I’ve recently been asked by a customer what would be the business case for Identity Providers, in the context of federated identity management …
This question specifically referred to Identity Providers that just play this role i.e. have no additional stake in providing other services (e.g. being also Service Providers) and, by doing this, ensure real “separation of duty” between who handle identities & authentication (them) and relying parties that “consume” this information.
Any link to available material (so far, I haven’t found anything particularly relevant)? Any thought?
--- NOTE: my original HP blog can be found here ---
4 comments:
Here's one business case; which I assume means: how can I make money doing this?
If you're willing to assume liability for the accuracy of any "identity information" that you supply to relying parties. And if relying parties are willing to pay you so that they can transfer their risk of relying on such accuracy to you, then there you are.
Hi Eric.
thanks for your comment. Yes, good point - let's say this would be similar to what Verisign is doing with digital certificates - but in a federated IdM context.
Do you see this happening?
Any example of IdP providers that are currently assuming liability and accuracy for the identity information they supply to SPs?
Thanks,.
Marco
I see it happening today as we speak. It's happening in higher education and academia. But then higher education is quite a bit different than the corporate sector in terms of mission, risk, and trust.
So it's sort of like the most liability higher education assumes is that they might have to someday say, "Oops, we're sorry; we'll try not to let that happen again". That's an oversimplification for sure, but you get the point.
Ok, I ee your point. Thanks. Marco
Post a Comment