Thursday, March 01, 2007

rfi User-Centric Identity and What Eve Maler Said


Eve sounded as rushed and frazzled today in our call as I always sound (and feel). She only had a limited amount of time, and I understood totally. But we got in a good half-hour of quality interaction, and she was articulate and insightful as always.

I ran down my list of interview questions, skipped some, and let her expand on topics of special interest to her. What stuck with me most was her approach to discussing the definition of user-centric identity.

She focused on the centricity of the user in the data flow during a login attempt, distinguishing between the "human present" interaction mode (i.e., the actual human user/subject is online during the transaction, responding to prompts, selecting i-cards, deciding whether or not to disclose this or that personal attribute to this or that relying party), vs. the "human absent" interaction (i.e., the human user/subject is not actually online during the transaction on which they are a principal, but, instead, an identity software agent/intermediary or delegated other human user is selecting i-cards, disclosing attributes etc. on their behalf).

She pointed out that most of the current crop of user-centric identity schemes (i.e, MSFT CardSpace, OpenID, etc.) focus primarily on the "human present" mode, which, as Eve stated memorably, means that the "user's policy is in their brain." By contrast, she pointed out, Liberty's ID-WSF was developed to support both the "human present" and "human absent" modes.

Eve said she didn't want to be understood as arguing that one or the other mode is best, but simply that they both have their proper roles and should both be supported in a comprehensive identity environment (user-centric or whatever). She took pains to point out that user-centric identity is orthogonal to, not mutually exclusive with, "traditional" federated identity of the SAML and Liberty variety. I pointed her to the excellent whitepaper recently published by Ping Identity that lays out the convergence scenarios (OpenID+Liberty+SAML+*****) in wonderful brain-opening detail.

On another issue, she noted that OpenID 1.0 has a vulnerability in that it leaves users' identities open to possible correlation by unauthorized third-parties. But that CardSpace has a vulnerability of an opposite but equally problematic nature. Given that each CardSpace is associated with a particular client device (i.e., a particular desktop, laptop, or mobile phone running Vista), and given the fact that each user might have multiple such devices, each with a multiplicity of cards running on them...that the more such devices, cardspaces, and i-cards multiply for a given user, the more difficult it will become for a particular user to correlate the various fragments of their identity across their own personal "space."

At which point, what each of us might need is a federation of personal cardspaces (this last thought just came to me....Eve didn't offer up this particular thought...but she inspired it...thanks time I'm up in Redmond or