Friday, April 04, 2008

Delegation - social and provider

I came across Xero - an online accounting package for small businesses.

Two aspects of the online accounting use case seem a particularly good fit for Liberty Alliance ID-WSF - and they both deal with delegation.

First, as Xero is online, you can collaborate with your advisors (i.e. get them to review your entries, correct the mistakes, assess your financial health, etc) simply by granting them access to your account, rather than sending them files or print-outs of your books.

Xero's model is for the business owner to send an invite to their advisor, who would then create an account at Xero themselves. The same model for such social delegation as used for every other Web 2.0 social application.

This model presumes that each advisor is explicitly called out for permissions, and so doesn't easily support the possibility of those advisors changing. For instance, what happens when your accountant goes on vacation and somebody else in her firm takes over your account for the interim. (yes, of course your original accountant wrote down their Xero credentials on their desktop blotter, but the financial regulators might have an opinion on this).

If this were the only online interaction between the business owner and their financial advisors, this might be OK. But, often times, a business owner will need to make similar delegations to their advisors elsewhere, e.g. at some online government application in order to, for instance, allow the advisor to file taxes on behalf of the business owner.

In this case, Liberty's People Service makes social delegation more scaleable by providing a shared social layer across the various applications, and allowing the delegation permissions to be expressed in terms of this layer, e.g. allow the business owner to specify 'allow anybody from Peabody Financial Advisors to view my books' at Xero, but specify 'allow only Warren B. Uffet to submit my taxes' at the small business tax application.

The second interesting delegation aspect of Xero is what it describes as 'automatic bank feeds', allowing your bank transactions to be automatically brought into your Xero account.

I'd venture that Xero makes this work by asking the business owner for their bank credentials, and so armed, accessing the account stream through whatever API they've convinced the banks to offer up.

As has been pointed out, this is a bad model for sharing identity attributes.

A better model for provider delegation is for the user (the bank account owner) to delegate to the requesting application (Xero) specific rights for accessing its identity resources at some service provider (the bank) - and for subsequent requests for identity from Xero to the bank to be authorized (or not) based on such delegation rights.

Liberty ID-WSF's identity model allows for differentiated rights to be assigned based on both who is asking (Xero in this case), as well as who initiated the request (the business owner or somebody else). For instance, perhaps it's the advisor, looking through her client's books on Xero, that requests that their latest bank data be pulled in. The bank has to be able to differentiate this request from the default 'just getting the daily transactions' request that Xero sends each night.


Philip Fierlinger said...

Hi Paul,

I just wanted to correct you on a couple points regarding Xero.

Xero already gives administrators the ability to allow their advisors to invite other users.

Xero absolutely does NOT ask for customers' bank login. Xero customers must submit signed authorization to their banks.

We are working on secure host-to-host connections with the banks, similar to the model you describe. That means with Xero you get a great web 2.0 experience that's backed by uncompromising host-to-host security.

Philip Fierlinger
Lead Interaction Designer at Xero

Anonymous said...

Hi - just want to clarify how Xero's bank feeds work, because as you said, asking customers for their internet banking credentials is a bad model and this is not how Xero works.

Xero's bank feeds are setup by the customer giving authority directly to their bank, requesting their data to be provided to Xero.

Xero will never require your internet banking credentials and the authority is on the account - not the user.

Andrew Butel
Product Manager - Xero