A conversation with CoreStreet's Phil Libin

In today's podcast I interview Phil Libin, president of CoreStreet, whose innovative approach to large-scale and decentralized credential validation I first wrote about two years ago. We began with a discussion of FIPS 201, a program of the U.S. government that was kicked off by an August 2004 presidential directive. The FIPS program lays out a broad mandate for a unified identity infrastructure -- for both physical and virtual security -- to be used by all federal agencies and departments.

Beyond FIPS 201 compliance, Phil updated me on how CoreStreet's decentralized approach to credential validation has evolved over the past two years. Two aspects of that approach are especially interesting. One is an idea that Phil used to call "validation heartbeat." In this scenario, you precompute millions of time-limited validation proofs and broadcast them to intermittently-connected devices. The first practical realization of this idea is a product that uses this technique to identify first responders belonging to a number of different organizations. Ruggedized handheld devices, equipped with cardreaders are deployed to the perimeter of a disaster zone, know -- without having to ask the network -- who's allowed in.

The other fascinating idea is a kind of sneakernet, or what CoreStreet now calls a "card-connected architecture." Here's how Phil explains the idea:

We see the card as a temporary part of the network. When you look at a card, the common way to think about it is that it's your credential, it shows who you are. But we think about the card as having two pieces. There's the piece that's your credential, and that very specifically is the PKI piece, but half of the card is just a scratch pad for your network. It's an opportunistic place where you can put some stuff that you could also get if you plugged into an Ethernet. It's just a cache. So if you think about it that way, it's not a question of what privileges you put on the card, but rather what privileges exist on the network.

Unified physical and virtual security is still very much a leading-edge discipline, and I really enjoy Phil Libin's perspectives on where it's headed.

On the audio front, this episode struggles with levels and clarity. But I've received tons of advice in response to last week's item on that topic, and I'll report back once I've worked through some of the many approaches. Especially noteworthy, however, is Doug Kaye's Skype how-to -- clearly it's time to revisit that option.

Former URL: http://weblog.infoworld.com/udell/2005/07/19.html#a1270