Category: Digital Identity

Knowledge verification

Reading this post by John at IDology, I'm starting to understand how “knowledge verification” can differ from conventional uses of personal identifying information:

So I came across some interesting commentary in the blogsphere regarding verification services sparked by Jessica’s article I blogged about in my last entry (which you can now read a version of in The Charlotte Observer). In the article, Jessica describes the verification chain (which I must point out is only a brief snapshot as well as a combination of several different processes from different providers) that prompted Conor Cahill to post on the problems of verification services in general.

While I think Kim Cameron’s blogpost response helps clarify verification as it relates to Identity 2.0…

“Right now we give all our identifying information to every Tom, Dick and Harry…What if we just gave it to Tom, or a couple of Toms, and the Toms then vouched for who we are? We would ‘register’ with the Toms, and the Toms would make claims about us and the chances of having our identity stolen would drop…”

…there is still light to be shed on what a verification service is and how it in fact works today to protect consumer data from being further comprised in the event of becoming a victim of identity theft.

Conor comments: “I would hope they start to add stronger verification that the person who “knows” this stuff is actually the person who’s data is being verified…We really need to move away from knowledge of basic facts as a verification of identity, especially when many of those facts are published in one form or another.”

Yes, in some instances some verification providers are using current information, credit history and other data resources that are easy for thieves to buy, know or guess when impersonating someone. That’s why using knowledge-based information on past personal history is much more effective. This information is hard to dig up. Admittedly it’s not foolproof against our mother or spouse, but if someone that close to me steal’s my identity then there are other levels of trust issues to be discussed.

Based on Kim’s comment

“I’ve been asked so many times for the name of my first pet that I’ve had to make one up.”

I want to clarify that this form of verification does not fall in the category of what I define as knowledge based authentication. Sure, it’s based on knowledge, but it’s a knowledge we provide which is then stored in a database for when we inevitably forget our password. Considering most consumers probably use the same question/answer and passwords or combination password at several different sites, consumers are in a real pickle when a data breach occurs or a laptop with those records is stolen. The solution for this of course is very eloquently addressed in the Tom, Dick and Harry example Kim Cameron provided, but it’s important to explain that Knowledge verification services as they relate to ecommerce today and in the future for Identity 2.0, are intelligent-based and ask you questions not every Tom, Dick and Harry use or know.

It would help to understand the concepts better if John would give us some examples of how this works in practice. What kinds of questions are asked, and how does IDology know the answers?

 

WordPress vulnerability at identityblog

Sun's Rohan Pinto has spent a fair amount of time this week using a recipe that has been discussed in the Blogosphere recently to hack into my blog, which runs WordPress 2.0.1, and then apologizing for it (I appreciate that, Rohan).

He was able to use a vulnerability in WordPress to employ his “subscriber” account (which normally only grants comment rights) in order to import a fake post onto my site (I've since removed it but it is shown at the right).

The exploit used was described about three weeks ago (July 27th, 2006) when Dr. Dave published his “Critical Announcement affecting ALL WordPress Users.”  All in all, it was a fairly stern warning.  I would have upgraded to a newer version of WordPress but couldn't because I was travelling:

If you are running WordPress as your blogging platform and if you have been trusting enough to leave User registration enabled for guests, DISABLE IT IMMEDIATELY (in wp-admin >> options: make sure “Anyone can register” is not checked).

Additionally, delete or disable ANY guest account already created by people you are not sure about.

Leaving it open and letting people sign-up for guest accounts on your WordPress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don’t wait a second to disable this option and please relay the message. WordPress dev team has been notified a while back and I dare hope they will soon start acting on it, if only by relaying a similar announcement through the official channel (as well as, of course, releasing a proper patch).

Sorry for the shrill hysterical tone, but this is a big deal. However, disable that one option and you are fine, no need to panic further :)

[cheers go to Geoff Eby for discovering and bringing this insane security exploit to my attention]

Initially Rohan entitled the post that described the exploit, “Is Cardspace Secure Enough?”.  That bothered me, since the exploit had nothing to do with InfoCard or Cardspace or my PHP demo code.  Rohan was good enough to later make that perfectly clear:

Pursuant to my prior post. Please do take note of this. I would like to make it crystal clear to everybody that me logging into Kim’s blog and publishing as “him” was NOT a infocard exploit, but rather a “wordpress” exploit…

Please, please, please do note, that this IS NOT a infocard hack.

Conor Cahill read about the exploit and commented

Access Control is always going to be a responsibility of the entity managing the resource (in this case, Kim's blog is managed by a wordpress installation that he setup on his server, so his server must manage the access control).

The selection of the tool to manage the rescource will be based upon the reliability of the manager and the value of the resource.

I'm sure Kim wouldn't have put his bank account up on wordpress without a lot more testing and perhaps requiring someone else to stand behind it should there be such a problem…

All of this is true, of course, with the exception that my blog usually has more in it than my bank account.  Further, in the case of WordPress, it is the application that manages the security, not the underlying operating system or environment (in this case a LAMP stack) or hardware.

Of course, I didn't choose WordPress because it was the most secure solution in the world;  I chose it because it was an interesting blogging tool, with a lot of cool features, and would help me learn about the issues confronting people on non-Microsoft platforms so I could have a more inclusive view of identity problems.  And it has been great for those purposes.

You might think I would be abandoning WordPress.  But I won't.  I like it and want to continue to explore what it is like to work with it, and help make it better.  To me the real lesson in all of this is that the approach to remote operations used in WordPress – and almost all web-based applications – is just not adequate.  The more you know about all the exploits that are possible in the http world, the more you want to run headlong into the world of Web Services, where each transaction has its own security environment, in the sense that the security environment travels with each message and operation.  In the same way, SOA moves the control of authorization from the application to the operation definition process, so creative application authors like those who built wordpress, don't have to take sole responsibility for all the subtle security problems that will inevitably arise as we move further into the virtual world.

I take it for granted that given all my pontification about identity and security my site will be used in creative ways.  So I have no ill feeling toward Rohan.  The important thing is the conversation and the learning that come out of this.

So to rephrase Conor, in this case, the selection of the tool to manage the rescource will be based upon an analysis of the risks and benefits of using an emerging technology to reach others working on the issues. 

Identropy – Stephen Colbert, Identity and User 16006693

Ashraf Motiwala from Ash's Identity blog has contributed this illumination

Stephen Colbert had a hilarious piece on tonight's Colbert Report regarding protecting identity while searching (he suggests typing with your weaker hand, to disguise your typing patterns), in response to the AOL debacle (if you haven't heard, they released about 3 months of search histories comprising of some 20 million searches…but don't worry, they replaced people's usernames with random numbers…so we are safe, right?)
Not exactly. Paul Boutin used splunkd.com to parse the heck out of the data – and arrived at seven patterns of searchers. According to him, according to the data – people fall into one of seven searcher categories: the pornhound, the manhunter (looks up a persons name again and again), the shopper, the obsessive (the person who searches for the same thing incessantly), the omnivore (the person who searches like crazy, and doesn't really have a pattern), the newbie and the basketcase.

The most interesting way that I found to look at the data is to pick out a specific user. It's damn interesting, comical, and scary as to how much insight you might get. Take a look at User 16006693 go from politics, to retirement, to politics, to religion, to sex, quickly back to religion (repent!), to food and finally to heartburn. Classic.

16006693 nak
16006693 nack
16006693 sharona
16006693 knack
16006693 knack downloads
16006693 oakrige boys
16006693 oakridge boys
16006693 oakridge boys downloads free
16006693 jokes about dick cheney
16006693 jokes about dick cheney but not george bush
16006693 dick cheney creep
16006693 dick cheney dickhead
16006693 rummy dickhead
16006693 where is iraq
16006693 where is lebenon
16006693 his bullets
16006693 his bullies
16006693 shiits
16006693 shee-ites
16006693 bush appruval
16006693 bush approvel
16006693 bush drops below
16006693 dead reporters
16006693 dead reporters fotos
16006693 dead reporters pix
16006693 disembowled reporters pix
16006693 disembowled new york times
16006693 love thine enemas
16006693 love thine enemies
16006693 bible quote of the day
16006693 insperation from bible
16006693 george bush great president
16006693 george w bush great president
16006693 dream on
16006693 oakridge boys lyrics dream on
16006693 how to run country
16006693 how to run country when not really inerested
16006693 people to run country for you
16006693 over work
16006693 overwork
16006693 stress
16006693 best place to retire
16006693 places like crawford but without cindy sheehan
16006693 crawford the town not cindy crawford
16006693 crawford tx
16006693 like crawford tx but not so hot
16006693 best places to retire not hot
16006693 best places to retire global warming
16006693 global warming mith
16006693 global warming myth
16006693 crawford hot
16006693 cindy crawford hot
16006693 rice hot
16006693 rice hot not recipes
16006693 rice naked
16006693 rice nude
16006693 bible quotes resisting temptation
16006693 oakridge boys i'll be true to you
16006693 oakridge boys trying to love two women
16006693 rice and beans
16006693 tex mex
16006693 tex mex not music
16006693 tex mex takeout
16006693 tex mex takeout dc
16006693 heart burn
16006693 heartburn

One more Paul on the federation and user centrism demo

Incredibly, I just came across a comment by another Paul.  I guess I spoke to soon about my success communicating with Pauls, since Paul Madsen seems to be a doubting Thomas – which in this case adds some variety, so I'm pleased to see it: 

Kim Cameron has a screen cap movie of a demo created by Ping ID.

Kim asserts that the demo illustrates (paraphrasing) “user-centric technologies like Information Cards are not in any way counterposed to federation technologies”.

I completely agree with the sentiment, but question whether the scenario portrayed by the demo actually demonstrates it.

In the demo, a user authenticates to a portal using CardSpace. Once authenticated, they are presented with a list of applications available to them for which SSO is possible (this presumably dependent n which I-Card they selected). For Kim, the user-centric piece (CardSpace) somehow ends at the portal, and from then on federation (SAML etc) takes over.

So, user-centric and federated technologies are shown as working together – but not at the same time. The user-centric piece hands off to the the federation piece. Federation is presented as a lower-level piece of infrastructure (which it can be) that doesn't seem to touch the user.

Hmmm.  What I'm really saying is that in the demo being shown, the user has a relationship with the portal, which offers a nice array of services.  So in terms of technology, the identity relationship is user-to-portal, not user-to-individual-service.  One could also say the “services” can be “outsourced” by the portal – and are dealing with users as proxies for the portal.  Once the user has entered the portal, there is a “magic carpet” that takes her from service to service. 

But note:  The portal could also take the user to a service with which she would have a completely independent identity relationship.  In this case, the user would again see the Cardspace interface and select her identity through it.

Paul (three) continues:

This interpretation is reinforced by Kim:

To my way of thinking, you have two more or less orthogonal technology efforts – that oriented around federation issues, and that oriented around the user’s experience.

This ignores the possibility for SAML-based technologies to provide the very same user-experience (i.e. real-time identity sharing control, IDP selection etc) that I-Cards enables. Is SAML's Enhanced Client or Proxy (ECP), as it enables similar control mechanisms, then user-centric?

Probably not, as Kim also hilites the common UI of Cardspace and its relevance

Should my experience therefore be totally discontinuous as I move from one portal to another, being organized by the portal rather than by my own system

Exactly.  Maybe I was more successful at communicating with Paul Masden than I initially thought – I think he sees my point. 

The portal just cannot know all my identity relationships (unless I were to find myself in some hiddeous “total environment” where everyone knows everything). 

So the portal, simply by virtue of the role it plays in the system, cannot organize my perception and use of identities across the board.  This is one of the key points I'm trying to make, and explains why you need user centric technologies and they are orthogonal to federation technologies even though in both cases you have claims being asserted and relied upon.

Finally, Paul asks:

If the phone manufacturers (or those of set top boxes) were to come together and agree on user-interface standards – would that be user-centric?

If they allow users and relying parties to represent and select between their multiple identities then yes, sure, exactly.  But it's not just a question of user interface (UI), it's a question of capabilities that are represented through UI.  I don't know why people reduce this to UI.

The fact that phones could deliver these new capabilities is why it makes perfect sense to put Information Cards on phones, music players, and other devices.  I first proposed putting them on computers because I happen to work in that industry.  But I know a lot of people who are interested in getting the same identity relationships to appear across all kinds of devices.

Dave Kearns takes on anonymity

 Dave Kearns of The Virtual Quill (and many other venues) has joined the anonymity scrum (even though he was already in it) :

“Anonymity as default,” which I mentioned in the previous post, is taking on a life of it's own. Now Tom Maddox has posted in his Opinity weblog, commenting on Ben Laurie's commentary about Kim Cameron's mention of Eric Norlin's post concerning David Weinberger's original thought that “Anonymity should be the default.”

(I'll just sit here and whistle for a moment while you follow that set of links)

The point I wanted to mention was Maddox’ statement:

We need to begin with anonymity/pseudonymity as the default, Laurie's ‘substrate choice’. Otherwise, whatever identity system we employ, we'll always be trying to get the cat back in the bag (or the scrambled egg back in the shell)

The fallacy here is that he seems to believe that there can be an “identity system” in which anonymity is a choice! And not only a choice, but the default choice. But without a unique identifier for each object in the system, there is no identity system. And with a unique identifier there is no anonymity within the system. Rather, the default should be PRIVACY for all objects, with any dispersal or publishing of identity attributes only done with the consent of the entity if it's sentient, and the entity's controller if it isn't.

Maddox is correct that once the data is published you can't unpublish it completely. That argument shouldn't be overlooked. But it's equally as important to realize that the “anonymity bandwagon” is out of control and headed for the cliff. Privacy is the key, and privacy should be the issue.

I have trouble with Dave's use of the phrase, “within the system”.  What is “the system” in a multi-centered world with an interpenetrating mesh of domains?  Put another way, just because an object has a unique identifier, do entities dealing with the object have to know that?

Things may have unique identifiers that are known to some identity authority / domain (even infinitesimilly small ones) but these authorities don't have to release them when identifying things to other parties. 

Would an example help? 

Suppose some company – let's call it Contoso.com – runs Active Directory as its local identity infrastructure.  Active Directory identifies all of the machines and people in Contoso's “domain” with a Security IDentifier (SID) – basically a unique id/domain pair.  But when I am dealing with someone from Contoso.com, I probably don't give a darn about their SID, no matter how useful it may be to their local AD system.  Dave, do you care about my SID? Knowing you and loving you, I think you've got better things to worry about!

In the world of web services, which will be a vast mesh where identity reaches beyond domain boundaries, the definition of what is “within the system” becomes very ambiguous. 

The SID makes sense “within the system” thought of a narrow domain manager.  It normally doesn't make sense “within the system” thought of as a connecting mesh of entities that happen to interact with many domains. 

In this bigger world, I may be interested in the fact that someone is an employee of Contoso, byt totally uninterested in anything that uniquely identifiers them as an employee – even if such unique identification is necessary for some other purpose.

For example, if I call 411, I speak with a representative of the phone company.  I don't know her or his name, or number, or location, or anything else.  I just know the person I'm talking with works on behalf of Verizon – and that is all I really want to know.

Yet knowing they are an official employee is still a matter of identity! 

Is this anonymous?  I would say so.  It “has an unknown or unacknowledged name”, as my pathetic online dictionary puts it (I'm travelling).  So it is anonymous, but it is identity.

This is all part of the notion that an authority can make claims about a subject – and that this is done through a set of assertions.  Given this, we need a name for the “empty set” of assertions. 

So far, we call it anonymity.  We believe this will ring a bell in more peoples’ heads than “empty set of assertions”.

If we now combine this thinking with the second law (minimal disclosure) – we come to the notion that if more is not needed, the identity set should be the empty set.  This is what I think people are talking about when they say the default should be anonymous.

Demo gets good reviews

Paul Toal over at Identity, Security and Me posted this to encourage you to check out the demo I put up recently.  (Just in case any of you are busy, it's only 3 minutes long!)

Picture of Britian's Paul ToalKim Cameron has posted a really good video here explaining how user-centric identity and federation can work together. His blog and associated demonstration is shown using Microsoft CardSpace and Ping Federate from Ping Identity.

I have worked with Ping Identity for some time and was happy with the product and how it, and federation works generally. However, like Paul Squires here, I was struggling to see how it fitted within a user-centric architecture. Whilst I saw the two as complimentary, I didn’t see the link.

This video has clarified this for me and shown that there is a clear interaction between the two.

As usual Kim, thanks for a great demo! If you haven’t seem the demo yet, you HAVE to view it.

Then, following Paul Toal's link to Paul Squires at Here, Now, I came across his additional comment:

This [demo…] is well worth seeing for anyone with an interest in where digital identity is going. The demo itself shows cardspace (if there’s anyone who hasn’t seen it yet!) along with interoperability between a number of applications. The guys at Ping have done a great job with this and I’d hope this brings together these various strands of identity management (it’s certainly helped me, not least from an architectural point of view). Things are starting to look very exciting!

Update: Never one to miss out on a bit of vanity, the second open tab in the browser during the demo looks very familiar!

Gee, I'm on a roll.  Just like my horoscope said, I seem to be communicating well with people named Paul.

As for Paul two's “update”, looking closely I also can see that I had been reading one of his posts the day I captured the demo.  Just think.  Some people are worried there will be no fingerprints in the digital world.  It ain't true.

Federation and user-centricity

Conor Cahill picked up on a discussion I recently relayed to identityblog readers – part of an ongoing dialog between Brett McDowell and Dick Hardt.  Conor says:

I think the issue causing the disagreements here is the interpretation of the term “federation” when discussed in an identity context.

Certainly federation can mean groups of businesses working together and this is the traditional meaning of the term in the business community. This meaning would fit with Kim's statement above.

However, in an identity context (as in “identity federation” — the stuff the Liberty Alliance has been working on since its founding) the term federation was used to describe the sharing of identity information from party A to party B. Party A is usually some party representing the user (acting on the user's behalf) such as an Identity Provider or an Attribute Provider. There is nothing that says whether Party A is an entity operated by the user or by some 3rd party.

In fact, in the Cardspace solution, the process of sending data through an Infocard instance to a relying party would be considered taking place under identity federation, whether the infocard instance was rooted in a local data source or a remote data source.

Ultimately, I would say that federation can be used in both user centric and non-user centric solutions. Federation is a technology/protocol and user centric is an implementation philosophy. When designing a user centric solution, you almost always have to include some form of identity federation, but give the user great control over its use. The converse is not required to be true (although I wouldn't object to it if it was true in any environments in which I played).

I like a lot of Conor's thinking.  I agree that use of a managed card in Cardspace should be considered a form of “federation” between the relying party and the identity provider – federation approved by the user.

But I don't quite buy that “federation is a technology/protocol” wherease “user-centric is an implementation philosophy”.  I doesn't compute given a great deal of work I've been doing lately.

It's clear to me that good “user-centric” experience isn't just an automatic or natural by-product of some other “technology/protocol”.  In fact, it requires just as much study, just as much thought, just as much coding, and just as much experimentation as protocols do – probably more. 

What I'm try to say here is that it requires technology.   In the past we've had a lot of technology that failed miserably at organizing, integrating and rationalizing the user's experience.  I've been working on software that I think does a lot better job at this.  Why wouldn't Conor call that a technology?

To my way of thinking, you have two more or less orthogonal technology efforts – that oriented around federation issues, and that oriented around the user's experience.

As a user, when I go from portal to portal to portal, it's likely they will have relationships with different identity providers.  Should my experience therefore be totally discontinuous as I move from one portal to another, being organized by the portal rather than by my own system?

In Cardspace (and with Information Cards running on other devices and platforms) we postulate that the user can benefit from computerization of his or her own identity experience – just as enterprises benefit from computerization of theirs.

Through Information Cards users can benefit, to the extent the technology is adopted, from the same well-understood experience as they move between unrelated portals which do not share identity relationships.   

I see Cardspace as providing a palette of identity relationships (Information Cards) that work for me as a user and make sense from my point of view as an individual with a complicated life. 

I think Dick Hardt, and others like Paul Trevithick at Higgins, share a number of the same notions as I do, though each of us is concentrating on different aspects of the problem.

So that's why I'm saying that there are two legitimate technology areas, orthogonal in the sense that you can have either one without the other, but synergistic in that together you get a number of critical new scenarios.

To make this more concrete, my next post will be  a demo of Andre Durand and Ashish Jain's work in showing how this can look in practice.

Adventures in Cardspace

Industry guru Craig Burton's Cardspace is working now (thank goodness).

The bad news is that he's had a pretty miserable time getting it going.  Mainly, it seems in retrospect, because his computer was set up with a FAT32 file system.  If you have this configuration, no error message is displayed to you as a user – you have to read through a cryptic note in the system-wide error log.  This has to be fixed.

The good news is that once he got Cardspace working, Craig really liked it.  That's really important to me:

I have been trying to get CardSpace to work on my machine for several weeks. (Seems much longer.)

I have downloaded tons of upgrades, deleted apps and services, and so on.

Pamela Dingle and Kim Cameron have been very helpful in trying to help me make things work.

Pamela studied the error log –created by the CardSpace control panel–I posted and suggested that the problem was that my c: drive was using the FAT32 file system. She explained that her resources tell her that CardSpace only supports NTFS.

Turns out this is true. Kim subsequently fessed up that FAT32 isn't secure enough so they decided to set the bar at NTFS. They just didn't bother to tell anybody. (Good thinking.)

I decided–against my better judgement–to convert my FAT32 file system to NTFS. I haven't done that until now because I haven't been successful in creating an NTFS compatible boot CD. If something happens to my system, I'm in trouble. I am working on resolving this. (There is a DOS-based utility that will access NTFS for recovering critical data. I don't like that prospect.)

Anyway, to convert from FAT32 to NTFS you do the following. Open a command line window:

start>run>cmd

Run the convert utility:

convert c: /fs:ntfs

Reboot, and the convert utility–assuming you have enough empty storage–will convert FAT32 to NTFS with no loss of data.

I tried it. It worked. Whew! Getting this far has been no simple task.

I was then able to create an Infocard with the CardSpace control panel and login  to the Idendity web log and to the NetFX Sandbox.

I also tried the Ping site . It was slow–not sure why–but it worked. A page came up with four other sites that support Ping Federation that I can sign into with my Infocard. The sites aren't all the useful to me, Java, Verisign, Computer Associates, and another one I can't remember. That was cool.

The Ping site–unlike the other two sites–gave me three options for signin:
Traditional (yuch) name and password, self issued Infocard or Managed Infocard. Not sure why ping distingshes between self-issued and managed Infocards as the Infocard selector lets you do that, but I will find out.

Caveats.

If you convert to NTFS, you cannot go back to FAT32 without repartioning and formatting your disk.

I love being able to register and login to a website with an Infocard…SWEET!

I hate how complicated it is and that it only works with BETA code. Infocard simplicity comes at a complicated uphill price. At least it isn't Msft-silo-centric. Apple, Mozilla, RedHat and others have commited to support Infocards.

Things will have to get significantly easier–and supported by other browsers and OSs–before we see any kind of adoption.

Despite all of that. Not having to use name-password mechanisms for secure interaction is very significant to the industry and people. This has been a long time coming and I can't emphasize its importance enough.Thanks to all that have made it happen. 

Many thanks to Pamela, who has become a Cardspace savante, for figuring this out – I've been in Australia and couldn't keep up with the troubleshooting.

Demo libraries fix

Keith Grennan has a fix to the PHP sample code I published a while back.  He notes he “hasn't heard back”…  My mail system is extremely aggressive about putting things in the Junk Mail folder, so if you ever “don't hear back” don't be afraid to ping me again. 

I was hacking on Kim Cameron’s demo PHP InfoCard libraries recently, and sometimes found I got the error “SignedInfo digest doesn’t match calculated digest”.

It turns out the XML canonicalization in infocard-post-get-claims.php was breaking when character data in the token contained entity references (e.g. &), because the characterData handler gets only the decoded data.

Here’s a patch that fixes it. The patch re-encodes ‘< ’, ‘>’, and ‘&’ characters back to ‘<’, ‘>’ and ‘&’ respectively before adding them to $canonicalTokenBuffer. There are some edge cases that may not be solved by this patch, but it’s a quick fix that should make the token processing code more robust for many possible cases. I sent it to Kim but have not heard back.

Happy infocarding.

Check out the fix here.  I'll incorporate it into my code, which is intended to help people master infocard and can be used in whatever way is deemed helpful.  I'll post an updated ZIP this comng week.

Thanks, Keith.

 

User Centric is here to stay

I came across the following exchange on the ID Workshop discussion list.

First up was Brett McDowell of the Liberty Alliance:

I've just started looking for the follow-on thread I was expecting out of the “User Centric” session Dick led in Vancouver. I don't see it. Has that happened yet?

I was expecting an email that captured the consensus we had and a list of new “titles” for what I call “the identity management architecture formerly labeled ‘user-centric’ which is to be renamed in acknowledgement that at least two architectural models are appropriately labeled ‘user-centric'” (one model being a “user-centric deployment of Federation” and the other model being “TBD”… but it is what SXIP does).

That was our consensus view at the well-attended Vancouver session and I'm keen to participate on the naming exercise for the other architecture.

For more background read the wiki notes here. (note I'm not sure attendees are done tweaking these notes yet so they may not yet represent a true consensus but they are helpful now nonetheless):

So, Dick… are you going to kick this off? (or did I just miss it?)

Brett's challenge was directed at Dick Hardt, the amiable CEO of SXIP who understands better than any of us how to explain digital identity to a broad audience. (If you don't know him or forget how powerful his message is, make sure you look at this.)

After reviewing the meeting and looking at the graphics that were drawn, I think that user-centric might be the right term. The term has a fair amount of market awareness already and is being used to convey a model that is different from Federation.

I think User-centric means that each site trusts the user, and the user is free to choose any identity agent that provides the appropriate technical functionality. Federations are where a set of sites have decided to trust each other and the user has a relationship with one of those sites, which can then be communicated to the other sites.

This does NOT mean that “federation technologies” cannot be deployed in a user-centric manner.

Hopefully being August, the signal to noise ratio on any ensuing discussion will be high, but that may be wishful thinking.

I agree with Dick on this one, and don't really understand why Brett wants to fold user-centricity and federation into a single axis.  They are orthogonal. 

Federation technologies aim at helping internet portals, their suppliers, and their enterprise customers (businesses or government) to digitally identity the subjects of their business transactions.  This might or might not involve “users” in the conventional sense.

User-centric technology aims at helping individual people organize their relationships with many different and unrelated portals and internet sites – contact relationship management for individuals, as Doc Searls once said.

So in my view we are likely to have individuals employing user-centric technology to organize their relationships with federations.  There is no contradiction here, and no need to get rid either of the notion of the user-centric, or of the idea of federation.

The individual needs – and has a right to – technology that represents her.  The individual hasn't really been a factor in the identity equation until recently – she has simply been whatever some domain says she is.  That's changing.  User-centric technology delivers those changes.