Wednesday, 28 May 2008

New CAPTCHA technology already obsolete?

Discussing the latest CAPTCHA technology with a co-worker, I got the idea that CAPTCHA's are already an obsolete technology. It's successor ? Federation.

People still need to 'register' face-to-face with lots of potential identity providers. To name a few: a technician of the ISP needs to come to your home for installing an internet connection, you have to fill out some forms and hand over a copy of your identity card for opening a bank account and you have to present yourself to a clerk at city hall in order to receive an identity card. These forms of registration at Identity Providers don't require online forms, they require some sort of paper contract and a meeting in person. Some of them even hand out strong credentials in the process like tokens or smart cards.

I'm forseeing some troubles in achieving the following prerequisites but given ubiquitous trust in such identity providers and the privacy protection mechanisms enabled in federation protocol implementations, users will never have to fill out an online registration form again. Sites will no longer have to implement them or tinker with spam bot protection mechanisms, like CAPTCHA's, no more. We will have achieved the federation nirwana.