Here is more fallout from James McGovern's intervention about InfoCard as a “consumer” interest.
It's a posting from Mike Beach – an identity pioneer all of us in the enterprise world respect, and who was one of the first to get an inter-corporate federation system off the drawing board and into production.
His thinking has the benefit not only of vision, but of a lot of real experience. Whatever he says, pro, con or neutral, I always start by assuming he is speaking to us from the future:
I agree with Kim that the Infocard/Identity Metasystem (or some other form of user-centric identity implementation) will find its way into the corporate world and help to solve some interesting problems. I have recently been mulling the potential impacts to both privacy and federation.
In the privacy space a colleague of my shared an interesting perspective. Most corporations, especially in the B2C space, have considered user/customer identity data to be an asset. Knowledge about their users that could be leveraged for any number of marketing opportunities. With the rising concerns and increasing regulations around privacy this perspective is, or should be, starting to change. This “asset†is now becoming a liability. Data about people (corporate people and consumer people) is always going to be required to do business, but how do we get that while at the same time minimizing liability? Enter the Infocard concept. It would seem we now have a means to establish authoritative data about the user, but give it to the user for safe keeping.
Relative to B2B federation it also appears the Infocard concept can add value.
Today many federations are established by corporations “on behalf†of their employees.
Consider the many corporate benefits providers that are establishing SSO federations with their clients. The employees are at the mercy of their employer and the benefits providers to ensure security and privacy, and typically have no choice in the matter. I realize the federation standards provide for “opt-in†federation, but I don’t see that fleshed out in products and implementations.
Again enter the Infocard concept. The potential for eliminating the magic, invisible, mandatory federation of today. The corporations can issue Infocard credentials to employees that can be used at benefit provider sites – or not. Employees have visibility, control, and choice. I can imagine the Infocard concept becoming the new federation user experience.
This phrase haunts me, and should haunt the industry: “The magical, invisble, and madatory federation of today.”
I tend to believe that if anyone knows what the gotchas are, it's Mike. So having him in this conversation is essential. Hey Mike, it's time to blog…