I've just been crawling through the blogosphere, the literature, my head, etc.....putting together a quick cheatsheet, definition-wise.
In some radical/fundamental/ideal sense, user-centric identity could conceivably mean any and/or all of the following:
- All user identities/attributes are self-asserted and provisioned
- All user identity interactions flow through the user's client, icard space, personal idp, and/or agent
- All user identities/attributes are immediately, conveniently, and visually available to the user from all clients/UIs to present to the appropriate relying parties
- All user identities/attributes are self-selected within the context of each interaction
- All user identity-based interactions are engaged in by the user with full knowledge, transparency, and nonrepudiation of the relying parties
- All user attribute disclosures require permission of the user and/or the user's authorized agent
- All user identity interactions contribute to the user's privacy
- All user attribute disclosures are anonymized, encrypted, pseudonymized, and/or minimized in each interaction
- All user identities/attributes are disclosed and distributed in such a way that they cannot be joined or correlated back to the user
- All user identities/attributes are stored locally under the user's control and protected through secret keys that only the user possesses and which are authenticated through multiple factors, including biometric
Jim
