Ping Identity CEO Andre Durand plans to frame that model and link it to the evolution of identity as the Internet's new security perimeter when he delivers his keynote address at the Cloud Identity Summit in Monterey, Calif., later this month.
"What does it mean to live in a digital world where identity allows us to go anywhere securely," says Durand.
To answer that he is thinking of a familiar model called a security token service (STS), an identity decision point that authenticates users and issues tokens for access across otherwise protected boundaries.
"In the physical world when I walk up to a machine to get my boarding pass, I am walking up to a security token service," says Durand. "It takes a token, called a driver's license or credit card, and it issues a one-time token. It [STS] accepts a long-lived token and issues a one-time token. And I can get through security and board the plane. "
Durand says the model he sees is that of a physical world identity accompanied by the correct token that moves people between security boundaries; be it airports, doors to a hotel room or past security guards.
"Well lo and behold, what would it mean to have a virtual world in which I can go anywhere between boundaries securely?" he asks. "It turns out it has the same manifestation in the virtual world as the physical world and it is all about token exchange--long-lived, short lived, one-time, limited-use, etc.," says Durand.
He says what needs to be built is a virtual representation of the tokens we have in real life. That, he says, requires federation infrastructure that will convert, issue, validate and revoke tokens everywhere.
Durand's overall theme is a modern identity infrastructure that supports tokens. "That infrastructure will allow us as individuals to move seamlessly in and out of security boundaries. To do that, we will have many types of tokens including the ultimate token, which I think will be our phones."
Durand thinks the mobile phone will take the place of a driver's license or passport and will be a repository for other tokens.
"There are no security perimeters when you have identity, but you need an infrastructure to support it. What I want to explore is what does it mean for identity to be that perimeter."