Scott Charney at RSA 2011: Collective Defense and the Trusted Stack

Common identification model shows promise in securing the cloud and the Internet ecosystem it inhabits

At the RSA 2011 conference in San Francisco, Microsoft Corporate VP Scott Charney discussed the concept of collective defense, in which the entire ecosystem of the Internet is secured under common standards — from servers, through the network, to applications, data and ultimately, people. This concept, of course, has profound implications for the cloud.

In his speech, Scott compares emerging online threats such as cybercrime and information espionage to epidemiology and the outbreak of human health problems such as the H1N1 virus.

Part of the solution, he says, is a common system for identification and authorization such that individuals would gain control of their online identities and be given choices about how those are used across the Internet. That breaks from the current system in which people essentially “rent” multiple online identities from a spectrum of providers and use them for different purposes.

It’s a controversial idea that has its share of critics, but Scott says an ID system on the Internet would actually work a lot more like a physical wallet:

“You have maybe a corporate ID that you pull out when you’re in your company building. You have a credit card that you pull out when you’re at the store. You have a driver’s license you pull out when you want to fly. You have a passport that you might pull out when you want to go travel internationally. You have multiple IDs that serve different purposes, and you get to choose which ID you want to pull out for what occasion. And it’s going to work the same way in the ID ecosystem in the IT world.”

Part of the idea behind collective defense is to improve attribution for online activities — people would be known and identifiable online much as they are in the physical world. People could choose to remain anonymous in a particular forum, or be identified and authenticated to gain access to others, but their identities would be intact and thus, presumably, their actions would have consequences.

The reasoning behind this movement, Scott says, is that the Internet is an environment we all share, and the actions of a few can affect many — much the same rationale as smoking bans in public places.

Read the rest of Scott’s keynote here.

About the Author

Director, Trustworthy Computing

Richard Saunders is a director in Trustworthy Computing (TwC) and is responsible for the group’s international public relations activities. A 30 year veteran of the communications industry, Saunders has spent his entire career as a journalist and PR man. Since Read more »