Tuesday, November 13, 2007

Motivations for Identity Providers

I recently blogged about a couple of use-cases of organizations and why they might become attribute authorities and their general motivations. What are some more of the general motivations and for that matter de-motivators?

Yvonne Wilson of Sun writes...
I think the attribute provider concept makes a lot more sense when there is an entity that already has information about a person and which would be authoritative for a particular attribute and authorized (not necessarily by the user) to hand that attribute out, possibly in an obfuscated form. A government might be an authoritative source for whether someone is a citizen, and obliged to respond to another government to that effect. An employer might be an authoritative source for whether someone is employed and obligated to respond to a bank loan officer to that effect. A credit agency might be an authoritative source on someone's credit rating, and obligated to report that to a credit card company. The user doesn't get to intercept, alter or halt any of this, because the entities which need the information trust these authoritative sources more than they trust the user. Of course, this kind of provider would offer up only a limited set of attributes.
Some motivators for information providers:
  • Is the provider authoritative? Before making assertions about individuals, the organization has to decide if it can provide some level of assurance about the information.
  • Is the organization considered authoritative by means of legislation? Example, legislation may make a professional organization responsible for tracking and verifying the professional status of its members.
  • Privacy enhancing reduction of information flow. Because a provider may know several things about an individual, they are often in a position to answer questions about individuals. Without directly revealing what they know, they can answer some questions. E.g. If you own property and pay taxes, your city can state whether you own and potentially live in that city. A department of vital statistics, responsible for birth certificates, could generate an assertion that you are over a specific age.
  • Transactional co-ordination between business service providers. In order to complete a service to a user, a web merchant might exchange assertions with a credit card company and shipping company. This allows 3 service providers to co-ordinate in order to complete a transaction. The merchant sells a product. The credit company arranges for the financial exchange, and the shipper arranges for shipment. In this case, the credit card company and shipper are temporarily acting as Identity Providers, but in reality, they are motivated by the ability to offer a service.
  • Auditing use. By switching from a bulk publishing method to a dynamic provider method, the provider organization can potentially keep better track of when and potentially where information was used. Note: this is not always possible or desirable, but the environmental privacy requirements will dictate it.
  • Revokability. When organizations using batch methods exchange information about individuals, they have no convenient way to revoke or update the list on a timely basis. In a dynamic provider model, the assertions can be relatively short lived - from seconds to months.
Some of the de-motivators:
  • Self-asserted, or asserted by a third-party information. If the providing organization is non-authoritative, then asserting these values to another party brings increased liability for accuracy, privacy, and potentially even copyright violation (e.g. credit scores from a credit bureau).
  • SLA obligations. In the past, authorities may have been authoritative or responsible for assertions about individuals. However, requests were done through slower or legacy processes. Example, professional organizations issuing diploma's or certificates now moving to acting in real-time may change infrastructure requirements and the legal rules and responsibilities.
  • Aggregation and compliance risk. The more information a providing organization amasses, the more risk they run for inappropriate exposure of information and inaccuracy.
I should point out that these observations are all from the perspective of the information provider and are not the view of the users/customers. It is important to understand the perspectives of all parties or user-control (centric) systems won't matter much.

Send me your thoughts! What other types of motivators or observations can be made?

Also, in a somewhat related post, check out Paul Madsen's Lemma of Dubious Attributes.

No comments:

Post a Comment