Tuesday, May 08, 2007

Dick and Conor

Today, at the European Identity Conference, Dick Hardt and I (as well as several others) participated in a panel on user centric identity in the enterprise. As I had suspected it was a fun session with lots of back and forth and a very interested audience.

What amazed most people who know us was that we actually agreed on several issues and Dick was quoted at least twice as saying something along the lines of "As amazing as it seems, I agree with Conor on this" and we even shook hands once (luckily no one in the audience had their camera ready for the historic moment).

The kinds of things we agreed on included:

  • Users should be able to control the use and dissemination of their data.
  • Users should be able to allow an agent (local or perhaps in the cloud) that can interact on their behalf in between authoritative issuers of attributes and relying parties.
  • Users should be able to allow direct access from some relying parties to some issuing authorities (specific example discussed was around someone accessing my calendar service to add an appointment).
  • Strong authentication is separate and distinct from strong identification.

We only had an hour on the panel and could have easily gone on for another hour or two with a very participatory audience.

Tags : / / / /

Thursday, May 03, 2007

April... an unusually quiet month...

I just noticed that last month, I only wrote 6 blog entries (Paul frequently hits that number in a day)... My slowest month in a long time.

This wasn't about a lack of things to write about -- there's more than enough stuff going on out there that is clearly calling out for my essential input :-). My lack of posting has been because my free time (what little there is) has been taken up by the updating of my Open Source Liberty ID-WSF implementation to have some of the functionality documented in the new Advanced Client specifications.

No, it isn't done yet, but I just had to take a breather and do something fun like post a blog article about not blogging. I'm sure Paul will find some higher meaning in my doing so :-).

But, no worries, the interoperability event is scheduled for the first week of June in Dulles, Virginia (yeah, that's a real place, not just an airport -- although the airport was first). I should have my head above water by then.

In the meantime, I'm off to Munich to participate in the European Identity Conference hosted by Kuppinger Cole. I'll be in 3 sessions there:

It should be a fun week! I hope to see many friends there.

Tags : / / / / / / / / / / /

Anonymous identity

Paul writes in "Identity as Relationship Precursor":

This is interesting because it seems the exact opposite of most use cases in which identity attributes are shared (and those that Liberty ID-WSF has historically focused on). In these use cases, interaction comes first. The user shows up at a service provider and, in order to provide some enhanced level of customization, the service provider seeks to obtain identity. The model is

Interaction --------------> Identity Sharing

I'll argue that current identity systems (OpenID to a lesser extent, albeit not spec'd out) are geared to the latter model, what are the implications of the former?

Au contraire Monsieur Madsoooooon, we considered the both use cases and specifically designed the anonymous release of attributes around the case where the user gave away some bits of information in order to get a better experience at a target entity without giving away their identity nor creating a federation to their identity (which they could, of course, do later if desired).

The common discussion around anonymous identity was, for example, releasing your zip code out of your personal profile to anybody so that when you showed up at a movie web site, they could automatically display the movies that are showing in theaters in your area.

Tags : / / /