Sxip wants to raise the e-commerce security bar
by  Alan Zisman (c) 2007 First published in Business in Vancouver March 27- April 2 2007

Back in 1996 (BIV issue 334), this column looked at a PriceWaterhouse (et al) report in which the company wasn’t sure whether this then-new web thing would prove to have legs or whether (like CB Radio) it was just a passing fancy. If it lasted, though, PriceWaterhouse anticipated enhanced connections between vendors and consumers and between companies doing business with one another.

This has largely come to pass. But the promised “friction free” commerce hasn’t. Far too often, prospective customers, faced with entering a page of personal information online back out, mid-transaction.

Dick Hardt, founder of Vancouver’s Sxip Identity (pronounced “skip”) thinks that part of the problem is our lack of verifiable identity online. We use passports or driver’s licences to verify identity in the physical world, but online life is another thing. As a New Yorker cartoon noted: on the Internet, no one knows if you’re a dog.

According to Hardt, it’s straightforward to log users onto individual network directories (he refers to this as Identity 1.0). In the late 1990s, Microsoft Passport and the Liberty Alliance developed single sign-on schemes connecting users to competing federations of large enterprises. (Hardt considers these Identity 1.5). Now, you may have built up an online reputation with, say, eBay, but that doesn’t carry over to, for example, Craigslist.

We need, he suggests, “Identity 2.0,” identifying users across multiple websites, something as portable as, say, your driver’s licence; something not proprietary and controlled by a single large corporation. As with the Internet replacing proprietary network protocols, Hardt believes that “simple and open” identity systems will provide the answer. This is evolving out of the needs of large websites to enable users to share identity information. Sxip is one of the movers behind a new OpenID protocol designed to help meet this need.

Sxip (which presumably stands for Simple eXtensible Identity Protocol) offers Sxip Access for on-demand identity management for SalesForce and Google Apps and Sxip Audit, a security dashboard for SalesForce. The company is also working with the B.C. provincial government e-governance initiatives. It recently released Sxipper, a free web browser identity plug-in. Sxipper allows users to store personal data and passwords and have them automatically (and securely) entered into log-in and web forms with a single click.

While your web browser may offer to save and reuse form information, that only works when you’re returning to a form you’ve already filled out. Sxipper users “map” forms across the Internet, so the odds are good that when you visit a new website, Sxipper will already know what data is needed for the form. Should you visit an online form that’s new to the Sxipper database, you can choose to “map” the information, making it possible to automate other Sxipper users’ entries to that page.

Your personal data resides, encrypted, on your computer. All that’s stored at http://sxipper.com/sxipper.com is your e-mail address and log-in information. Sxipper works with Windows, Linux, and Mac versions of Firefox. The company is planning a version for Internet Explorer and enhanced commercial versions.

Is Sxipper’s dog logo a reference to that New Yorker cartoon? I don’t know. But it’s a step towards an online future where, on the Internet, everyone will know when you are or aren’t a dog.