There was a cartoon by Peter Steiner in the July 5, 1993 issue of The New Yorker showing a dog at a PC speaking to another dog watching from the floor. The caption was, ?On the Internet nobody knows you’re a dog.? Very true and in fact nobody really knows for sure just who you are. Nor do you know who is at the other end of a chat session or e-commerce transaction either. Assuming success of the numerous technologies at the Inside ID conference in Washington, D.C. this week, we will soon have Digital IDs that will change this. There are many issues but has become urgent that we get digital ID’s in place for all of us (and for our servers and eventually for everything. There has been a prevailing attitude that digital IDs would mean that the “government” would issue an ID that would then enable them to spy on us; read our email, track what we do on the web, or invade our privacy in some way. A bit of knowledge plus a healthy Net Attitude would actually lead us instead to a very positive view — that digital ID’s are not to be feared but in fact should be embraced. They represent the empowerment that can unleash the full potential of e-business while at the same time enable us to protect our privacy and control who can send us email. They will allow us establish that we are who we say we are and to validate that the web server we are doing business with is really who they say they are. Security is not the issue. Authentication is. It is true that large numbers of people have learned that security technology can encrypt (scramble) their credit card number in such a way that only the web server at the destination is able to decrypt it. When people see the solid lock or key at the bottom of their browser they implicitly know that their credit card number or other private information is being encrypted using the public key of the server at the other end. And, since only that server has the corresponding private key then only that server is able to decrypt the private information. An important question however is who is that web server on the other end? How do you know it really is the merchant or university or government agency that the server’s home page said it was? Answer? You don’t. It could in fact be a hacker who has “spoofed” the web site; i.e. the site could be an imposter. Likewise the web site at the other end doesn’t really know for sure that you are who you say you are. What we are talking about here is authentication. For the most part we do not have it on the Internet today. Yet, it is one of the core capabilities needed to achieve the ultimate potential of the Internet and enable us all to feel we can Trust the Internet. Today we use the login ID and password as a substitute for authentication. We all use them every day but the problems with them are non-trivial. First is the password sharing problem that enables someone else to be you. If you leave your password on a post-it on on your PC or under your mouse pad then one of your children or a colleague can become you. They can get into your bank account, buy a book at Amazon, or engage in a chat session as you. Assuming you keep your password to yourself, there is another set of problems. Web sites have different rules for login Ids and passwords. Some require that you use your email ID as your login, some require you to use your social security number, others allow you to pick anything you want as long as it is at least so many characters or in other cases as long as it is no more than so many characters. For good reasons they all require that your ID be unique. Sorry, but jjones is already taken. The same thing is the case for the password. Some require at least so many characters, some require that a password must contain at least one numeric character, some require that it be all numeric, and others require that it contain no numeric characters. The variations are vast and the result is that you end up with a lot of different IDs and passwords. In my case, I have a login/pasword at more than one hundred sites.