This is a key point made in Thomas J. Smedinghoff’s article, titled “Legal Obstacles Delaying Federated Identity Management”:
“Without some type of a legal framework to address these issues, however, a federated identity model will likely not scale. At least in the case of economically significant transactions, the risks to each of the parties of such unresolved issues are simply too great to justify reliance on the federated process. These questions, and others like them, are the legal land mines that stand in the way of a viable federated identity management infrastructure.”
The issues mentioned above are about: Identification Process, Personal Information, Scope of Assertion, Use of Assertion and Liability.
I agree that having a proper legal framework in place can help. I would argue, though, that proper “identity assurance” must also be put in place in the context of federated identity management, as discussed in a HPL Technical Report.
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment