{"id":1156,"date":"2010-09-06T05:50:56","date_gmt":"2010-09-06T13:50:56","guid":{"rendered":"\/?p=1156"},"modified":"2010-09-06T06:04:27","modified_gmt":"2010-09-06T14:04:27","slug":"a-confused-critique-of-identity-federation","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1156","title":{"rendered":"A confused critique of identity federation"},"content":{"rendered":"

in a recent piece <\/a>at The Federal Circle<\/a>, Earl Smith II, managing partner,\u00a0comes out “all guns blazing”\u00a0against identity federation and the “weird and wonderful” Laws of Identity.<\/a>\u00a0<\/p>\n

Earl wishes he could “simplify” digital identity, rejecting\u00a0identity federation\u00a0as being too abstract to solve digital identity problems.\u00a0 Unfortunately, his\u00a0view of things\u00a0mixes up architecture and\u00a0the way\u00a0real live systems are\u00a0deployed, and he creates a straw man out of particular deployment assumptions.\u00a0\u00a0The resulting\u00a0explanation\u00a0demonstrates that once confused about this,\u00a0things can\u00a0look\u00a0stranger and stranger:\u00a0<\/p>\n

All such \u201cfederated identity\u201d models start with the intuitively appealing premise that if an individual has already been identified by one service provider, then that identification should be made available to other services, to save time, streamline processes, reduce costs, and open up new business channels.\u00a0 It\u2019s a potent mix of supposed benefits, and yet strangely unachievable.<\/p>\n

True, we can now enjoy the convenience of logging onto multiple blogs and social sites with an OpenID, or an unverified Twitter account.\u00a0 But higher risk services like banking, e-health and government welfare stand apart, still maintaining their own identifiers and sovereign registration processes.<\/p>\n

To my mind, the fashionable open identity approach is ironically lumbered with the same lofty ambitions that killed off traditional Big PKI.\u00a0 The express aim is to create \u201ctrust frameworks\u201d sufficient to enable business to be conducted amongst strangers.\u00a0 To this end, federated identity proponents implore banks and government agencies to re-invent themselves as \u201cIdentity Providers\u201d in accordance with the weird and wonderful Laws of Identity<\/em>.<\/p>\n

The Laws of Identity embody some powerful ideas, especially the view that when we go about our business, each of us exercises a plurality of virtual identities.\u00a0 In different settings we present different identities, each standing as a proxy <\/em>for a complex and bounded relationship.\u00a0 We have different relationships with various entities and services: banks, government agencies, health services, employers, stores, professional associations, social networks and so on.\u00a0 Each identity is context dependent, and can lose its meaning when taken out of context…<\/p>\n

But for the most part, the Laws of Identity<\/em> and the new ecosystem model are chockfull of unfamiliar abstractions. \u00a0They deconstruct identities, attributes and services, and imagine that when two parties meet for the first time with a desire to transact, they start from scratch to negotiate a set of attributes that confer mutual trust.\u00a0 In practice, it is rare for parties in business to start from such a low base.\u00a0 Instead, merchants assume that shoppers come with credit cards, patients assume that doctors come with medical qualifications, and banks assume that customers have accounts.\u00a0 If you don\u2019t have the right credential for the transaction at hand, then you simply can\u2019t play (and you have to go back, out of band, and get yourself appropriately registered).<\/p>\n

Perhaps the most distracting generalisation in the new identity ecosystem is that Service Providers, Identity Providers and Attribute Providers are all different entities.\u00a0 In reality, these roles are all fulfilled simultaneously and inseparably by banks, governments, social networks and so on.<\/p>\n

To put order into this nest of ideas, let's begin with what Earl calls\u00a0“the most distracting generalization in the new ecosystem”:\u00a0 that Service Providers, Identity Providers and Attribute Providers are all different entities.\u00a0<\/p>\n

In fact, Earl,\u00a0I made\u00a0no such\u00a0statement in the Laws of Identity or anywhere else, despite my support for an identity ecosystem.\u00a0\u00a0<\/p>\n

The Laws of Identity<\/a> refers to an Identity Provider as\u00a0issuing “claims”,\u00a0a Relying Party as\u00a0“depending on”\u00a0claims, and a Subject as “presenting” claims, but makes no statement that if you do one you can't do the others.\u00a0 Why?\u00a0 Identity Provider, Subject\u00a0and Relying Party are architectural roles<\/em>.\u00a0 A single entity can play any combination<\/em> of those roles.\u00a0 One\u00a0particular combination is complete separation of the roles, but in most cases every entity plays more than one.\u00a0 \u00a0\u00a0\u00a0<\/p>\n

For example, today's large web sites (like the MSN's, Googles and Yahoos) are composed of thousands of individual services.\u00a0 Without having to be conscious of it, people log in to\u00a0a site's Identity Provider service, which issues claims that are consumed by each of the composite Relying Party services that make up the site.\u00a0 So the\u00a0“decomposition”\u00a0which\u00a0Earl sees as “deconstructed unfamiliar abstractions” is, at the architectural level, a MUST<\/strong> in order to have\u00a0large scalable sites, and this is as key to the current web as to the metasystem model which is just standardizing and extending it.\u00a0<\/p>\n

I refer Earl and others to the\u00a0User-Centric Identity Metasystem <\/a>paper for more details.\u00a0 Section 6.2 states:<\/p>\n

6.2 ACTORS PARTICIPATING IN THE METASYSTEM<\/p>\n

The actors participating in the Identity Metasystem can be classified by role, taking into consideration that any individual actor or set of actors can play multiple roles (both at the same time and at different times).<\/p>\n

(6.2 goes on to define roles such as Subject, Claims Issuer, Relying Party, etc).<\/p>\n

That paper is\u00a0not simple-minded in its presentation, but its goal is to\u00a0lay out a model for\u00a0precisely understanding the way identity systems actually work and can work in the future, not to do mass pedagogy.\u00a0 People using Facebook or Google or Windows Live never think about the decomposition of services within the identity fabric, yet depend\u00a0every day\u00a0on that very decomposition.<\/p>\n

Continuing to unwind Earl's comments, let's factor out what he says about\u00a0Trust Frameworks.\u00a0 Here I'm not unsympathetic to the points he is making, though I think they are only part of the story.\u00a0 I agree that\u00a0most initial usage of the architecture is, as in the examples I've given here,\u00a0within tightly bounded trust contexts.\u00a0But I also think that once the technology framework is in place (e.g. now…) we will see more and more examples of federation within wider contexts where it makes sense.\u00a0 The question is simply, “what makes sense”?<\/p>\n

If I could use my banking identity to log into the IRS, would that make sense to me?\u00a0 Yes, because I don't access the IRS site often enough that I can ever remember\u00a0an\u00a0IRS\u00a0credential.\u00a0 Would it make sense to Earl?\u00a0 Maybe not.\u00a0 So that very potential divergence\u00a0leads us to posit the need for an ecology with choices – one of which would be the IRS itself for those who don't relate to bridging of contexts.<\/p>\n

Earl calls upon us to agree on a few simplifying assumtions:<\/p>\n