Tuesday May 24, 2005
Tuesday May 24, 2005
Infocard - Follow-up
Well, I've had some excellent comments on my blog entry on Microsoft's Infocard and Identity Metasystem. As envisionned, there is a lot of uncertainty about interoperability between SAML, Liberty or the-likes and the metasystem proposal. Kim Cameron was kind enough to do a thorough review of my analysis and respond to it. Thanks a lot!
Below are my comments on Kim's responses:
Preamble: I'm still convince that using the term IP (Identity
Provider) is a bad idea. Most identity systems I can
think of associate Identity Providers (IP or IdP) with the
provisioning of authentication statements, not attributes. And by
most of them I include WS-Federation as well as Liberty, SAML or
Shibboleth (well I guess that's pretty much all of them!). I have not
(yet) read Kim's laws (so maybe I'm an outlaw – ok that's a bad
one, sooorry 
) but all I can say is that this is going to
confuse people. Since the identity metasystem is brand new it would
be great if Microsoft could find another term, that would clarify the
debate.
I don't know if I'd call the Identity Selector a "broker" - in the sense that it is operated by the user rather than some other organization or agency. I don't want to start thinking of myself as "brokering" my own interactions - my life is complicated enough already. And I'll bet Hubert feels the same way.
The selector is actually engineered as a highly tuned control surface through which the user can establish an unambiguous and safe channel to the digital world. Through this surface the user is able to evaluate the authenticity of those with whom he or she is interacting, decide what provider should be used in a given context, and approve (or prevent) information being released to a relying party.
I would certainly agree that giving control to the user and preserving his privacy are essential criteria; these are actually some of the founding principles for Liberty. However I would say that the last thing we want is to bombard the user with requests from the identity selector; there is a difficult balance to strike between usability and security/privacy but I hope that the metasystem will be flexible enough to let a service provider obtain some information from an attribute provider (identity providers in the metasystem) without additional consent by the user being (of course assuming he previously expressed this at the attribute provider). In fact it seems to me the identity selector is close to the Liberty's interaction service except it is constrained to be on the user's PC when Liberty offers several ways of interacting with the owner of the attributes.
Regarding Identity Metasystem, is there going to be a similar notion to profiles? By profile I mean things like a personal profile (home address, shipping address...) or a business profile... Basically some clearly specified set of attributes that logically go together. A service provider could then refer to such specification when requesting data, which would facilitate the identity selector's task. My understanding is that the infocard will group attributes together but I'm not sure there will be agreed-upon templates.
Within this kind of a system, does an Identity Provider (IP) know what the user's decisions are? That depends.
An IP never knows what a user has disclosed using another IP. So there is complete segregation of providers. This allows complete segregation of identity contexts.
I think we're in total agreement here, the last thing we want is to have attibute providers correlating (any type of )information about the user's activities. But if the user had to give his consent for the release of some information to a service provider, I don't see how the IP would not be aware of it; maybe I missed something.
Further, a given IP may or may not know who the user is divulging information to. In other words there can be both "auditing" and "non-auditing" identity providers. Our study of the laws led us to conclude that in some contexts, auditing by the provider may be considered a good thing, whereas in others it may not. Our goal is to provide a platform for expressing all aspects and variations of identity.
A non-auditing identity provider is significantly different from what an IP does in Liberty. But an auditing provider seems to me to be totally consistent with the concept of a Liberty IP (which knows about the information releases a user has approved, including what information has been - or should be - released to whom).
Terminology issue again – We need to be careful here as when kim writes "Liberty IP" he means an attribute provider (namely a WSP – Web Service Provider). That said, I think Kim makes a good point on the fact that a Liberty WSP does know what information (it hosts) was released on behalf of the user. I have to say I don't have a good example of when a non-auditing provider is preferable. Note that a WSP does not know much about the requesting service provider (WSC in Liberty's jargon.
Hubert also asks a good question about the details of interworking with other systems. It has been pretty clear to me that SAML and Liberty implementations can easily interwork with this proposal - it may require some extensions to current capabilities but nothing very significant. So really, it's a question of whether we want (as an industry) to make this proposed metasystem work or not. As an identity guy I certainly hope so since I think it is win-win for all players, including the individual - who, as Doc Searls so convincingly pointed out at DIDW, will increasingly move toward the center of economic activity as the world continues to collide with cyberspace.
As one can read in my blog Scott Cantor and others commented on the interoperability aspect of Microsoft's proposal. At the low-level there is some common ground with the support of SAML tokens. Beyond that it is a bit unclear how SAML2.0 for instance would interoperate with the Identity Metasystem. Kim thinks it should be easy so I will anxiously look for postings around that issue.
In terms of the ID-WSF framework, I'm not an expert on this. But from my viewpoint, InfoCards in no way dictate what protocols are used for all kinds of web services and all kinds of scenarios, so I don't understand the "direct competition" point. Maybe Hubert can explain. InfoCards are, basically, a proposal for giving the user control, supporting multiple technologies and operators within a unified context, and upping the bar on safety and user integration - doing all the things necessary to building a metasystem that is consistent with the laws of identity outlined here.
When I wrote "direct competition" I meant between Liberty's ID-WSF and the overal Identity Metasystem proposal. ID-WSF provides a framework for identity based web services (discovery of attribute providers, retrieval of user's information, interaction service...). It sure seems to me like the Identity Metasystem is looking at providing a similar set of functionality, isn't it?
Posted at 06:46AM May 24, 2005 by Hubert Le Van Gong in Identity | Comments[0]
Comments:
