Wednesday, November 24, 2010

Identity Trust Frameworks - Can they achieve what Visa, MC have?

Identity in the Cloud is here... almost! Facebook, Google, Twitter, LinkedIn, (my new personal favorite Empire Avenue) implement Oauth and Relaying Parties are able to use the Oauth implementation to register, authenticate and authorize users based on their identity data.   In other words, FacebookGoogleTwitterLinkedIn, and Empire Avenue are Identity Providers.  Most Relaying Parities trust these very well known IdPs, but their level of trust is only good enough for Social Networks.

Can these identities be used in some way by organizations during the hiring process?  Can a financial institution trust a user based on a third party Identity Provider? Can this be extended to Healthcare systems to reduce the registration process? Well, that is the goal, but we are not there yet, and the bridge to achieve these goals is "Trust"

There are some initiatives to Identity Trust Frameworks to achieve what the credit card industry was able to accomplish with its payment system networks. One of those initiatives is the Open Identity Exchange which is working with different groups, including the government, to create an environment where identities can be trusted at different levels of assurance.

We are yet to see how successful these implementations are, but they are dependent on the demand of identity data and the cost of the implementations.   We are still at the early stages of Identity Trust Frameworks, but initiatives such as the Open Identity Exchange are very interesting and very promising.