Big Bang of Identity

From IIW
Jump to: navigation, search

We divided the community up between oldies and newbies and then broke in to small groups that were evenly mixed. We had 12 groups and they discussed what it would take to get to the big bang of Identity for 40 min. Each group reported out its answer both verbally and on post-it notes.

Here are the post-it notes. Managed Card Providers we've heard of


  • Techies stop talking about tech and talk about user experience
  • Excellent User Experience


PORTABILITY OF IDENTITY

Portable (mobile) identity information


Compelling apps/business cases

Developer protocols like open social

Trust framework for OpenID Providers

Where are the Relying Parties

  • objectives from biz dev " We want to own the users."
  • problems of trust
    • can we have global reputation?
    • Fear of data breach more compelling/reputation risk
  • Relying Parties requests for IdP
    • Digg Captchas
    • HealthVault - security audit.


Interoperability

  • Protocol - between specifications
  • Implementation
  • deployability

IDENTITY CREATION/TERMINATION INTEROPERABILITY

Interoperability

  • Trusted IPs - Critical must
  • Aggregator of Claims
  • Trust Technology
    • Reputation
    • Secure
    • Strong Auth
  • Verified Claims
    • RP's fore Life Essentials - critical mass
  • Privacy - user controls

Eliminate the need fore "global" identifier - to be used by people.

A solution looking for a problem

  • We start by getting straight what the "big bang" is.
  • When we figure out what form the "big bang" takes.
  • Don't have to solve all problems to have a big bang.

Education of end users

  • Usability (must do something they value)

Ability to enforce trust in plumbing (including open standards)

TRUST FRAMEWORK

SOLUTIONS & ADAPTATION FOR ABSTRACTION USERNAME/PASSWORD

No Big Bang until the users feel/experience it as Big Bang

Making ID relevent to common people

Replicate Pre-neolithic Human Interactions in the virtual space

When Users Care


Trust & Tools so SP will always alow other SP to authenticate customers

User has 1 way of authenticating on any site and managing her ID anywhere

Value of digital ID allows you to make more money, friends or social capital, then people will adopt it

Figure out how to manage risk & provider value beyond single-sign-on

When individuals care to own who they are outline & interact with others authentically

Aids to increasing the size of a persons "community"

Simple user experience decoupled from plumbing (protocols, bits and bites)

usability big bang - 1 ID gets you in composite identity

ultimate goal? 1 ID everywhere or lists of IDs to manage

Complex data management issue?

Disaggregated apps issue

Registery of handles? How to navigated discontinuous information

Identity flow - how do services get info to map a

INVISIBLE INFRASTRUCTURE (SAML, XRDS, OpenID, OAuth, InfoCards, Portable Contacts, Gadgets, WS-*) giving VISIBLE BENEFITS (Friends, Activity Stream, E-Commerce, Calendar...)

Compelling Economic Cases

  • Trusted providers
  • Identity Assurance
  • Different Authentication contexts
  • Federated Log-In

Realizing that running your own user/password system is stupid.

Solve more of a business problem then just Identity.

MARKET PLACE OF PROVIDERS

High Value Claimes

"42"

Why do we need a "big bang" why not steady evolution

HIGHER DEGREE OF PAIN (eg. more ID theft more losses)

What is the Big Bang? " Where the norm becomes that the first identity request default is that identity is distributed ie. When the ah to create lead accounts is turned off by default

The metric is that number of distributed identity sessions is graded then the alternatives.