The first two items are tightly linked and bear directly on the benefit of the system. At one end of the scale are transactions that have little economic cost and, therefore, require little in the way of identity confidence--logging into the free wireless network at the local library, for example. As the transaction value goes up through the layers of e-commerce to include large institutional financial transactions, the level of identity confidence required rises in lockstep. Of course, benefits must be weighed against cost, the second two components on the list.
As for the TCO (total cost of ownership) of authentication, people tend to rush toward the hard dollar costs, including the license for the authentication server and individual hardware tokens. But from the user perspective, the experience impact, or PITA (pain in the ass) factor, is the lion's share of the cost. Some organizations, for example, up the PITA element by requiring multiple, difficult-to-remember passwords that change frequently. Go this route and users eventually will try to work around the authentication system. Although it makes it easier for the user, this approach inevitably leads to increased helpdesk calls.
Every authentication system carries costs, even if you're using the authentication capabilities included in your network operating system or enterprise application. Authentication supported within this framework is still the norm, with Computer Associates, IBM and VeriSign the leading vendors. And even with the simplest authentication schemes, developing a user database, assigning privileges, training and supporting users, and maintenance costs must be factored in.
Minimizing the price of authentication will help push two major trends in this segment in the coming years: The move away from individual built-in authentication for the enterprise and an increased reliance on smart cards and other hardware authentication methods, such as tokens, that can be used anywhere. The virtues of built-in authentication technology are that you can buy it once and be done with it, and the purchase price is normally very low. But these benefits are frequently balanced by higher integration costs as staff or consultants strive to knit the authentication databases and mechanisms into a single coherent scheme while keeping the various authentication requirements from running into one another when accessed by high-demand users.
