Tokens in Hypermarkets

My identity prediction number 6 caught the attention of Mark Dixon and Robin Wilton.

Strong authentication will get integrated with "identity": Authentication and "identity" may not be the same, but they cannot be seen as separate. Authentication companies will look at "identity" technologies as a way to sell more of their products. And the authentication products will comoditize. Maybe it will not happen in 2006, but we will eventually buy SecurID tokens in hypermarkets.

It looks like it would help to explain it a bit.

Robin is right stating that the token bought in hypermarket will prove that the holder is no-one in particular. It is exactly like that at the moment the token is purchased. But when the token is used, that may change.

If the token is used to browse some books at amazon, a wishlist may be created and "stored" at the token. And maybe some preferences profile also. Then the token may be used to browse a movie store. The movie site may get the topic profile from the token's "memory" and see that the owner is interested in sci-fi. The movie store may provide a list of best sci-fi movies directly on the store homepage.

(The information may not be "stored" directly at the token, but more about that later.)

After some time the data "stored" on the token may get quite rich. The sites may not know what is the name of the token holder, but may get user's preferences. That may be much more interesting than token holder's name. I'm sure you've got the idea.

Naturally, the use of the token must preserve user's privacy. "Traditional" tokens usually cannot do this. You have to bundle the token with something like Liberty Identity Provider (IDP) account to provide at least some privacy features. Therefore you will buy e.g. SecureID token branded with the logo of ReallyCool Identity Provider on it. And you will be buying an IDP account with the token. And if someone get the idea to bundle some interesting services (e.g. social networking or pre-paid account) with it, people may really want it. That is the reason I think that authentication products will integrate with "identity" technologies quite soon.

But that may be only the beginning. More and more "serious" companies provide "serious" products on-line. Take Internet banking and on-line brokering as examples. Each of these services requires (strong) authentication. As I've written before, we have been seeing that situation here in Slovakia for quite some time. We usually end up with several tokens for different services, and that's only few on-line service providers in a small country near the end of the world. Imagine that situation on the Internet scale ...

But if you've already bought token in the hypermarket, there is no reason why a bank has to issue you a new one. You may quite well use the one you already have. Just instead of going to your bank to collect the token, you go to the bank to tell them the number of your existing token (simply speaking, but LICSLW). No real trusted third party is needed, as the bank itself "certifies" your token (there is trusted third party in fact: the IDP). You can use similar procedure for other "serious" services as well. And end up with single token.

I hope that makes sense. Being a technologist, I'm not too good at predicting the "common" market trends. But selling tangible "token" instead of intangible "IDP account" may be the sparc leading to ... explosion?