Tuesday, October 10, 2006

SAML & IMSafer

Kaliya asks me to explain how SAML could help address the issue that IMSafer faces in tieing together IM accoounts so that parents can be confident that their kid's IM conversations at both home and work are appropriately monitored.

From the original TechCrunch article on IMSafer came this line:
While multiple screen names can be tracked at home, the company is working on a tool to associate different screen names across school and home to notify parents.
A not insignificant piece of SAML 2.0 deals with the establishment of connections between such disconnected accounts in order to facilitate subsequent identity-driven interactions, whether those transactions be SSO, attribute sharing, or 'dangerous chat language notification'.

If the child had two different IM handles or used different systems, then a connection could be established between them in the form of a persistent & opaque identifier (different from either IM name) to ensure that the appropriate parents can be confident that they are covering all "conversation bases". Likely better would be to establish multiple identifiers, one between each IM provider and IMSafer. SAML defines how these connections can be established, nothing about the specifics of how you build a notification system for dangerous phrases using these connections.

Build the system on Liberty Alliance ID-Web Services Framework and you get alot more - parents could specify their own favourite dangerous phrases for monitoring, use a People Service to manage the privileges for creating and managing accounts, and build on the WSF notification framework.

Kaliya then asks:

Isn’t the whole point of the Laws of Identity that people should not have there identifiers aggregated across contexts without their knowledge.
Who said anything about doing this without the knowledge of the kids? SAML could definitely be used in an underhanded way to establish the connections between IM accounts (just as IMSafer can be run in covert mode - the FAQ 'advises' parents to tell the kids it's installed). SAML can also be used in an open, privacy-respecting user-centric manner to do the same (like the multiple identifier model above in which the kids could be involved in the establishment of the identifiers and so be completely 'in the loop'.) Is there any identity system that we can't say the same thing about?

With respect to privacy, it seems there are more fundamental issues. From the IMSafer FAQ:

How do you know what IM accounts to monitor?

When a user on a computer onto which you have installed the IMSafer client software uses IM, we automatically detect it and start monitoring the account. You don't have to do anything. How nice is that?
Now that's informed consent!

No comments: