Sxip
wants to raise the e-commerce security bar
by
Alan Zisman (c) 2007 First published in
Business
in Vancouver March 27- April 2 2007
Back
in 1996 (BIV issue 334), this column looked at a PriceWaterhouse (et
al) report in which the company wasn’t sure whether this then-new web
thing would prove to have legs or whether (like CB Radio) it was just a
passing fancy. If it lasted, though, PriceWaterhouse anticipated
enhanced connections between vendors and consumers and between
companies doing business with one another.
This
has largely come to pass. But the promised “friction free” commerce
hasn’t. Far too often, prospective customers, faced with entering a
page of personal information online back out, mid-transaction.
Dick
Hardt, founder of Vancouver’s Sxip
Identity (pronounced “skip”) thinks
that part of the problem is our lack of verifiable identity online. We
use passports or driver’s licences to verify identity in the physical
world, but online life is another thing. As a New Yorker cartoon noted:
on the Internet, no one knows if you’re a dog.
According
to Hardt, it’s straightforward to log users onto individual network
directories (he refers to this as Identity 1.0). In the late 1990s,
Microsoft Passport and the Liberty Alliance developed single sign-on
schemes connecting users to competing federations of large enterprises.
(Hardt considers these Identity 1.5). Now, you may have built up an
online reputation with, say, eBay, but that doesn’t carry over to, for
example, Craigslist.
We
need, he suggests, “Identity 2.0,” identifying users across multiple
websites, something as portable as, say, your driver’s licence;
something not proprietary and controlled by a single large corporation.
As with the Internet replacing proprietary network protocols, Hardt
believes that “simple and open” identity systems will provide the
answer. This is evolving out of the needs of large websites to enable
users to share identity information. Sxip is one of the movers behind a
new OpenID protocol designed to help meet this need.
Sxip
(which presumably stands for Simple eXtensible Identity Protocol)
offers Sxip Access for on-demand identity management for SalesForce and
Google Apps and Sxip Audit, a security dashboard for SalesForce. The
company is also working with the B.C. provincial government
e-governance initiatives. It recently released Sxipper, a free web
browser identity plug-in. Sxipper allows users to store personal data
and passwords and have them automatically (and securely) entered into
log-in and web forms with a single click.
While
your web browser may offer to save and reuse form information, that
only works when you’re returning to a form you’ve already filled out.
Sxipper users “map” forms across the Internet, so the odds are good
that when you visit a new website, Sxipper will already know what data
is needed for the form. Should you visit an online form that’s new to
the Sxipper database, you can choose to “map” the information, making
it possible to automate other Sxipper users’ entries to that page.
Your
personal data resides, encrypted, on your computer. All that’s stored
at http://sxipper.com/sxipper.com
is your e-mail address and log-in
information. Sxipper works with Windows, Linux, and Mac versions of
Firefox. The company is planning a version for Internet Explorer and
enhanced commercial versions.
Is
Sxipper’s dog logo a reference to that New Yorker cartoon? I don’t
know. But it’s a step towards an online future where, on the Internet,
everyone will know when you are or aren’t a dog.