CNET también está disponible en español.

Ir a español

Don't show this again

HolidayBuyer's Guide
Internet

The Net's gettin' messy

Ping Identity VP Eric Norlin warns that sundry schemes, scams and shams are dragging us toward a future where the Net as we know it is basically unusable.

Among the open-source community there's a commonly used acronym, "POGE." It stands for the "principle of good enough," and it's meant to emphasize the open-source tenet that you don't begin a project by over-engineering the end result. Instead, you do what is "good enough" and then let things improve over time.

The Net started this way. In the beginning, it was "good enough." Good enough for some forms of communication. Good enough for posting documents that linked to other documents. Good enough for putting dirty pictures online.


Get Up to Speed on...
Open source
Get the latest headlines and
company-specific news in our
expanded GUTS section.


But lately, the Net is no longer good enough: identity fraud, viruses, worms, phishing, snarfing, child porn--oh, and endless piles of spam. All of these problems exist because the Net's core infrastructure--its architectural essence is no longer "good enough."

The bottom line is this: the sundry schemes, scams, and shams that now dominate the Net are quickly dragging us toward a future where the Net as we know it is basically unusable. Put plainly: the Net's getting messy.

Learning from the dinosaurs
The cause of this messiness may be inherent in the structure of networks--that is, if you buy into modern science. The field of complexity theory might argue that the current state of the Internet is just a natural phase in the evolution of networks.

It seems that self-organizing networks (from ecosystems to economies) start with a few connections and, through a process called auto-catalysis, bring more and more connections into being--often with those connections forming around "supernodes." These supernodes and connections go through a growth phase that is marked by relative stability.

But as the growth continues, so does the number of connections. Eventually, the number of connections is unstable and the system moves toward the "edge of chaos"--that place where the network is in danger of losing its inherent utility and stability. At this point, either the network falls over the edge (i.e., the dinosaurs) or recovers and evolves into something different (i.e. recovering from a recession).

The Internet was never built for commerce.
The Internet was never built for commerce. It was designed more than 30 years ago as a communications system that still closely resembled the structure of ancient communication systems: post, view, reply. Tim Berners-Lee completed the original software for the Net in 1991, adding the "link" variable, which is what made the Internet so powerful.

Still, at its core, the Net was built with one assumption: If you were using it, you had been granted the right privileges for access. That assumption came from the simple fact that you didn't get on this Net unless you were working at the Defense Advanced Research Projects Agency (DARPA) or on a doctoral degree in computer science at the University of Michigan, which received the initial contract from the Department of Defense to begin working on the network that became the Internet.

The Net's model of interaction was built to present, represent and point to other pieces of information. But this model of interaction is not the model of interaction that we use in the "real world"--the worlds of social interaction or commerce. As such, the Net's core architecture is unable to adequately accommodate the higher-level commercial and social activities that people are now attempting on it. These activities are becoming increasingly exposed via Web services, auction sites and social networking services, for example.

To accommodate those activities, like commerce and social interaction, that more closely models the "networking" of the real world, the Net needs a well-defined sense of identity.

Moving beyond anonymity
The Net's sense of anonymity (or rather, its sense of physical location as a proxy for identity) has been "good enough," to this point. But as the Net becomes more integrated with business systems and with the components of our everyday lives, it is essential that the Net retain its greatest strengths and evolve to meet the challenges of identity.

Arguably, the Net's greatest strength has been its distributed nature.
Arguably, the Net's greatest strength has been its distributed nature. Moving toward a Net with a sense of identity must recognize and exploit this architecture. As such, the emerging and maturing specifications from groups like the Security Services Technical Committee at the Organization for the Advancement of Structured Information Standards (OASIS is the group working on the Security Assertion Markup Language, or "SAML"), the Liberty Alliance and the WS-Federation working group are doing the right thing by insisting that existing identity information remain distributed, while becoming linked and more useful.

Granted, the steps these specifications are taking are just the first evolution in a larger process. But these important first steps need to be realized for what they are: good enough. These specifications are good enough in that they are laying the initial groundwork for a much larger undertaking--an Internet with a fine-grained, end-user controlled sense of identity.

As the Internet gains a sense of identity, many important decisions will be made about privacy, piracy and security. But the movement toward that Internet with an identity is nearly inexorable. Without that sense of identity, however, the Net as we know it today will eventually reach a point of being nearly unusable for anything other than posting and viewing Web pages.