Today, at the European Identity Conference, Dick Hardt and I (as well as several others) participated in a panel on user centric identity in the enterprise. As I had suspected it was a fun session with lots of back and forth and a very interested audience.
What amazed most people who know us was that we actually agreed on several issues and Dick was quoted at least twice as saying something along the lines of "As amazing as it seems, I agree with Conor on this" and we even shook hands once (luckily no one in the audience had their camera ready for the historic moment).
The kinds of things we agreed on included:
- Users should be able to control the use and dissemination of their data.
- Users should be able to allow an agent (local or perhaps in the cloud) that can interact on their behalf in between authoritative issuers of attributes and relying parties.
- Users should be able to allow direct access from some relying parties to some issuing authorities (specific example discussed was around someone accessing my calendar service to add an appointment).
- Strong authentication is separate and distinct from strong identification.
We only had an hour on the panel and could have easily gone on for another hour or two with a very participatory audience.