Sunday, December 10, 2006


Consumer Perspectives on Federated Authorization...

I previously blogged on Federated Authorization from an enterprise perspective and the fact that industry thought leaders aren't telling the entire story. Today, I hope to share additional perspectives...

Pat Patterson from Sun commented on the Relationship between SAML and XACML and mentioned that while a specification exists, no one has closed the gap. This of course begs several additional unanswered questions including, but not limited to:

Anyway, Lets get into the discussion of consumer-oriented identity and some scenarios that haven't been discussed. For example, I may have an identity stored in OpenID format or CardSpace. Likewise, since I am married, how do I express my relationship with my significant other? I would like to share not only my own identity with my bank: Sovereign, my investment provider: TD Ameritrade and my benefits administrator: Fidelity so that she can transfer money to offshore accounts, buy stock in Sun and ensure that all medical claims gets paid for our two sons who recently went to the doctor to be immunized. So, how should one think of relationships in the identity world?

Of course, I have my health insurance through the Aetna and in order to comply with HIPAA, it is vital that they understand not only my identity but my relationship to others so that they can show me the medical records of my son's but may not want to show me when my fictitious daughter decided to have an abortion because of privacy reasons.

I would love to also express a relationship with identity with my lawyer as I am becoming senile and may want to have him pay all of my bills including my auto insurance via my insurance carriers (Amica) web site. I believe I should be able to indicate via XACML or some other open standards based way that not only does my lawyer have a relationship with me, that I authorize him to pay my bills, download policy declarations and even request an ID card on my behalf but I may not want him to cancel the policy nor add on additional drivers. So how should this work?

Wouldn't it be wonderful to reuse the identity management platform and its wonderful attestation capabilities for me to periodically attest that I still am married, I want to ensure my wife and that I also have two sons? What would attestation look like using Cardspace? I wonder what Kim Cameron, Shekhar Jha, Johannes Ernst, Chad Brown, Chris Ceppi, Dick Hardt, and Josh Bregman would recommend in this consumer-oriented situation?

<< Home
| | View blog reactions

This page is powered by Blogger. Isn't yours?