Now that technology has been around for a while, there are many fields that are dominated by a few big, big names, whether it be search (Google) or software (Microsoft). One of the few arenas left that has no clear winner is that of Web authentication. One analyst even dubbed it the “holy grail of the Web 2.0 space.” And one tiny Canadian company from way out east has stepped up to try a grab at the grail.
The Moncton, N.B.-based TrustMe is a three-year-old start-up backed by a couple hundred angel investors and former White Hill Technologies exec Elisabeth Ryback and her CTO, Mike Mullen. Ryback said that she saw a gaping hole in the Internet around security issues.
So she started TrustMe, a Web-based authentication service for Internet transactions and passwords that can extend to many enterprise applications, including VoIP, instant messaging, e-mail, and document transferring. Said Ryback: “The TrustMe platform manages the keys. Instead of the keys being managed in a resident network, which can be arduous, a Web service manages the keys and the contacts.”
The Web-based service aspect of the business will benefit IT managers who want to spare themselves the chore of managing keys internally, according to Ryback, who said that they can then centrally manage it and lessen the administrative hassles.
According to Dave Senf, director of research for Canadian security and infrastructure software with IDC Canada, this would only work in a standardized environment. He said, “If your system is already integrated, then, yes, Web services would work, but if you have a heterogeneous environment with different applications, then the Web service probably won’t help you.”
Another use of the application, said Mullen, is the social graph that results from all the collected connections of the passwords and contacts and names. From there, someone would have the makings of a raw social network that would provide the opportunity to stick in more raw data. This could prove problematic, said Senf, due to privacy concerns of the consumer and business customer. And when it comes to IT managers and the thought of managing such a network? “I don’t know anyone who would touch that with a ten-foot pole!” he laughed. And, Senf said, businesses would also be likely to shy away from such a use, due to ever-increasing privacy rules and regulations.
Its revenue model is based on its enterprise email security software. The company also offers up for free the API to developers. Once people start using the API for commercial purposes, TrustMe will charge metered usage fees to the applications once they reach a significant bandwidth threshold.
Making TrustMe a success could pose somewhat of a problem. “They’re taking a stab at solving a long-standing problem—a lot of vendors with a lot of money have spent a lot of time trying to solve it before,” said Senf.
The behemoths have tried for what Senf called the “holy grail of Web 2.0” and faltered, whether it be Microsoft and its Passport, or the almost-aborted Liberty Alliance from Sun et al. Probably the most successful so far—if you could call it that—is the open-source offering OpenID and its big-time backers like Google and Yahoo.
But even with—or maybe because of—the giants on board, consumers and business customers are usually leery of leaving all their passwords and contacts with a single vendor, said Senf. “It’s helpful, but how much do you trust them?” he said. “(People can be turned off by) ID clearinghouses. Customers will be reticent about the privacy concerns.”
Major players that need to come on board include the banks and credit card companies, he said. Sand Senf: “And that’s a tough nut to crack.”
Another obstacle? The loss of branding. “If you move all your keys into a central repository that will be your ‘face,’ the companies lose some leverage,” said Senf.
In the end, said Senf, “You need a whole ecosystem to make it work.”
Said Info-Tech Research Group analyst George Goodall: “Without scale and scope, it’s going to be very challenging.”
And thus the grail remains at large.