Symantec ponders Internet ID management service

Symantec is considering developing a service that would position the company as a third-party broker of identity management services for the Internet.

Speaking at the Enterprise Ventures 2006 conference on Thursday morning, Mark Bregman, senior vice president and chief evangelist at Symantec, noted a growing hesitance on the part of some consumers and businesses to conduct business on the Internet.

A new wave is emerging in which consumers rather than enterprises are driving the Web, but this could be jeopardized by fears about security, Bregman said.

"If that fear builds up too much, this could disrupt that transition," he said.

Safety concerns have arisen not only for applications such as Internet banking but also for social interaction, with identity verification an issue, Bregman added.

"One of the big areas we're focused on is: How do you solve that identity problem?"

A third party will emerge that provides identity management services on the Internet, said Bregman. An identity clearinghouse would hold enough information to verify identity but would not need other personal information, such as health records, according to Bregman.

Asked afterward if Symantec was considering becoming that identity clearinghouse, via a software as a service (SaaS) paradigm, Bregman acknowledged it is under consideration.

"I think it's an area we're looking at," he said. Symantec is already in the SaaS space with its Norton 360 security service for consumers, he added.

Most technologies available today pertain to enterprise identity management, Bregman said. But the issue is establishing and maintaining an identity on the Internet, he said.

"The key is, how do you make it easy enough to establish that, but hard enough not to make it worth your while to establish a fake ID," he said.

Authentication from a user's own PC presents a higher level of confidence than that same user logging on from, for example, an Internet café in Istanbul, said Bregman. "In the enterprise, it's either you or it's not. In the broad Internet world, it's how confident am I that it's you," he said.

Rather than charging consumers for the identity management service, the clearinghouse would likely function similar to credit card services, in which merchants pay for the service, Bregman explained.

Asked to compare the clearinghouse idea to the Liberty Alliance identity management effort, Bregman said Liberty focuses on standards for communicating identities. But it does not define how to establish identities, he said.

Also at the conference, venture capital executives who have experience as CIOs offered mixed reviews on how much the SaaS model can penetrate the enterprise. They spoke on the topic after an audience member cited Google's ambitions to provide desktop applications over the Web and asked how far SaaS could go in the enterprise.

Donald Haile, venture partner and site general manager with Fidelity Ventures, said that three years ago, his firm would never have bought into SaaS. But that view has changed. "I'm in the process of changing my opinion," said Haile.