I wonder if there is a 'Principle of Identity Locality'?
Perhaps something along the lines of
"Identity Context at one network locale for a given user can only impact the identity context for that user at another provider if some representation of the context at the first is communicated from the first to the second"Web SSO is a perfect example. For the fact of my authentication at an IDP to be of any value for my interactions with an SP, an assertion/claim as to the act of my authentication must get from the IDP to the SP. Providers aren't psychic after all. So, the principle holds for SSO it seems.
But I don't think it's necessarily as clear as this. If identity context at Provider A includes a perception of their experience at that provider, then that perception can impact my experiences at another provider, say Provider B. As an example, if Provider A abuses my privacy and uses my email to send undesired marketing - that will alsmot certainly colour how I deal with Provider B when it asks for my email. And this can happen without anything travelling from one provider to another (except my doubt and lack of trust). Action at a distance and the two identity contexts are entangled.
As intuitive and common sensical as the locality principle is for the world around us, multiple experiments over the last 40 years have proven that it doesn't always apply in the world of the very small governed by quantum mechanics.
No comments:
Post a Comment