Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

A second set of technologies could help authenticate Internet communications. It would be a huge boon to Internet security if you could be sure an e-mail from your bank is really from your bank and not a scam artist, and if the bank could be sure that when someone logs in to your account, that person is really you and not someone who stole your account number.

Today, the onus of authentication is on the Internet user, who is constantly asked to present information of various kinds: passwords, social-security numbers, employee ID numbers, credit card numbers, frequent-flyer numbers, PIN numbers, and so on. But when millions of users are constantly entering these gate-opening numbers, it makes it that much easier for spyware, or a thief sniffing wireless Internet traffic, to steal, commit fraud, and do damage.

One evolving solution, developed by Internet2 – a research consortium based in Ann Arbor, MI, that develops advanced Internet technologies for use by research laboratories and universities – effectively creates a middleman who does the job. Called Shibboleth, the software mediates between a sender and a recipient; it transmits the appropriate ID numbers, passwords, and other identifying information to the right recipients for you, securely, through the centralized exchange of digital certificates and other means. In addition to making the dispersal of information more secure, it helps protect privacy. That’s because it discloses only the “attributes” of a person pertinent to a particular transaction, rather than the person’s full “identity.”

Right now, Shibboleth is used by universities to mediate access to online libraries and other resources; when you log on, the university knows your “attribute” – you are an enrolled student – and not your name or other personal information. This basic concept can be expanded: your employment status could open the gates to your company’s servers; your birth date could allow you to buy wine online. A similar scheme could give a bank confidence that online account access is legitimate and conversely give a bank customer confidence that banking communications are really from the bank.

Shibboleth and similar technologies in development can, and do, work as patches. But some of their basic elements could also be built into a replacement Internet architecture. “Most people look at the Internet as such a dominant force, they only think how they can make it a little better,” Clark says. “I’m saying, ‘Hey, think about the future differently. What should our communications environment of 10 to 15 years from now look like? What is your goal?’”

6 comments. Share your thoughts »

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me