Slashdot Mirror

← Back to Stories (view on slashdot.org)

New IBM Tech Lets Apps Authenticate You Without Personal Data (csoonline.com)

Posted by Soulskill on from the ways-to-confirm-you-exist dept.

itwbennett writes: IBM's Identity Mixer allows developers to build apps that can authenticate users' identities without collecting personal data. Specifically, Identity Mixer authenticates users by asking them to provide a public key. Each user has a single secret key, and it corresponds with multiple public keys, or identities. IBM announced on Friday that Identity Mixer is now available to developers on its Bluemix cloud platform.

5 of 27 comments (clear)

  1. It will never go anywhere. by SeaFox · · Score: 4, Insightful

    1) Companies want the personal data to use for their own marketing and to resell to others, authentication is their excuse to get it now.

    2) No one will want to pay a license fee to IBM on top of the loss of revenue from (1).

  2. Spiffy, like credit-cards by davecb · · Score: 2

    My credit-card supplier will issue single-use or otherwise restricted numbers, to use with "untrustworthy vendors". This allows a similar functionality: with the vendor I can be OscarTheSuspiciousGrouch and use a card number that is limited to legitimate stuff.

    In both cases I can credibly demonstrate I'm really "Oscar"

    --
    davecb@spamcop.net
  3. Looks like it avoids credit card verify, but PCI? by xxxJonBoyxxx · · Score: 2

    TFA says this avoids birthday, home address and other criteria typically demanded by banks during a CC transaction to prove online identity. However, IBM's technology would seem like fail on arrival unless it got the blessing of the almighty PCI council, which pushes a lot of those "additional" identity requirements onto banks to make sure they aren't being defrauded.

  4. IBM doing what is does best, embrace and extend ? by sxpert · · Score: 2

    This sounds suspiciously similar to SQRL https://www.grc.com/sqrl/sqrl....

  5. Re:IBM doing what is does best, embrace and extend by SScorpio · · Score: 2

    Read the article, IBM's solution also uses a credentials wallet.

    SQRL uses QR codes so the user's wallet can be on a mobile device, and the user could log into a public machine without exposing a repeatable login method. SQRL also allows for a SQRL:// link on the QR code so a wallet program on the local machine, or the phone itself can still authenticate without using the QR code.

    Where these differ is that SQRL is made to replace the username and password part of logging in. It also creates a unique identity for each site so the only way to map SQRL accounts between sites would be through information the user gives to the site such as an email address.

    IBM's solution appears to have a 3rd party signer like a government create a certificate with identity information which is then used in the authentication process.