There has been lots of discussion lately about what user-centric means, which led to wondering if it is the best term. Let’s step through the evolution of Identity Management to see if a new term makes sense.
Centralization: The was the first phase of the Identity Management industry. Enterprises had separate identity stores for each application. Putting all the data in one place either directly or virtually made the identity data inside the enterprise significantly more manageable.
Federation: The Centralization model does not work when there are peering organizations, hence the development of the Federation model that allowed peers to share identity data.
As the identity management challenge has taken on an Internet scale scope and the entities desiring to exchange data are not peers, or may not have or need a prior trust relationship, and as we move to moving people’s private identity data around, we need to move to a new model, Decentralization.
Decentralization: All the actors in an identity exchange can be separated, and trust is only required where it is needed. The actors include the Identity Issuer that is making an assertion, the Identity Agent that is managing the user’s identity, and the Service Provider that receives the Identity. The Identity Agent does not need to have a relationship with the Issuer or the Service Provider. The Service Provider needs to trust the Issuer, but the Issuer does not need to have a relationship with the Service Provider. This does not preclude the Issuer from needing to know the Service Provider making the request, but does not architecturally require it.
Also, If the user is using a globally unique identifier (URL or XRI), then the IdP that authenticates the user can be separate from the registry that says which IdP is authoritative for the identifier.
These concepts are captured in whole or in part with Stefan’s work at Credentia, InfoCards, XRIs, OpenID, as well as what we are doing at Sxip.
As people have pointed out, there are aspects of user-centricity in the Federation technologies, and one could argue, there is some user-centricity with Centralization as the user is able to pick their password, and they do get to decide when to use it.
Comments?
Technorati Tags: identity, liberty, sxip
Are the users the center of your model, or is the users credentials?
One user should be able to use multiple credentials. But, the vender looking to auhtenticate your credentials does not care if you have multiple identities. They only care that the credentials you are trying to use are valid.
Is this a step in the correct direction?
Putting the users at the center allows things to be fully decentralized. Implicitly this is the user’s credentials, which allows multiple credentials to be managed by the user, and they present what is needed to sites.
I assume you are looking for a term that resonates with average users, not us in the business.
In trying to communicate Identity 2.0 ideas, I have struggled with a simple explanation for ordinary people. I have had a lot of success focusing on the portability aspect. The best I have come up with so far is "Portable Internet Identity".
People immediately understand that all their other Internet identities are not portable and can imagine the user control they would have with it. They also can then easily relate to all the portable identities they carry in their own wallet. I then optionally talk about the infocard model ( but, try not to say reification – it ruins the mood .)
Those of us in the business can then unwind this into decentralized, user centric, cross domain, identity metasystem, etc.
Portable is a good word. What do people think of when you say user-centric?
I have used user-centric a lot and it does not seem to get me anywhere.
The problem is that user-centric may be a good handle for us who understand the details but it does not help people with beginner minds get anything. They always have to ask, what do you mean by user-centric?
Recently I have been talking with people who are technically web savvy but outside of the identity circles that you and I travel in. I have been trying to sell them on a business idea that revolves around Identity 2.0. I called it user centric identity vs. domain centric identity. I had to explain so many things. Many minds would be lost along the way. I was becoming frustrated until I started to open the conversation with Portable Internet Identity. Some people actually stopped me short and said: "I get it. That is what we need. You don’t have to keep explaining." One called it a Portable Internet Profile.
‘Portable Internet Identity’ does not capture all the nuance and complexity that we have thought about. However if the goal is communication and uptake then it seems to be a good starting point. (note: this is quite recent and my sample size is quite small)
Ironically I Googled "portable internet identity" and, you and SXIP dominate this surprisingly uncommon phrase on the net. So perhaps I got it from reading this blog.. although not consciously.
I vote that i-cards ( http://wiki.idmashup.org/I-cards ) would be a strong addition to the lexicon as the generic term for the embodiment of a Portable Internet Identity. However, not all Portable Internet Identities would be embodied as i-cards. We all understand the meaning of our cards in our wallets which are our Portable Non-Internet Identities. This is a very strong leverage point. The work that SXIP is doing to help these portable identities act more like the wallet cards is very important in this regard. (for example: presenting my visa or drivers license without my bank or government knowing or even attracting any liability is a very powerful offline use of id)
I think we are at the stage where we all need to talk more with people outside the identity circle, and outside the Web 2.0 circle. Although it is interesting that the vast majority of Web 2.0 sites completely ignore Identity 2.0 so there is still work to be done there. Every day, literally, I have to sign up for yet another web 2.0 silo identity.
Very useful feedback Phil, thanks!