{"id":526,"date":"2006-08-13T00:51:13","date_gmt":"2006-08-13T08:51:13","guid":{"rendered":"\/?p=526"},"modified":"2006-08-13T01:45:53","modified_gmt":"2006-08-13T09:45:53","slug":"federation-and-user-centricity","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=526","title":{"rendered":"Federation and user-centricity"},"content":{"rendered":"<p><a href=\"http:\/\/conorcahill.blogspot.com\/2006\/08\/user-centricy-identity-is-here-to-stay.html\">Conor Cahill picked up<\/a> on&nbsp;a <a href=\"\/?p=515\">discussion I recently relayed<\/a> to <strong>identityblog<\/strong> readers&nbsp;&#8211;&nbsp;part of an ongoing dialog&nbsp;between&nbsp;Brett McDowell and <a href=\"http:\/\/identity20.com\/\">Dick&nbsp;Hardt<\/a>.&nbsp;&nbsp;Conor says:<\/p>\n<blockquote><p>I think the issue causing the disagreements here is the interpretation of the term &#8220;federation&#8221; when discussed in an identity context.<\/p>\n<p>Certainly federation can mean groups of businesses working together and this is the traditional meaning of the term in the business community. This meaning would fit with Kim&#39;s statement above.<\/p>\n<p>However, in an identity context (as in &#8220;identity federation&#8221; &#8212; the stuff the <a href=\"http:\/\/www.projectliberty.org\/\"><font color=\"#3366aa\">Liberty Alliance<\/font><\/a> has been working on since its founding) the term federation was used to describe the sharing of identity information from party A to party B. Party A is usually some party representing the user (acting on the user&#39;s behalf) such as an Identity Provider or an Attribute Provider. There is nothing that says whether Party A is an entity operated by the user or by some 3rd party.<\/p>\n<p>In fact, in the <a href=\"http:\/\/msdn.microsoft.com\/winfx\/reference\/infocard\/default.aspx\"><font color=\"#3366aa\">Cardspace <\/font><\/a>solution, the process of sending data through an Infocard instance to a relying party would be considered taking place under identity federation, whether the infocard instance was rooted in a local data source or a remote data source.<\/p>\n<p>Ultimately, I would say that federation can be used in both user centric and non-user centric solutions. Federation is a technology\/protocol and user centric is an implementation philosophy. When designing a user centric solution, you almost always have to include some form of identity federation, but give the user great control over its use. The converse is not required to be true (although I wouldn&#39;t object to it if it was true in any environments in which I played).<\/p><\/blockquote>\n<p>I like a lot of Conor&#39;s thinking.&nbsp; I agree that use of a managed card in Cardspace&nbsp;should&nbsp;be considered a form of&nbsp;&#8220;federation&#8221; between the relying party and the identity provider &#8211; federation approved by the user.<\/p>\n<p>But I don&#39;t quite buy that &#8220;federation is a technology\/protocol&#8221; wherease &#8220;user-centric is an implementation philosophy&#8221;.&nbsp;&nbsp;I doesn&#39;t compute given a great deal of work I&#39;ve been doing lately.<\/p>\n<p>It&#39;s clear to me that good &#8220;user-centric&#8221; experience&nbsp;isn&#39;t just an automatic&nbsp;or natural by-product of some other &#8220;technology\/protocol&#8221;.&nbsp; In fact, it requires just as much study, just as much thought, just as much coding, and just as much experimentation as protocols do &#8211;&nbsp;probably more.&nbsp;<\/p>\n<p>What I&#39;m try to say here is that it requires <strong>technology<\/strong>.&nbsp;&nbsp; In the past we&#39;ve had a lot of technology that failed miserably at organizing, integrating&nbsp;and rationalizing the user&#39;s experience.&nbsp; I&#39;ve been working on&nbsp;software that I&nbsp;think does a <em>lot better job<\/em> at this.&nbsp; Why wouldn&#39;t&nbsp;Conor call&nbsp;that a technology?<\/p>\n<p>To my way of thinking, you have two more or less orthogonal technology efforts &#8211; that oriented around federation issues, and that oriented around the user&#39;s experience.<\/p>\n<p>As a user, when I go from portal to portal to portal, it&#39;s likely they will have relationships with different identity providers.&nbsp; Should my experience therefore be totally discontinuous as I move from one portal to another, being organized by the portal rather than by my own system?<\/p>\n<p>In <a href=\"http:\/\/wcs.netfx3.com\/\" class=\"broken_link\">Cardspace<\/a> (and with Information Cards running on other devices and platforms) we postulate that the user&nbsp;can benefit from&nbsp;computerization of his or her own identity experience &#8211; just as enterprises benefit from computerization of theirs.<\/p>\n<p>Through&nbsp;Information Cards&nbsp;users can benefit, to the extent the technology is adopted,&nbsp;from the same well-understood experience as they move between unrelated portals which do not share identity relationships.&nbsp; &nbsp;<\/p>\n<p>I see&nbsp;Cardspace as&nbsp;providing a palette of identity relationships (Information Cards) that work for me as a user and make sense <em>from my point of view as an individual with a complicated life.&nbsp; <\/em><\/p>\n<p>I think Dick Hardt, and others like <a href=\"http:\/\/socialphysics.org\/paul_trevithick.html\">Paul Trevithick<\/a> at <a href=\"http:\/\/www.ibm.com\/press\/us\/en\/pressrelease\/19280.wss\">Higgins<\/a>, share a number of the same notions as I do, though&nbsp;each of us&nbsp;is concentrating on different aspects of the problem.<\/p>\n<p>So that&#39;s why I&#39;m saying that there are two legitimate technology areas, orthogonal in the sense that you can have either one without the other, but synergistic in that together you get a number of&nbsp;critical new scenarios.<\/p>\n<p>To&nbsp;make this more concrete, my&nbsp;next post&nbsp;will be &nbsp;a demo of Andre Durand and Ashish Jain&#39;s work in showing how this can look in practice.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>People can benefit from computerization of their own identity experience &#8211; just as enterprises benefit from computerization of theirs.<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6,2,8,7,5,4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/526"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=526"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/526\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=526"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=526"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=526"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}