July 28th, 2006
Knock, knock -- who's there?
Joris Evers has an article over on CNET about the "security risks" of Web 2.0. These days, whenever I read the words "security risks" I dig a little deeper to see if people actually mean "identity problem." As it turns out, most of the time they do.
As I dug into Joris’ piece, I found Billy Hoffman comparing AJAX (a foundation of Web 2.0) to a house with many windows and doors, wherein he said: "A traditional Web site is like a house with no windows and just a front door. An AJAX Web site is like a house with a ton of windows and a sliding door."
My immediate reaction is to plug in the missing piece in the analogy — someone knocking on the door. If web 2.0 is a house with lots of openings, then someone coming in through those doors is the actual "security risk." So, while I’m imagining Billy means much more than authentication, authorization and access control, his analogy nicely highlights the core of web 2.0’s identity problem.
Web 2.0 applications are all about interactivity — an interactivity which occurs at the boundary of the "house," as people knock on the door or open the window. If the house contains no valuables, or the interaction involves very little risk, then knowing the identity of the person at the door is not as important. But, as the web 2.0 house begins to posses value (namely, stored information about its users), then knowing who is at the house is of extreme (even criminally punishable) importance.
The nearly absurd extension of that analogy does a nice job of explaining why the first statement of Web 2.0 should be: Knock, knock. Who’s there?
