Friday, February 23, 2007

Recommendation vs References

Johannes uses a nice employee hiring analogy to argue that both identity flow patterns of 'through the user-agent' and 'around the user-agent' are valid. As proponents of the Liberty Alliance's ID-WSF have been arguing the same for years, I heartily concur (and would argue that Liberty's People Service could be an excellent platform to build a reputation system on).

A slight quibble. The impression from Johannes analogy is that the 'Reference Check' model (comparable to 'around the user-agent') would allow the RP to get a more accurate view of the candidate's qualifications - even perhaps obtaining negative reviews from previous employers. Two points here:
  1. in ID-WSF, the User still knows (but admittedly can't be completely sure) what goes in the 'reference letter'. It is the User that effectively both writes the letters through their interactions with their providers, and controls the advertisement of these letters, through their policy over controlling how such letters can be discovered. In Johannes's employment analogy, the candidate would never see such letters (and indeed would never know if they've been exchanged), and so the previous employer would presumably feel free to express their true opinion. As Johannes points out, in fact laws may still constrain the previous employer, and they definitely also constrain what an IDP will or can say about its Users.

  2. if a RP asks for the user's 'Frequent Flyer Status' from an IDP, and the User doesn't like the fact that the IDP asserts 'Silver' when the level of desired RP service is 'Gold', the Recommendation Letter model for identity flow would theoretically allow the User to see the assertion and, not liking the consequences, remove it (they can't change it). But of course, this doesn't help the User. Without the frequent flyer information of 'Silver', the RP will likely provide the default 'Bronze' level of service. The User is worse off than if they just let the 'Gold' status claim through. So it is for Recommendation letters - if the User filters out all information they don't wish to be disclosed to the prospective employer, they may be left with nothing at all to show.
Kudos to Johannes for not using 'the term that can't be defined' in such a discussion.

No comments: