As an example, given the advantage that Improved Explosive Devices (IEDs) provide in space (e.g. the ability to precisely place the explosion) and the difficulty of protecting soldiers & vehicles against such powerful blasts, the temporal axis may be the better choice on which to focus (e.g. by preventively detonating the IED before the enemy had planned).
Acknowledging the risk of unintended offense by seeming to equate human lives to web surfing efficiency, the time & space shifting analogy seems appropriate for federated identity.
As a trivial example, SSO shifts the 'where' of authentication from an SP to an IdP. And, once authenticated to that IdP, subsequent SSO to different SPs can benefit from that authentication earlier along the 'when' axis. Release of identity attributes may require real-time consent from the user, or may rely on consent obtained earlier - such consent effectively persisting forward into the future along the temporal.
In Kim's latest contribution to the 'Identity Oracle' saga, he presents a scenario of an identity requestor, rather than directly asking for Kim's identity attributes, instead querying
Can Kim take drug X without fear of drug interactions?
Instead of the requestor performing the "examine current list of prescriptions and look for drug interactions" calculation, the attribute provider does the job, the calculation shifted in both time & space. If the requestor cares only about the answer and does not need the actual identity attributes (i.e. list of meds) for any other purpose (which will not always be the case), then the principle of minimal disclosure suggests that it should receive the refined identity, and not the raw.
Unrelated, any real-world identity system has to account for an implicit meta-question for the above
Is drug X on Kim's formulary?
As Kim points out, it's not just identity operations & calculations that get shifted from place-time to place-time - liability will likely also be reapportioned amongst participants, with costs adjusting accordingly. As the risk of giving a wrong (and dangerous) answer is higher if the IdP is doing the drug-interaction analysis itself, the IdP will want to protect itself with an appropriate level of insurance.
As in in sugar and oil, the more refined the identity, the more expensive.
Exercise for statisticians: As the Oracle can answer only yes/no to the drug-interaction query, the chance of a false-negative with life-threatening implications for Kim is 50%. True/false?
Tags:
No comments:
Post a Comment