I think this area is really key to the future of Identity Management. In the past Identity Management (IDM) has primarily been Enterprise-centric (see my technical report on “Adaptive Identity Management” at http://www.hpl.hp.com/techreports/2003/HPL-2003-149.html ). Of course, this was and *is* very important, to enable enterprise businesses and their interactions with people. However, for a while, the “end-user” perspective has been considered a secondary aspect and overlooked: for example, users’ interactions are not simple and intuitive, little space is left to customisation and preferences, little control is left to users when their data is disclosed.
Current initiatives are putting the user back to the centre of Identity Management solutions and making steps to cover these gaps. In particular, I think that some noticeable initiatives are:
a) Liberty Alliance (LA) work to enable simpler users’ interactions in federated service contexts. Particularly interesting are recent draft specs on “Advanced-client Technologies” to provide a simplified user experience by means of trusted and secure devices that can be provisioned with “identity token” and can operate in a disconnected way (from Identity Providers) whilst accessing federated services (http://www.projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_advanced_client_1_0_draft_specifications). A related Pilot based on these specifications has been presented and demonstrated at a RSA 2007 Workshop (http://projectliberty.org/resource_center/presentations_webcasts/rsa_conference_workshop_liberty_alliance_identity_standards).
b) Various "Identity 2.0" initiatives (in the context of Web 2.0), in particular Microsoft InfoCard and OpenId. These initiatives are covered and discussed in details in many blogs, e.g. Identity 2.0 Blog (http://identity20.com/) and Kim Cameron’s Identity Blog (http://www.identityblog.com/).
All good stuff. However, I believe that to succeed and gain wider adoption at the User-side, Identity Management solutions still need to address additional key aspects that are currently underestimated:
1) Trust, reputation, privacy and assurance aspects of identities. Handling them in a simple and intuitive way from a user perspective (I’ll come back with future postings on these points …);
2) Integration of “User-centric Identity Management” aspects with “Enterprise-based Identity Management” solutions – to provide a seamless experience to people when playing multiple roles (at home, at work, etc.);
3) Portability of identities (along with related policies dictating usage criteria) and their seamless access and usage across multiple devices and services.What is your view about the future of User-centric Identity Management?
No comments:
Post a Comment