Opportunity: ID

Proponents of identity management have a catchy new mantra: Identify, authorize, monetize. For some time, business technologists have depended on ID-management tools to vet those trying to access company data and applications. But now they're considering them to help generate sorely needed online revenue.

Take, for example, D&B Inc., which is working with identity-management software maker Netegrity Inc. to wring more money from D&B's vaunted business and credit-rating databases. D&B, formerly known as Dun & Bradstreet, this week expects to disclose a plan to let businesses using Netegrity's popular SiteMinder ID-management software link to its databases. It would work this way: D&B would have a link on the registration page of a company Web site that used SiteMinder to qualify, say, new suppliers. After a prospective supplier fills out a registration form, the Netegrity software would take over and check the information against D&B's database of 70 million businesses.

Assuming the supplier is cleared, SiteMinder would issue a password and set credit and security limits. That could shorten a lengthy process down to the time it takes to zip information across the Web, D&B VP Sonny Ajmani says. D&B would charge customers a fee to integrate the information into SiteMinder's security-policy engine. All of this would be made easier by new intelligent rule sets introduced last week for SiteMinder.

Other businesses are considering making their internal ID-management systems compatible with efforts by Microsoft and the Liberty Alliance, led by Sun Microsystems. Both initiatives have the same goal: To give people a single sign-on to the Web, after which their identities follow them. Sun last week unveiled more details on how it will extend identity management to Web services and, ultimately, provide a standards-based platform for exchanging digital IDs.

Microsoft's Passport confirms peoples' identities, letting them access commerce and content sites hosted by Microsoft and its partners. But Microsoft, which has 200 million registered Passport customers, still must show executives how they can make money by licensing Passport. The vendor is developing software called .Net My Services that could let Web sites offer consumers customized calendars and E-commerce notifications delivered to any computer. Using that software, businesses that have Passport could quickly log their customers on to a variety of new products. "Once you authenticate to a Web site, then they can offer some more interesting services," says product manager Adam Sohn.

The Liberty Alliance, a growing group of companies that includes American Express, MasterCard International, and Sony, proposes an alternative to Passport. In a few months, Liberty will disclose the specifications for its proposed technology, which will let businesses or third parties manage ID data stores.

United Airlines Inc., an alliance member, wants to team with travel-related companies in using an ID-management application to make its site more valuable to travelers. Customers would log on at United's site to book a flight and go directly to book a rental car at a partner's site without having to log on again.

"The real goal is to stimulate consumer commerce on the Web by making it easier for companies to make joint offers to consumers who share their identity" with the companies, says Eric Dean, United's CIO and chairman of the alliance. Dean predicts that third parties will resurrect the Internet mall concept, with a single sign-on and payment interface for customers whose purchases earn them loyalty points with participating merchants (see story, "In Lockstep On Security").

Standard & Poor's chief technology architect Brian Whitehead anticipates a similar mall--and in it, S&P will sell its data with much less friction. "We're selling [content] now the old-fashioned way, with salespeople, and the cycle can take four or five months," Whitehead says. "This is the next phase of Web services."

General Motors Corp., another Liberty member, plans to use ID management to collaborate with other businesses and with consumers through GM units GMAC, Hughes, DirecTV, and OnStar. One application it's considering would improve the value of OnStar services. Should a driver be involved in an accident, OnStar could use information gathered by identity-management software to transmit medical data and insurance details to the car's OnStar terminal. The driver's personal information, stored at different locations within various databases, would be temporarily aggregated. "That's when you don't want a separate password," says Tony Scott, GM's chief technology officer. "You don't want to fish around in a wallet for the secret handshake." The service would be another selling point for OnStar, Scott says.

One unanswered question as ID-management evolves is who will emerge as the top players. So far, leading identity-management vendors, including IBM, Netegrity, and Oblix, have focused on enterprise applications used to authenticate employees or business partners and assign their access rights.

Lacking is a universal identifier that businesses can use to authenticate an individual and pass that information in a common format to other companies. Both Passport and Liberty aim to create that identifier and, by doing so, facilitate such exchanges. Yet a debate continues about whether the two can co-exist. "We learned in the car industry that no one vendor can pull off an interoperable and secure platform for digital identity," says Scott. "This isn't anti-Microsoft. Look at the model for success on the Web so far," he says, where progress is made through "federated standards."

Oblix recently decided to support Passport, so that any Oblix-enabled site would be able to accept Passport tokens. Companies would know both a person's identity and relevant credentials. "Knowing a user's identity isn't enough," Oblix CEO Gordon Eubanks says.

But consumers aren't clamoring for single sign-on capability. In fact, 84% of Passport users signed up because Microsoft required that they do so to use services like Hotmail or because Microsoft asked them to when they registered Windows XP, says Avivah Litan, research director at Gartner. Only 2% of users created their Passport accounts to avoid multiple IDs and passwords. But business leaders hope that will change once they launch services to demonstrate the value of single sign-on. Says United's Dean: "Certainly there's a lot of untapped opportunity."

-- with Christopher T. Heun and Aaron Ricadela