The Skype Identity plugin concept
June 05, 2006
Now here is something I’ve been thinking about that would be an useful add-on to Skype, and that I know that some entities actually need. For lack of a better name, let’s assign the working name “Skype Identity plugin” to it. It solves a problem that Skype itself at this time does not address and probably never will in the core offering: identity assurance.
In short, identity assurance is making sure that the remote party is really who he claims to be. You could also call it “authentication”, but I find “identity assurance” cooler for the purposes of this post, so I’ll use it. So, if you talk to the Skype Name “niklaszennstrom”, do you really know if it is Niklas, or is it someone claiming to be him? You really have no way of knowing.
Skype does not authenticate anyone who signs up for a Skype Name. You can sign up for any name, enter anything in your profile as a full name or any other data, and neither Skype nor other Skypers have no way to validate it. What Skype DOES have, however, is an API that you can use to do all sorts of cool things, including the Identity plugin.
What’s the general idea?
If Skype does not know who you are, who does then? A lot of parties, actually. Some countries issue an electronic identity card to all its people, such as Estonia, Finland, Belgium and others. For business purposes, you may have a token from your company or organization. You may have bought a private token or generated your own PGP key. Your bank may have given you a token to log on to your e-bank. All of these are expressed in some sort of token – be it a smart card, a hardware key or a softkey on your hard drive.
So all the Skype Identity plugin would do is to bridge the token and Skype sessions.
So… what does it do and how does it work?
Hey, I even made an architecture diagram. Phear my leet drawing skills. I know I suck at it, so I didn’t even try and just whacked it up in Paint. Don’t you just love unisex Alice and Bob. (Click for larger.)
So everyone wanting to participate in the system needs to install the plugin. And here’s how it would work.
Most of the time the plugin just sits idly, monitoring your Skype activities. You would need to “sign in” to it using your token. Say it is an identity card – you pop it in the reader and tell the plugin to sign you in. The plugin authenticates your smart card – or rather, uses the security subsystem of your platform to do that. On Windows, it would be based on the Windows certificate store and the installed Crypto Service Provider modules. On other platforms, it would use PKCS#11 or whatever other protocol is hot du jour. So if you have a smart card, a Windows dialog pops up asking you to enter the PIN, passphrase, fingerprint or whatever authentication method your token uses. You enter it, and voila, are signed in to the Identity plugin.
Now… the main action of course happens when you engage in a Skype call, chat or any other type of communication. The plugin detects that and pops up some dialog which displays the REMOTE party’s Identity status. (And the remote sees similar stuff about you.) If the remote has not signed in to the Identity plugin, or does not have it, you simply see “unidentified” and you proceed as you normally would when talking to an unknown Skype Name.
If the remote HAS signed in to the plugin, you see his or her identity. How that exactly looks and works is beyond this basic idea scope, but it would show you the token info used to sign in, plus the information obtained from the token, such as the person’s name or status. So if it were a national ID card, you could perhaps see an icon of the card, plus the person’s name “downloaded” from the card. (And it doesn’t just randomly display it – it obviously talks to the remote plugin, and perhaps also some online validation services, in a cryptographically secure manner to validate all this stuff.)
Identities, trust and authorization
Now… there are two interesting questions unanswered above.
First, where does the list of identities come from? Does the plugin know and trust all the identities of the world, or does it have a certain “root list” that it trusts, and rejects others? How about the graphical representations of all these? I guess this remains to be worked out as part of the business model, should anyone ever do such a plugin.
Secondly, and it’s sort of the same question as the previous one, how much can and should you trust various identities? Say someone calls you claiming to be identified with the corporate token of Acme Inc, or Mongolian ID card? The answer to this, more so as to the previous one, is always “it depends”. It’s a policy question, and the Identity plugin certainly cannot enact uniform policy decisions for everyone. If you are using Skype for business purposes, the policy may very well be “OK to talk to anyone who is authenticated with my company token, reject all the rest”. if you are using it as a private individual, it may be “OK to talk when remote is identified with ID card, be a bit more careful if she isn’t as you may be talking to an imposter”. So there will need to be features for enacting all sorts of different policies depending on the context of use.
No, but would anyone ever need it? I mean… really?
Most people would not. Skype is fine to use as is for daily and private use. Simple directory solutions solve the problem for most organizations, and the above is over the head of most folks. It sounds complicated, and it is. It need not be for the actual Skyper if done properly, but figuring it out and getting it done certainly is. “The simpler the result, the harder to filter all the complexity out of it.”
However, in many businesses and environments there are statutory and policy requirements for identity assurance, and I believe there will be more so going forward. Just look at all the recent online fraud and scam discussion – you don’t need to be a rocket scientist to understand that electronic identity (if done PROPERLY – which most of it is not) has shiny days ahead of it. Perhaps online banking could be the first application of this.
Coupled with other security mechanisms, such as audit trail, logging and recording of the communications, I believe the Identity plugin would make Skype acceptable even for high-security environments that may frown upon it typically. I know a bit about the Skype security system and while we may not have done the best job in communicating it, we’ve had some folks look at it and what’s there is good. Coupled with the Identity plugin and audit trail, it would be a pretty good mechanism for assured-identity conversations. “I talked to John X and sent him a couple of files. The sessions are logged and the Identity plugin provides proof that he was authenticated with Acme Inc token.” or “Mary Z called the bank to transfer some funds on behalf of her company (or perhaps chatted with the bank’s robot using Skype chat). She was authenticated with the bank-issued smart card.”
Phones can’t really do this. The best they can come up with there is caller ID. And maybe some codes you read over the phone or punch in to the system with the dial tones, but that’s about it.