Monday, May 18, 2009

(0) comments

The Diamond Framework

Paul Trevithick has done us all a great service: he's provided a matrix of terms from the major authentication/identity systems making up what's loosely called "user-centric" identity and equated the varying terms (each identified with a letter) to facilitate conversations about the varying protocols, systems and technologies. A wonderful effort coming, as it does, on the opening day of the spring Internet Identity Workshop.

Would that, in this best of all possible worlds, the various evangelists for these systems could adopt Paul's terminology.

Labels: , , , ,

Tuesday, September 16, 2008

(0) comments


Pam Dingle has a bit of a rant today about the term "user-centric." Well, not about the term itself but about people's desire (e.g., the entire Burton Group) to get away from it.

"Sure, there are a few blind worshippers of the cult of user-centric out there, but I firmly believe that common sense has to win out in deployment scenarios, and that various technologies should and will be used where applicable to solve problems. "

"If, on the other hand, all this is about is finding a positive, all-encompassing touchy-feely name to give to the systems-formerly-known-as-user-centric so that isn’t all about conflict, fine — pick a new name already. I only ask that if you’re going to diss the current buzzword, can you please at least supply an alternative suggestion. Otherwise we end up in limbo where nobody wants to use the old term, but nobody has a new term either, making us all look like indecisive idiots."

I think it's about more than just a term, more than just a feel-good quality, Pam. The "User-centric" term was coined, initially, to try to differentiate internet-based individual identity protocols from those used within the enterprise. But it's really all identity, and there doesn't need to be a distinction. That's why I wrote, last month, "Why there's no 'user-centric' or 'enterprise-centric' identity," where I said:

"Enterprise-centric identity management, we postulated, is really all about tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form; while user-centric identity is about keeping various parts of your online life totally separated so that they aren't accessible and no report can be drawn.
So how do we have a framework that allows for both tying together all of a user’s activities (enterprise-centric) while at the same time allowing distinct separation of activities as decided by the user?
We start by defining identity as a group of “personas” (see 'Defining identity, persona, role'). Any persona can be made up of a group of personas or roles. Each of those personas can be linked, or separated, as the entity identified by them wishes. One of those personas is (or, rather, could be) an 'enterprise persona.' That one brings together '…all the activities and attributes of a single entity' performed for or related to that enterprise '...into a readily accessible (and reportable and auditable) form.'
So there is no 'user-centric' or 'enterprise-centric' identity. There is just an entity with AN identity made up of various personas some of which may be controlled or limited in some way by an outside organization – not only by the enterprise but also by governments, social organizations, etc. The ability to keep these personas separate, where legally able to do so, must be a given. Each persona will have different identity needs and requirements, of course, but that’s what will drive the 'identity economy' as vendors seek to satisfy those needs and requirements in accordance with the laws. The government’s laws, the enterprise’s 'laws', the fraternal and social organization’s 'laws' and the Laws of Identity as laid down by [Kim] Cameron. "

Labels: , , , , , , ,

Tuesday, September 09, 2008

(0) comments

Virtual Loyalty cards

What is possibly the first leveraging of information card technology was announced today by aptly named "fun communications": the virtual loyalty card.
WebCard Loyalty offers customers, dealers and the issuers of customer loyalty cards true added value. For the customers, the virtual loyalty card means that different user names and passwords are now a thing of the past. The technology is based upon the open standard for information cards that is available for almost all operating systems and browsers. Also, for example, information cards are implemented in the Windows CardSpace™ technology. CardSpace provides a reliable and secure authentication and authorization mechanism (User-Centric Identity Management), which due to its Client technology is immune to phishing attacks. The login process is significantly simplified. Dealers benefit from this as well: It raises the entry barrier, increases the utilization volume, as well as enhancing the data quality. Not only this, but the virtual loyalty card provides both dealers and identity providers with an instrument for targeted marketing measures (bonus point programs, discounts on partner sites, partner advertising, coupon promotions) that enable them to build up long-term customer and partner loyalty. The customer identification and improved customer profiles open up interesting and profitable business models within the partner network.

Privacy, security - and targeted marketing! It's the holy grail, isn't it?

Labels: , ,

Wednesday, August 13, 2008

(2) comments

Cringe-inducing conversation UPDATE

In a story in Ars Technica Six Apart's Anil Dash is quoted as saying "...democratized identity management systems like Six Apart's own OpenID..."

What the heck is that??? Do all the 'citizens' get to vote on your identity, or on their own identity, or ???????

And who in their right mind could call OpenID an "identity management system"? It's, at best, an authentication system or, even better, a signon system. But there's little management of the identities involved.

And what's with the proprietorial phrase "Six Apart's own OpenID"?

It's possible (but not bloody likely) that Ars Technica got it wrong. Still, I'm waiting for Six Apart to issue a correction/clarification.

UPDATE: Anil is saying that Ars Technica got it wrong. That what he said was "decentralized" identity management. I'd still quibble about OpenID being called an ID Mgmt System, but at least that other wierdness appears to be cleared up.

Labels: , , ,

Sunday, August 10, 2008

(0) comments

"We have met the enemy..."

OpenID's leading lights appear to be down on the technology, it seems. After last week's note about Dick Hardt's seemingly wistful look at OpenID (" wonders if the identity opportunities of OpenID have passed.") comes today's note from Scott Kveton (chair of the OpenID Foundation board). Reacting to a Randy Stross' New York Times piece highly critical of OpenID, Kveton says: "The OpenID community has identified two key issues it needs to address in 2008 that Randy mentioned in his column; security and usability."

If usability is bad (and the discussions on the OpenID email discussion lists support that notion), and security is a problem - what, exactly, does it have going for it?

Is it, perhaps, time for the leading lights to move on to a user-centered technology which does show promise of being an identity provider that is very usable and also quite secure? As Mr. McGuire might have said to Ben in The Graduate:
Mr. McGuire: I just want to say one word to you - just one word.
Ben: Yes sir.
Mr. McGuire: Are you listening?
Ben: Yes I am.
Mr. McGuire: 'Zermatt.'
Ben: Exactly how do you mean?
Mr. McGuire: There's a great future in Zermatt.
Think about it.
Will you think about it?
Ben: Yes I will.
Mr. McGuire:> Shh! Enough said. That's a deal.

Or, as Eddie said to Saffie: Just put me through to Zermatt!

Labels: , , , , , ,

Friday, March 28, 2008

(0) comments

Cardspace context UPDATE

Good post today ("No User Context Decisions in your Enterprise?") from Pam Dingle summarizing her panel at Brainshare (which I'm now sorry I missed). Cardspace and other user-centric ID schemes have a definite place in the enterprise, if only for the context-switching that Pamela outlines.

UPDATE: A video of the session ( with Pam Dingle, Patrick Harding, Kim Cameron and Dale Olds) has now been posted at the Bandit Project site.

We'll be exploring this same topic at the European Identity Conference when I host a panel of Dale olds (Bandit Project), Johannes Ernst (OpenID) and Robin Wilton (Liberty Alliance) called "Putting Context in Identity: User-Centric Context." It's an area that will heat up in the near future...

Labels: , , , , ,

Thursday, January 03, 2008

(0) comments

Promulgating the social graph

Julian Sanchez, over at Techdirt gets it while many in the identity community - and even more who are involved in social networking - don't.

"Intuitively, it makes sense for users to be able to make whatever use they please of information about their own social networks. But in a social network, "your" information is someone else's as well."

The point about relationship data is that there is a relationship. And a relationship, like a contract, has two sides (well, it could have more - but that's kinky). Both sides need to be involved in the decision to distribute the relationship data. Both sides need to agree. Unless, of course, the whole "friendship" is one way. But imaginary relationships are best had with imaginary friends...

Labels: ,

Saturday, December 15, 2007

(0) comments

The end of 'user-centric' identity?

In light of the last "tools" posting it's interesting to note that either Digital ID World's Eric Norlin recently posted their predictions for 2008 at CSO online and included this one:
"User-centric’ identity protocols will stop calling themselves ‘user-centric’: This is an adoption story. ‘User-centric’ protocols will gain some actual adoption in 2008 (yes, I'm implying that they haven't yet gotten any ‘real’ adoption). In so doing, the ‘folks in the know’ in that movement will *stop* prefacing everything they say with the words ‘user-centric,’ as they realize that their protocols may have been designed with that laudable goal in mind, but the terminology is just getting in the way. Instead of describing an ideal, they'll begin describing what they *do.*"
It is about time we stopped debating philosophy and started talking implementation, isn't it?

Labels: ,

Thursday, December 13, 2007

(0) comments

Tools are just tools, you know

I've always been impressed by Pamela Dingle's ability to cut through the rhetoric and get to the heart of a problem. She's done it again.

Patrick Harding, Nishant Kaushik, Johannes Ernst and Matt Flynn recently participated in an impassioned (if not actually heated) discussion of User-Centric identity in the enterprise. Pamela chimed in with her usual level-headed approach.

Then, after the guys debated philosophy, Pamela - once again - reminded them that using the tools of so-called "user centric" identity (CardSpace and OpenID, for example) doesn't require buying into any sort of philosophy of data control. They're simply tools. As she put it: "If you try to tell me that using a tool such as the Identity Metasystem to accomplish something other than a user-centric philosophy is wrong, I will also laugh at you."

As I said last spring, "I’m addressing the enterprise market, which needs to pay attention to CardSpace right now." CardSpace and the identity metasystem - whether all Microsoft or using open source tools - can be a very useful tool in the enterprise, especially in an enterprise which uses a lot of home-grown applications and services. Not only for authentication (and the simplified signon possibilities), but also for authorization, role management and fine-grained entitlement control.

Tools are just tools. Use the tool that does what you want at the price you're willing to pay and let others worry about the philosophical implications.


© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]