Saturday, March 17, 2007

rfi User-Centric Identity and Mutuality


Now for the editing and elaboration. First off, per the previous overstuffed formulation:
  • "Mutuality: An internet-scalable identity metasystem must ensure that all end- and intermediary-entities (i.e., human users, identity agents, IdPs, RP/SPs, identity brokers, etc.) can engage in mutually acceptable interactions, with mutual risk balancing, and ensure that their various policies are continually enforced in all interactions, including, from the human user’s point of view, such key personal policies/peeves as the need for unambiguous human-machine communication mechanisms, privacy protection, user control and consent, minimal disclosure for a constrained use, limitation of disclosures to necessary and justifiable parties, and so on and so forth."
Won't do. Can't keep it in my head. That's one of the things that's cool about short poetry--in fact, the core redeeming value: memorizability (and hopefully, memorability). Let's whittle this definition down to a more ipod-like form factor:
  • Mutuality: An internet-scalable identity metasystem enables interactions built on mutual recognition, assurance, risk, restitution, and responsibility from end to end."
Yeah, that slips nicely in the inside coat pocket, and I can hear it beeping for me now. What it's telling me is that "mutuality" as an uber-concept anchors user-centric identity into a broader context of trust and federation across cross-domain IdM environments. In fact, you can rethink these all as different levels of mutuality:
  • Trust: transitive trust is shared, assured, cross-domain recognition of the identities of people, applications, servers, and other entities through mutual implementation of X.509 certs, cross-certified or bridged certificate authorities, common certificate policies and certification practice statements, legal/business agreements, and so forth.
  • Federation: federated identity is shared, assured, cross-domain recognition of identities, authentications, and attributes through mutual implementation of common standards (SAML/Liberty et al.), federation frameworks, legal/business, agreements, and so forth, plus mutual risk and restitution (i.e., "mutually assured destruction" in terms of legal recourse) if either party abuses the trust/federation relationship
  • Reciprocal permission-based resource sharing (i.e., the core use case of user-centric identity, including/especially the "dataweb" XRI/XDI approaches): this is the "mutual kimono opening" scenario that I described earlier, under which the user operates as his/her own personal IdP, and essentially also his/her own personal SP, disclosing personal attributes and other resources to relying parties only on a "need to know" basis (with full user control and consent, minimal disclosure for a constrained use, limitation of disclosures to necessary and justifiable parties, etc.), with the relying parties providing tit-for-tat access to their own resources--a balanced, equitable, symmetric, commensurate, and mutual interchange of goodies
Getting back to a question I posed earlier in this thread (with "mutually" substituted for a near-synonym):
  • In user-centric identity environments, how do personal/private IdPs mutually federate to each other, in the absence of (one or more) trusted third parties to vouch for their respective good reputations/behaviors?
They do it through a koy kabuki-like koreography of mutual kimono openings and closings. Through the same means by which you or I evaluate each other's trustworthiness in the analog realm. Who skrewed whom.