13 August, 2006 - 9:43am

For the past few months there's been a heated dialogue amongst members of the ID Gang about the definitions of user-centrism and federation. The conversation started in earnest at the Burton Group Catalyst conference, continued at the Identity Open Space meeting, and many have weighed in on the issue since then. Why is a seemingly mundane discussion of semantics important? Issues of the user's role in identity exchanges, trust, freedom, and choice have significant implications for how the emerging identity architectures such as OpenID and InfoCard are designed. And correspondingly affects matters of privacy, liability, and scalability on the Web. The following is a brief overview of some of the key points:

Red Hat's identity guru Pete Rowley kicked off the debate suggesting the importance of "people in the protocol". He articulately states:

People in the protocol means that rather than being an end node that may begin a transaction and perhaps be the recipient of the end results but with only vague or even no information about the information passed in the transaction, they are rather a conduit for all identity decisions in an environment of informed consent. This necessarily means that the protocol must pass through the user, or in other words appear on the screen and be approved by the user.

Dave Kearns at Network World noted,

"The term "user-centric" identity is getting bandied about a lot these days. It's generally understood to be a different way of expressing the entire identity transaction as opposed to what might be called the "enterprise-centric" approach traditionally used within provisioning, federation and even simplified sign-on situations."

Sxip's founder & CEO, Dick Hardt commented,

I think User-centric means that each site trusts the user, and the user is free to choose any identity agent that provides the appropriate technical functionality.

The user is in the middle of a data transaction. This does not mean the user has to approve every transaction, but that the data always flows through the user’s identity agent. This does have user control and consent advantages that others point out, but I think more importantly, it provides huge scale advantages as the Identity Provider does not have to have any prior knowledge of the Service Provider.

Federations are where a set of sites have decided to trust each other and the user has a relationship with one of those sites, which can then be communicated to the other sites.

Most recently, Microsoft identity expert Kim Cameron agreed with Dick's perspective,

Federation technologies aim at helping internet portals, their suppliers, and their enterprise customers (businesses or government) to digitally identity the subjects of their business transactions. This might or might not involve “users” in the conventional sense. User-centric technology aims at helping individual people organize their relationships with many different and unrelated portals and internet sites - contact relationship management for individuals, as Doc Searls once said.

So in my view we are likely to have individuals employing user-centric technology to organize their relationships with federations. There is no contradiction here, and no need to get rid either of the notion of the user-centric, or of the idea of federation. The individual needs - and has a right to - technology that represents her. The individual hasn’t really been a factor in the identity equation until recently - she has simply been whatever some domain says she is. That’s changing. User-centric technology delivers those changes.

.

We concur, and believe the scale, security and usability advantages of user-centric identity are what makes it the underpinning for Identity 2.0, and the future of identity and access management on the Web.