This got me to thinking about what happens when we try to control how our identity is shared. Certainly there are things going on like the Liberty Alliance, Higgins project, chi.mp, and CardSpace. But before this can happen there has to be an agreement, even a contract that states what one will choose to share and how that information can be. Many people have mentioned that this is what makes this so hard. Heck, I'll go further. It's a mine field, in a world filled with data losses, identity theft, and outright fraud.
On BPuhl's Blog, there are some interesting comments on the steps involved to Federate. There's a similar posting regarding the policies and background that needs to happen here, as well.
The Liberty Alliance has gone so far as to come out with a document that serves as a framework for digital identity agreements.
We all see a need to have these protections on both the identity and service provider sides, plus in a retail setting, the user him/her self needs separate protections. Until we can come to an easily deployable solution for this protection, federated identity faces some big challenges.
No comments:
Post a Comment