This got me thinking that there has to be a better way to provision the identity to the phone for use with mobile applications. One possible process flow would be...
- User authenticates to web site of mobile application provider
- User enters their phone #, and carrier to the web site
- The web site sends a code to the phone
- User receives the code and enters it into the web site
- The web site generates a unique set of authentication credentials for the phone
- The web site sends a binary SMS message to the phone with the mobile application identity configuration
- User starts up mobile application and is automatically authenticated
This should all be doable with today's technology. Of course, the next step would be secure provisioning of multiple identities for the device, where the identities are consumable by multiple applications. For this, the Advanced Client work underway in the Liberty Alliance should help.
Tags: Identity, Mobile, Instant Message, Liberty Alliance