One quote caught my eye:
...when rules are kept simple and incentives are provided from the Top-down, the energies of the Bottom can be realized for mutual gain. However, negotiating the sharing of control is both ripe with risk and opportunity.In today's identity, SAML, Liberty, and Infocard are typically presented as top-down initiatives; LID, OpenID, YADIS as bottom-up.
Notwithstanding that this distinction is, in some aspects, either completely wrong (Liberty can support user-hosted identity for instance) or a gross oversimplification (top-down identity provides more than governance and incentives, and bottom-up provides more than merely enthusiasm); the identity metasystem at least promises to be where top-down and bottom-up identity meet. The "identity middlespace".
One challenge (with associated risk) will be in dealing with the impedance mismatch presented by the different security & privacy characteristics of the various systems. Different use cases (blog commenting vs 401K access) result in (appropriately) different sets of requirements, which subsequently manifest themselves in varying security & privacy characteristics. Step-down might be easy, step-up though?
Risk and opportunity - rife indeed.
No comments:
Post a Comment