Fixing .Mac - Idea 4: Secure Identity Services

Apple's nebulous .Mac services were introduced in What the Heck is .Mac? In 10 Reasons Why Apple Can Kickstart Web 2.0 I presented why Apple is uniquely poised to actually deliver .Mac services well worth the price of admission. In this series, I'll describe features I think Apple needs to add to their .Mac service to move it from "web hosting and email plus" to a complete suite of services that are valuable, obvious, and will sell themselves to potential .Mac subscribers. Plus, I want to use them!

Idea # 1 | 2 | 3 | 4 : Add Secure Identity Services

Borrows Ideas From:

PGP, Passport, Thawte, VeriSign

Unlike many web based services, Apple has the ability to assign individuals within the .Mac world public keys to prove their identity when browsing, tagging, talking, emailing or sharing files. While anonymity is sometimes necessary and often desirable, Apple is in a unique position to offer spoof proof, authenticated identity, something rare on the open Internet. Because .Mac users pay a subscription fee, their identity can be verified by Apple via their contact information and credit card, making Apple's Identity services as strong as PayPal or any bank.

Apple could even create a way for users to authenticate their trusted .Mac identity with third party sites. Microsoft tried to do something similar with Hailstorm and Passport, but who trusts Microsoft? The industry and consumers certainly didn't, and Microsoft's fiascos with Passport's security just reinforced why.

Passport was renamed under the .NET brand, and is now getting rebranded under the Live brand. When Microsoft re-brands a technology, you know they are trying to hide failure: Video for Windows? WinCE? Would you trust security services from a company that has to hide them under different brands every few years?

Microsoft's Passport was partially about storing a user's identity for them, that is, jumping up to supply users' credit card data during an online transaction. However, Microsoft really wanted to own users for single sign on, so that they could track and market user's behaviors, and sell user data to websites that would enable them to target their marketing.

Apple's offerings would be very different, because Apple would be only offering simple access to complex technology, not trying to own and market a user's data or identity. Apple's existing security software is based on open standards, and is designed to work as tools that verify identify (document signing) and secure data (document encrypting, secure data exchange).

Users can buy or obtain certificates from outside certificate authorities, but it's complex and difficult to get everything right. Apple is in the perfect position with .Mac to serve as an authority for verifying users' identity, and can make it super simple for users to benefit from pervasive, certificate based security that "just works."

For .Mac, they simply need to verify the identity of their members by acting like a PKI certificate authority. That's a service users would normally pay for, but Apple can throw it in for free.

Apple already almost does this; they provide supply software with Mac OS X for creating local certificates, they started doing encryption services for iChat, and the service is almost there for use with Mail, it’s just hidden away in Keychain Access.

Why Apple Can Deliver this:

Apple can build upon existing services because, Apple has (1) the users, and (2) owns the platforms to roll it out. The system is (3) given away for free, as part of .Mac, which users (6) trust. Further, Apple has proven they can build things that (7) work, are (8) usable, (9) very cool, and (10) will actually get finished.

Here's how it works:

•Apple generates trusted PKI certificates for .Mac users,
•The certificate is securely delivered to members' Keychain,
•Safari, Mail, iChat and other apps enable secure and verifiable proof of identity.

Users benefit by being able to sign and encrypt email, chat, hyperblogging, published web pages, and shared files. When users receive signed mail, they know it really came from that person. Regular email is far too easy to spoof.

Having pervasive, certificate based security set up also makes it much easier for users to set up encrypted transactions between each other, such a VPN connection to access files, SSH transactions like sftp, or a secured chat session.

Bang! Apple can advertise that .Mac email services between members is encrypted and signed to banish spam, spoofing and snooping, and also make it easy for .Mac members to certify encrypted file downloads and sign up to obtain free SSL certificates for web publishing. Once you know who you are dealing with, it's easier to do business.

But wait there's more.

More ideas for .Mac: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8. Let me know what you’d like to see from Apple.