{"id":531,"date":"2006-08-14T23:24:41","date_gmt":"2006-08-15T07:24:41","guid":{"rendered":"\/?p=531"},"modified":"2006-08-20T18:39:28","modified_gmt":"2006-08-21T02:39:28","slug":"one-more-paul-on-the-federation-and-user-centrism-demo","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=531","title":{"rendered":"One more Paul on the federation and user centrism demo"},"content":{"rendered":"<p>Incredibly, I just came across a comment by <a href=\"http:\/\/connectid.blogspot.com\/2006\/08\/user-centrification.html\">another Paul<\/a>.&nbsp; I guess I spoke to soon about my <a href=\"\/?p=529\">success communicating with Pauls<\/a>, since Paul Madsen&nbsp;seems to be a doubting Thomas &#8211; which in this case adds some variety, so I&#39;m pleased to see it:&nbsp;<\/p>\n<blockquote><p>Kim Cameron has a <a href=\"\/wp-content\/resources\/pingfederate.wmv\" class=\"broken_link\"><font color=\"#de7008\">screen cap movie<\/font><\/a> of a demo created by Ping ID.<\/p>\n<p>Kim asserts that the demo illustrates (paraphrasing) &#8220;user-centric technologies like Information Cards are not in any way counterposed to federation technologies&#8221;.<\/p>\n<p>I completely agree with the sentiment, but question whether the scenario portrayed by the demo actually demonstrates it.<\/p>\n<p>In the demo, a user authenticates to a portal using CardSpace. Once authenticated, they are presented with a list of applications available to them for which SSO is possible (this presumably dependent n which I-Card they selected). For Kim, the user-centric piece (CardSpace) somehow ends at the portal, and from then on federation (SAML etc) takes over.<\/p>\n<p>So, user-centric and federated technologies are shown as working together &#8211; but not at the same time. The user-centric piece hands off to the the federation piece. Federation is presented as a lower-level piece of infrastructure (which it can be) that doesn&#39;t seem to touch the user.<\/p><\/blockquote>\n<p>Hmmm.&nbsp; What I&#39;m really saying is that in the demo being shown, the user has a relationship with the portal, which offers&nbsp;a nice array of services.&nbsp; So in terms of technology, the identity relationship is&nbsp;user-to-portal, not&nbsp;user-to-individual-service.&nbsp;&nbsp;One could also say the &#8220;services&#8221; can be&nbsp;&#8220;outsourced&#8221; by the portal &#8211; and are dealing with users as proxies for the portal.&nbsp; Once&nbsp;the user has entered the&nbsp;portal, there is a &#8220;magic carpet&#8221; that takes&nbsp;her from service to service.&nbsp;<\/p>\n<p>But note:&nbsp; The portal could also take&nbsp;the user&nbsp;to a service with which&nbsp;she&nbsp;would have&nbsp;a completely&nbsp;<strong>independent<\/strong> identity relationship.&nbsp; In this case,&nbsp;the user&nbsp;would again see the Cardspace interface and select&nbsp;her identity through it.<\/p>\n<p>Paul (three) continues:<\/p>\n<blockquote><p>This interpretation is reinforced by Kim:<\/p>\n<div style=\"margin-left: 20px; font-style: italic\">To my way of thinking, you have two more or less orthogonal technology efforts &#8211; that oriented around federation issues, and that oriented around the user\u00e2\u20ac\u2122s experience.<\/div>\n<p>This ignores the possibility for SAML-based technologies to provide the very same user-experience (i.e. real-time identity sharing control, IDP selection etc) that I-Cards enables. Is SAML&#39;s Enhanced Client or Proxy (ECP), as it enables similar control mechanisms, then user-centric?<\/p>\n<p>Probably not, as Kim also hilites the common UI of Cardspace and its relevance<\/p>\n<div style=\"margin-left: 20px; font-style: italic\">Should my experience therefore be totally discontinuous as I move from one portal to another, being organized by the portal rather than by my own system<\/div>\n<\/blockquote>\n<p>Exactly.&nbsp; Maybe I was more&nbsp;successful at communicating&nbsp;with Paul&nbsp;Masden&nbsp;than I initially thought&nbsp;&#8211; I think&nbsp;he sees my point.&nbsp;<\/p>\n<p>The portal just <strong>cannot know<\/strong> all my identity relationships (unless I were to find myself in some hiddeous &#8220;total environment&#8221; where everyone knows everything).&nbsp;<\/p>\n<p>So the portal,&nbsp;simply by virtue of the role it plays in the system, cannot&nbsp;organize my perception and use of identities across the board.&nbsp; This is&nbsp;one of the key&nbsp;points I&#39;m trying to make, and explains why you need user centric technologies and they are orthogonal&nbsp;to federation technologies even though in both cases you have claims being asserted and relied upon.<\/p>\n<p>Finally, Paul asks:<\/p>\n<blockquote><p>If the phone manufacturers (or those of set top boxes) were to come together and agree on user-interface standards &#8211; would that be user-centric?<\/p><\/blockquote>\n<p>If they allow users and relying parties&nbsp;to represent and select&nbsp;between&nbsp;their multiple identities&nbsp;then yes, sure, exactly.&nbsp; But it&#39;s not just a question of user interface (UI), it&#39;s a question of capabilities that are represented through UI.&nbsp; I don&#39;t know why people reduce this to UI.<\/p>\n<p>The fact&nbsp;that phones could deliver these new capabilities&nbsp;is why it makes perfect sense to put Information Cards on phones, music players, and other devices.&nbsp; I first proposed putting them&nbsp;on computers because I happen to work in that industry.&nbsp;&nbsp;But I know&nbsp;a lot of people who are interested in getting&nbsp;the same identity relationships to appear across all kinds of devices.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this scenario, my identity relationship is with the portal, not with the individual services.  Once I&#39;m in the portal, there is a &#8220;magic carpet&#8221; that takes me from service to service.  <\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6,10,8,7,5,4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/531"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=531"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/531\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=531"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=531"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=531"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}