Wed 20 Sep 2006
User-Fedric Centricity
Posted by Pete Rowley under identity , InfoCards , user-centric identity , identity 2.0 , Digital ID World , CardSpace , federationAndre Durand has been blogging about the mash-up between user-centric identity and federated identity. His company, Ping Identity has put forward the idea of active versus passive federation. Active federation is essentially user-centric federation, and passive federation is the classic federation model where big business gets together and talks about us while we all watch the pretty pictures. In his recent presentation at Digital ID World, Ping CTO Patrick Harding had some great enterprise use cases where user-centric identity added the element of consent to the transaction, for example, access to a 401k account, or outsourced payroll services.
Now, while marketing must have its marketing phrases and there is nothing inherently wrong with active/passive federation, I think the rest of us might find the phrase consentual federation a little more descriptive. After all, consent is the major difference between the two. Oh, but what then to call the other type of federation… sneaky federation?
5 Responses to “User-Fedric Centricity”
Leave a Reply
You must be logged in to post a comment.
September 20th, 2006 at 3:04 pm
I’m not sure that consent is a particularly good differentiator - as far as I can see it’s orthogonal to user-centricity (at least as far as I understand what people mean when they say user-centricity).
Taking Liberty ID-FF (SAML 1.1’s child and SAML 2.0’s parent) as an example, user-consent is designed in. Take a look at the flash demo on this blog post of mine - http://blogs.sun.com/superpat/entry/demonstration_of_identity_web_services - almost a year old now. The user decides to link accounts across two sites, and is then prompted to give his permission for one site to give his shipping address to the other.
September 20th, 2006 at 3:22 pm
Oh contrare Pat, consent is a key element of user-centricity since without consent it would be at best user-observity :)
It is great that the Liberty ID-FF contains the element of user consent, but then it isn’t what I would describe as “classic” federation either :)
September 20th, 2006 at 5:18 pm
OK - it’s coming into focus now. Consent (and thus user-centricity) is orthogonal to the wire protocol - it’s a deployment choice. Right?
This makes much more sense than the folks that seem to have been lining up user-centric protocols such as OpenID on one side (’good’) and enterprise protocols such as SAML on the other (’bad’).
The protocol is your vehicle - it’ll get you from one site to another. User-centricity is how you drive it. You can drive in a considerate, consensual way, or you can drive with no regard for your passengers or other road users.
September 20th, 2006 at 5:24 pm
Exactly.
September 20th, 2006 at 6:08 pm
OK - my gravatar’s been rated - will it appear now???