The next generation of Identity

« Identity 2.0 and Enterprise 2.0
Web service identity at MashUp Camp »

July 11, 2006

How does user-centric identity provide scale?

Filed under: Uncategorized — Dick @ 7:57 am

There has been some confusion on what is meant when we talk about how user-centric identity provides “scale”. In order to easily operate at Internet Scale, an identity system ideally should allow:

  • someone to setup an Service Provider without coordinating with third parties
  • the user to use one Identity Agent today, and another tomorrow
  • the user to acquire claims from many Identity Issuers and present them to any Service Provider

In order to do the above, the following follow from the above:

  • separation of Identity Provider into Identity Agent and Identity Issuer
  • the Service Provider and the Identity Agent don’t have a relationship prior to or post the transaction
  • the Service Provider trusts the Identity Issuer that issued a claim, but the Identity Issuer may have no knowledge of the Service Provider
  • the users identifiers are independent of Identity Agent

A big benefit that comes from this is:

  • user has control over when identity data flows, and choice of Identity Agent

Let me know what you think!

Tags:
Spam is anything or anyone that doesn't mutually match us, expand us or enable us to engage in what's most meaningful to us
  •  
    Wed Jul 12, 2006 at 3:59 AM
    Henning Møller-Nielsen
    • Henning Møller-Nielsen

    As I have thought many times since experiencing Dick Hardt's talk on the subject at OSCON 2005, it sounds almost too good to be true / possible.

    The whole point is summarized in the benifit you list - the user has control and can choose the Identity Agent he trusts.

    Should Google one day choose to go this way many would undoubtedly choose them as their Identity Agent. Just a thought.

  •  
    Dick
    • Dick

    It would be great if Google chose to be people's identity agent. Many people have wanted to leverage the Google accounts on their sites. Another benifit of Identity 2.0 is that it is a useful tool in fighting phishing.

  •  
    Wed Jul 12, 2006 at 6:22 AM
    Bruce Joy
    • Bruce Joy

    Sounds right. One question: Do you need to seperate the concept of Identity Provider and Identity Agent. I understand that Identity Provider/Agent and Identity Issuer need to be seperate concepts. Also, I'm new to this discussion and am curious if there are any implementations of sxip occuring in .Net?

    BTW, my first impressions of sxore can be summed up as "It rocks hard, Dick".

  •  
    Dick
    • Dick

    I seperate Identity Agent from Identity Provider because the Liberty group has defined an Identity Provider as performing both Identity Agent and Identity Issuer functionality.

    Currently there are no implementations of sxip in .net, but hoping to have something soon!

Leave a comment

Powered by WordPress