Incredibly, I just came across a comment by another Paul. I guess I spoke to soon about my success communicating with Pauls, since Paul Madsen seems to be a doubting Thomas – which in this case adds some variety, so I'm pleased to see it:
Kim Cameron has a screen cap movie of a demo created by Ping ID.
Kim asserts that the demo illustrates (paraphrasing) “user-centric technologies like Information Cards are not in any way counterposed to federation technologies”.
I completely agree with the sentiment, but question whether the scenario portrayed by the demo actually demonstrates it.
In the demo, a user authenticates to a portal using CardSpace. Once authenticated, they are presented with a list of applications available to them for which SSO is possible (this presumably dependent n which I-Card they selected). For Kim, the user-centric piece (CardSpace) somehow ends at the portal, and from then on federation (SAML etc) takes over.
So, user-centric and federated technologies are shown as working together – but not at the same time. The user-centric piece hands off to the the federation piece. Federation is presented as a lower-level piece of infrastructure (which it can be) that doesn't seem to touch the user.
Hmmm. What I'm really saying is that in the demo being shown, the user has a relationship with the portal, which offers a nice array of services. So in terms of technology, the identity relationship is user-to-portal, not user-to-individual-service. One could also say the “services” can be “outsourced” by the portal – and are dealing with users as proxies for the portal. Once the user has entered the portal, there is a “magic carpet” that takes her from service to service.
But note: The portal could also take the user to a service with which she would have a completely independent identity relationship. In this case, the user would again see the Cardspace interface and select her identity through it.
Paul (three) continues:
This interpretation is reinforced by Kim:
To my way of thinking, you have two more or less orthogonal technology efforts – that oriented around federation issues, and that oriented around the user’s experience.This ignores the possibility for SAML-based technologies to provide the very same user-experience (i.e. real-time identity sharing control, IDP selection etc) that I-Cards enables. Is SAML's Enhanced Client or Proxy (ECP), as it enables similar control mechanisms, then user-centric?
Probably not, as Kim also hilites the common UI of Cardspace and its relevance
Should my experience therefore be totally discontinuous as I move from one portal to another, being organized by the portal rather than by my own system
Exactly. Maybe I was more successful at communicating with Paul Masden than I initially thought – I think he sees my point.
The portal just cannot know all my identity relationships (unless I were to find myself in some hiddeous “total environment” where everyone knows everything).
So the portal, simply by virtue of the role it plays in the system, cannot organize my perception and use of identities across the board. This is one of the key points I'm trying to make, and explains why you need user centric technologies and they are orthogonal to federation technologies even though in both cases you have claims being asserted and relied upon.
Finally, Paul asks:
If the phone manufacturers (or those of set top boxes) were to come together and agree on user-interface standards – would that be user-centric?
If they allow users and relying parties to represent and select between their multiple identities then yes, sure, exactly. But it's not just a question of user interface (UI), it's a question of capabilities that are represented through UI. I don't know why people reduce this to UI.
The fact that phones could deliver these new capabilities is why it makes perfect sense to put Information Cards on phones, music players, and other devices. I first proposed putting them on computers because I happen to work in that industry. But I know a lot of people who are interested in getting the same identity relationships to appear across all kinds of devices.
Great explanation Kim. I posted some additional comments here:
http://itickr.com/index.php/?p=28
Thks.