« Identity Mashup  •  Google Account Authentication: two steps forward, one step back »

Recent Stories

  • No More Microsoft Dick, No More Identity 2.0
  • Identity, Privacy and Facebook
  • Who makes more money than me?
  • I want my stimulus: but is it Jeff or Kevin?
  • Privacy Issue or Feature: Unpleasant vs Pleasant Surprise

    • What is user-centric identity?

    June 26, 2006 in Identity Gang by Dick

    User-centric identity has become a buzz word in the identity market. Eve Maler, Paul Madsen and Pete Rowley have all been talking about it. I was on a panel with Eve and Kim Cameron a couple weeks ago during Catalyst where we talked about user-centric identity. My key thoughts on it were:

    • The user is in the middle of a data transaction. This does not mean the user has to approve every transaction, but that the data always flows through the user’s identity agent. This does have user control and consent advantages that others point out, but I think more importantly, it provides huge scale advantages as the Identity Provider does not have to have any prior knowledge of the Service Provider. The network of sites can build up ad-hoc, just like SMTP servers do today.
    • The user has a consistent user experience. That does not mean that all users have the same user experience, but that a specific user is using the same identity agent over and over for each identity transaction, similar to the interfaces we all see for saving and printing files regardless of the application. Currently each SP provides its own user interface which means the user is learning a new interface, sometime for onetime use (eg. site registration) By separating the identity component from the rest of the application, the user also has more certainty on who the SP is which helps resolve phishing.

    The scale, security and usability advantages of user-centric identity are what makes it the underpinning for Identity 2.0.

    Pages

    Identity 2.0 bloggers:

    Past Events:

    Points of View:

    5 comments

    June 26, 2006 at 10:38 pm

    Don

    Definately it has to go through the user! Think about the privacy invasion when a certain identity provider gets information of where you’re using your credentials. Just think about how the advertising industry would be drooling to get their hands on this data (and probably with enough money in today’s world you can get your hands on any data eventually). Anyone in control of the IP would know that I regularly go over to Flickr, sometimes visit Blogger and also that I am probably the most active member on p0rn.com.

    Also this grants the wonderful possibility of being your own identity provider, and in SXIP jargon, that’s when you’re moving your homesite to your personal device (if I got that right). And in photo ID that’s when I am the owner of my ID card

    June 27, 2006 at 6:48 am

    Agreed. There is a business model to be an Identity Agent in order to learn what users are doing and then use that in a way that is useful to the user rather then irritating, or worse, having them feel their privacy was invaded.