Liberty thinks you need discovery because they think it is both inevitable and correct that all your data should live in silos, beyond your control, and ideally where you can’t see it.
For Ben, it's the perceived fact that, in the Liberty architecture, the user is unable to exercise control over their various pieces of identity that makes silos, rather than whether or not the identity data can be shared amongst providers in a secure & privacy-respecting manner.
Ben points to Liberty's mechanisms for discovery as proof of his conjecture. If the user is in control of their identity, why would there be a need for automated discovery, just ask the user. So, as Liberty supports discovery mechanisms that do not rely on active user intervention, the user must be unable to exercise any meaningful level of control. QED.
Here's my take, Liberty DOES love silos, because without silos (e.g. identity attributes living in distributed and disconnected stores) there is no value for an architecture (ours or any others) that aims to tear down such silos.
Liberty's ID-WSF is built on the following assumptions
1) Users keep their identity where they want to.
2) The 'where' can be 3rd party identity providers as well as local storage (e.g. devices).
3) It's highly unlikely that all aspects of identity will be maintained at the same provider, i.e. there will be multiple 'wheres'.
4) Most users don't want to be responsible for facilitating identity sharing by themselves providing the 'where'.
5) Experts will misinterpret 1-4 to suit whatever is their current competitive positioning.
#1-4 motivate a discovery mechanism for identity attributes. #5 is tiresome.
Ben's post title makes me think of that classic grade school tease.
Liberty & silos, sitting in a tree
Liberty & silos, 'd' 'e' 's' 't' 'r' 'o' 'y' 'i' 'n' 'g'
First comes SSO
Then comes services
Then comes silos feeling nervous
Update: A blogger with less refined ethics than I would link to this.
I'm proud of myself for keeping to the high ground.
Update 2: Pat uses assonance to good effect.
No comments:
Post a Comment