At a recent get-together of IT community people on Microsoft's campus, the meeting started with an attempt to define Web 2.0, a term some associated with nothing more than marketing fluff. Talk turned from the medium to the message--to the content being generated by wikis, blogs, feeds, and social nets--then to a question about the people generating it all.
At a recent get-together of IT community people on Microsoft's campus, the meeting started with an attempt to define Web 2.0, a term some associated with nothing more than marketing fluff. Talk turned from the medium to the message--to the content being generated by wikis, blogs, feeds, and social nets--then to a question about the people generating it all.The issue is whether there's some way of knowing with a higher level of confidence who's who in cyberspace. Digital IDs exist in a variety of formats, such as Microsoft's Passport, but analyst Michael Cherry with advisory firm Directions on Microsoft argues current techniques aren't enough. The problem: Digital IDs are too easy to fake because they're completed by the user, not an independent authority.
"If credentials are really going to be useful, someone has to step up and say that they will vouch for who someone is," Cherry explained in a subsequent e-mail. "When are we going to have certs that are better than self-assertions that, I am a great guy, I am who I say I am, and I say you can trust me?"
Someone else chimed in that there needs to be a better way to audit content to determine its original source. Another proposed a "reputation-based system" that would assign a higher degree of relevancy to content generated by trusted authorities than content created by every Tom, Dick, and Harry with a URL. It's unclear how such a system would work, if at all. Who would manage it? How would credentials be determined? Could a person be highly credentialed yet remain anonymous?
There are precedents for assigning value to different kinds of content based on who created or sent it. In just two examples, E-mail reputation systems attempt to let legitimate messages through while filtering junk out, and Google algorithms place higher value on some Web sites than others.
So the question of e-credibility really has two parts: How do you verify that people are who they say they are? And, is it possible to correlate value with what they say or do, based on who they are? Both are powder-keg questions, since anonymity (or self description) and the concept of a level playing field are fundamental to our understanding of the Internet.
Yet, as the amount of content available on the Web grows--too much of it from pranksters, criminals, pedophiles, and extremists of various sorts--it gets harder and harder to separate the wheat from the chaff. It's easy to see why some people think there's got to be a better way.
Web cred is a powerful but delicate thing, however. Tricky to define, hard to enforce, and easy to lose.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.