Tuesday, June 24, 2008

Outsourcing Assurance

HealthVault whitelists two (and only two) OPs.

Liberty Alliance announces Identity Assurance Framework.

What's the connection?

Microsoft whitelisted the Verisign and TrustBearer OPs after (presumably) their own review of the processes and authentication mechanisms of those OPs.

Will this scale if they want to assess other OPs (who will presumably clamor for the chance to assert to a big Microsoft RP)? Not well.

Just as OpenID allows HealthVault to outsource the authentication of users to OPs, Liberty IAF allows HealthVault to outsource the assessment of those same OPs to accredited 3rd parties (or at least provide a common assessment framework should Microsoft want to continue to perform the job)

No comments: