Tuesday, April 03, 2007

rfi User-Centric Identity and the Odd Geography of Mutuality


I’m no role-play gamer, but today’s IdM metasystems are starting to remind me of Dungeons & Dragons.

The more hyper-heterogeneity we throw into the IdM mix, the more convoluted and confusing and treacherous it all feels from the user’s viewpoint. Looking at Ping’s convergence use cases (integrating OpenID with CardSpace with SAML) or the Higgins/Bandit convergence demonstrations from RSA 2007 (throwing Liberty into the stew), it all seems a tad more complex—hence, lower on the assurance scale--than it needs to be. As if we’re introducing more IdM terra incognita into every online transaction, hence more scary monsters that might swallow us whole or ocean-edges off which we might merrily sail.

IdM metasystem heterogeneity introduces odd geography into the mutuality equation, threatening to turn what should be direct interaction paths (i.e., logins) into indirect odysseys involving card-cluttered conversations, eerie URI-infused interactions, insistent assertion insertions, and restive roundabout REST-y redirect ricochets among too many moving part(icipant)s. In the process of researching this article, and considering all the many initiatives/standards/specs, I sketched out the multifarious dimensions, entities, and relationships that must be represented in any truly comprehensive identity metasystem taxonomy. No, I’m not going to exhaustively list them here (try Liberty Alliance’s wiki for a good dose of heterogeneity). But, in order to stave off personal bewilderment, I cobbled together a working IdM metasystem taxonomy that includes (in no particular order) myriad use cases, interaction patterns, standards, identifiers, attributes, cards, card selectors, credentials, protocols, authentication contexts, federation topologies, domains, identity agents, directories, IdPs, authentication authorities, attribute authorities, attribute brokers, certificate authorities, validation authorities, in-person proofing agents, discovery services, RP/SPs, TTPs, PKI trust paths, etc. (hmmm….I sort of broke my promise not to go exhaustive…pardon me).

So excessive heterogeneity is the enemy of both abstraction/simplicity and mutuality/assurance. To fondle another touchstone from nerd-culture, today’s complex IdM systems make us feel a bit like a hobbit traversing the dangers of middle earth to ascend to the seventh level of mordor (or whatever--I never read the books, and enjoyed the movies but totally lost the plot). Ambling among sovereign domains, you constantly wonder if you have the right papers, passport, currency, vouchers, and reputation to secure your safe passage to the land of the next overlord, and you worry that neighboring domains may not be on friendly terms, with you caught in the crossfire, clapped in irons, or ostracized entirely, kept from climbing whatever mighty mountain beckons.

User-centric identity systems don’t change this odd geography, or save us from this odyssey. In fact, taken to the “strong form” extreme, they just intensify the heterogeneity by adding sovereign self-asserting personal-IdP and personal-RP domains to the mix. Every user becomes a self-sufficient realm all their own, needing the potential of hooking up, on various levels, persistent or fleeting, with any other domain as needs dictate. Think of the higher order of combinatorial explosion in the density of negotiated cross-domain relationships. Here’s a good point for me to rehash/mash the definition, levels, and stakes of mutuality:

  • An internet-scalable identity metasystem enables interactions built on mutual recognition, assurance, risk, recourse, restitution, and responsibility among all parties.
  • Mutuality requires shared, assured, cross-domain, transitive, balanced, equitable, symmetric, commensurate, and reciprocal interactions among end- and intermediate-points, implemented in the context of ubiquitous business/legal, trust/PKI, federation/IdM, and reciprocal permission-based resource-sharing relationships from end to end.
  • End-to-end mutuality allows any end- or intermediate point to participate in the identity metasystem with confidence that they can fend for themselves and actually benefit from plugging in.

How can parties rely, users prove reliable, and mutual relationships emerge and remain durable in a cosmically vast, comically dynamic, and freakishly fragmented crucible such as this?

Odd indeed.