Big Bang of Identity
We divided the community up between oldies and newbies and then broke in to small groups that were evenly mixed. We had 12 groups and they discussed what it would take to get to the big bang of Identity for 40 min. Each group reported out its answer both verbally and on post-it notes.
Here are the post-it notes. Managed Card Providers we've heard of
- Techies stop talking about tech and talk about user experience
- Excellent User Experience
PORTABILITY OF IDENTITY
Portable (mobile) identity information
Compelling apps/business cases
Developer protocols like open social
Trust framework for OpenID Providers
Where are the Relying Parties
- objectives from biz dev " We want to own the users."
- problems of trust
- can we have global reputation?
- Fear of data breach more compelling/reputation risk
- Relying Parties requests for IdP
- Digg Captchas
- HealthVault - security audit.
- Protocol - between specifications
IDENTITY CREATION/TERMINATION INTEROPERABILITY
- Trusted IPs - Critical must
- Aggregator of Claims
- Trust Technology
- Strong Auth
- Verified Claims
- RP's fore Life Essentials - critical mass
- Privacy - user controls
Eliminate the need fore "global" identifier - to be used by people.
A solution looking for a problem
- We start by getting straight what the "big bang" is.
- When we figure out what form the "big bang" takes.
- Don't have to solve all problems to have a big bang.
Education of end users
- Usability (must do something they value)
Ability to enforce trust in plumbing (including open standards)
SOLUTIONS & ADAPTATION FOR ABSTRACTION USERNAME/PASSWORD
No Big Bang until the users feel/experience it as Big Bang
Making ID relevent to common people
Replicate Pre-neolithic Human Interactions in the virtual space
When Users Care
Trust & Tools so SP will always alow other SP to authenticate customers
User has 1 way of authenticating on any site and managing her ID anywhere
Value of digital ID allows you to make more money, friends or social capital, then people will adopt it
Figure out how to manage risk & provider value beyond single-sign-on
When individuals care to own who they are outline & interact with others authentically
Aids to increasing the size of a persons "community"
Simple user experience decoupled from plumbing (protocols, bits and bites)
usability big bang - 1 ID gets you in composite identity
ultimate goal? 1 ID everywhere or lists of IDs to manage
Complex data management issue?
Disaggregated apps issue
Registery of handles? How to navigated discontinuous information
Identity flow - how do services get info to map a
INVISIBLE INFRASTRUCTURE (SAML, XRDS, OpenID, OAuth, InfoCards, Portable Contacts, Gadgets, WS-*) giving VISIBLE BENEFITS (Friends, Activity Stream, E-Commerce, Calendar...)
Compelling Economic Cases
- Trusted providers
- Identity Assurance
- Different Authentication contexts
- Federated Log-In
Realizing that running your own user/password system is stupid.
Solve more of a business problem then just Identity.
MARKET PLACE OF PROVIDERS
High Value Claimes
Why do we need a "big bang" why not steady evolution
HIGHER DEGREE OF PAIN (eg. more ID theft more losses)
What is the Big Bang? " Where the norm becomes that the first identity request default is that identity is distributed ie. When the ah to create lead accounts is turned off by default
The metric is that number of distributed identity sessions is graded then the alternatives.