Monday, December 28, 2009

Letting Users Manage Their Online Identities - Government 2.0

The posted an interview with Heather West from the Center for Democracy and Technology.  Heather explained how User-Centric Identity works and the plans the government has to allow a few websites allow user's to authenticate/register with third-party data.

This is getting interesting since it can definitely be a driver for "Identity in the Cloud".  User-Centric Identity can be beneficial for end-user's who want to protect their privacy by demanding granular controls of their data from their Identity Providers (a great example is Facebook).  Facebook, although far from perfect when it comes to privacy, has changed their privacy methods and protections based on end-user demands and market drivers (for better or worse).  Now, I am not saying Social Networks are the only option for Identity Providers, but Facebook is a good example since it holds the largest number of personal identifiable identities.

I am going to try to keep up with "Government 2.0" (Open Government) and how it affects Identity,  I think this will drive Identity Management in the next decade.

Sunday, December 27, 2009

Open Trust Framework for Open Government

I was reading the Open Trust Framework for Open Government pdf released by ICF and my first thought was "why do we want government involved on this", but as I read the document it made perfect sense. And I actually agree with the concept.  Basically, the Government realizes that they don't necessarily have the best "identity data" available to satisfy industry and an "open" framework with an open market methodology satisfies their needs as a Relying Party (RP) of identities.

So, the government is not necessarily creating policy for an Identity Trust Framework, but an initial driver and our tax dollars better used... (I know, I am trying to convince myself...)

The best part is that if the government is an RP others will follow.

The other interesting fact I was not aware of, is the work of InCommon as a Trust Framework used by Higher Education mainly for federated single sign-on (not necessarily fully in the "Cloud").  This is definitely a good example (as it is stated in the document) of an "Open Identity Trust Framework."

Friday, December 25, 2009

Open Identity Trust Framework (IIW)

I think I am going to forget about "Identity Trust Network"  I like the title and work behind "Open Identity Trust Framework" being done by the folks at IdCommons at Internet Identity Workshop.  This work seems to be at a very early stage, but it is important that an open standard/framework for trust be available for the certification of identities in the cloud being provided by Identity Providers.

The concern with not having such framework would be some sort of National ID that is fully controlled by a single organization (such as the Federal Government) or some group of high profile companies.

The ideal scenario would be the use of a framework where organizations that are Identity Providers can be judged and rated on how "trusted" the services they provide are (since they certify the trust of the identities they manage).

Thursday, December 24, 2009

Identity Trust Network

Identities in "the Cloud" have taken and interesting form.  When I think of my Identity on the web today, I attempt to expose data that I think will be of benefit to me (either true or not), so my Identity cannot be trusted by someone who does not really know me.  Now, when you think of my Identity you take in consideration information I provided and information others provide (true or not).  Therefore, trust is key for you and I to be able to perform a transaction.

Here is a term I have been thinking about: “Identity Trust Network”, where Identity Providers attest the claims of an Identity and allow the consumption of trusted identity data based on the Identity owner allowed usage.

This term came to mind when thinking about Identity in the Cloud and its meaning.  The following was my train of thought:

- For Identity to exist in the Cloud, it requires a provider of this data.
- Identity data represents an individual (Identity Owner).
- This individual has provided their identity data to the provider.
- The provider must attest that the identity data is trusted.
- The trusted identity data will be consumed by a third party based on the owner's allowed usage (privacy)
- Identity Owner and third-party perform a transaction