never taken off, despite a number of offerings in the area. The linked post doesn’t have much by way of details, but it’s worth tossing into the hopper for consideration.
So here’s a question: other than the computational overhead, key management complications including fun like designating authoritative servers, complexity for end-users, and some valid concerns about whether it really fits the need all that well, why is it that we don’t hear more about people using either public key crypto or its basic architecture as the basis for an online identity management system? While it might not be the right approach, it’s not any worse than some of the ideas I’ve seen tossed out there.
There are already a few different examples of people using public key crypto to create private content on the Web, with client side decryption, and signing data (to authenticate that it came from a particular source) is a reasonable leap to make from there…while it seems like a bit of a stretch to make it all work, so does every other option that I can think of.
And just as a slightly related side note, check out the stealthsurfer drive…while it’s focused on anonymity online, one could (or rather “I do”) view that as just another perspective on “controlling one’s online identity.” Going to pick one up to play with…