Posted 8:11 AM (0) comments

Who owns the attributes?

Jim Kobielus has jumped fearlessly into the fray of trying to define the normative principles of identity, by synthesizing the proposals of some others in this space. It's a well thought out piece, with some excellent ideas and only one major flaw. Unfortunately, that flaw comes at the very top of the stack when Jim states:

Each person is the only legitimate owner of their identity, all manifestations of that identity, and all associated identity attributes.

While I'll go along with each person being the owner of his own identity, it is not true that the entity identified also owns "all associated attributes." An employee number, for example, is an attribute of that entity but it is created, maintained and removed (all attributes of ownership) by the issuing organization, not by the entity so identified. The same could be said of any "customer number" issued by a vendor to that entity - it's certainly an identity attribute but it also most certainly is in no way "owned" by the entity.

We must distinguish between data and attributes owned by the entity and those which are associated with the entity by but owned by others. All these attributes, though, should be capable of being federated into a single construct identifying the entity.

But read the rest of Kobielus' note for some interesting ideas.

Posted 2:37 PM (0) comments

PDI in '05

Midentity's Simon Grice has announced the Personal Digital Identity Summit '05, which will be held in London at the BT Tower on the 21st of February. Unfortunately a previous comittment will keep me away, but you might want to consider being there.

Posted 11:41 AM (0) comments

Ping me when there's something new!

Ping ID's Andre Durand has now chimed in on the Laws of Identity, comparing and contrasting them to his "Tiers of Identity." While the laws set out necessary behavior for IdM applications and services to be accepted, Durand's Tiers are more in the nature of a taxonomic definition of various parts of the identity matrix. Still, Andre has been quiet for too long and it's nice to see him rejoining the discussion.

Posted 9:01 AM (0) comments

The rear-view crystal ball

Marc Cantor (whose work I was introduced to by Kim Cameron) ends the year on a strange note by suggesting that Microsoft become "the mega meta momma backplane" (that is, the foundation or the "warp and woof") of Identity. Marc has no love for Redmond, mind you, but thinks "We can put Microsoft's past behind them."

{loud chortling from the peanut gallery}

Microsoft no longer has any moral or political capital to invest or spend in Identity Management, Marc. They had the opportunity, squandered it with "Hailstorm" and now must take their place as dutiful soldier to the effort that will be lead by Sun, Novell, and IBM (and supported by RSA, Entrust, VeriSign, et al) to standardize IdM for the masses.

Of course, Cantor also singles out Sxip Networks (best described as "open source Hailstorm") for praise, so it appears his imagination is lacking, too. People have decided, Marc, they will not store their identity information with a third party - any third party. That party is over.