wikid-strong-authentication-and-laws-of-identity

Posted by:

admin 15 years, 11 months ago

Last week, I blogged about the flexibility of WiKID. Today, I want to apply that thinking to Kim Cameron’s Laws of Identity. How does WiKID’s flexibility support the Laws? Obviously, WiKID would only be a part of the identity system – the authentication piece. The question is how does WiKID enable this metatsystem to comply with the laws.

1. User Control and Consent

Technical identity systems must only reveal information identifying a user with the user's consent.
No one is as pivotal to the success of the identity metasystem as the individual who uses it. The system must first of all appeal by means of convenience and simplicity. But to endure, it must earn the user's trust above all.

WiKID can’t help too much with the policies that create trust, but it is very simple to use and a convenient way to manage multiple credentials.

2. Minimal Disclosure for a Constrained Use

The solution that discloses the least amount of identifying information and best limits its use is the most stable long-term solution.

There is not much here that applies to WiKID, except that WiKID can support multiple authentication relationships in a single domain. Hardware tokens cannot do that, so they will promote federated identity services which users will have to trust not to violate this law. It’s better not to have the temptation.

3. Justifiable Parties

Digital identity systems must be designed so the disclosure of identifying information is limited to parties
having a necessary and justifiable place in a given identity relationship.

The identity system must make its user aware of the party or parties with whom she is interacting while sharing information.

The justification requirements apply both to the subject who is disclosing information and the relying party who depends on it. Our experience with Microsoft Passport is instructive in this regard. Internet users saw Passport as a convenient way to gain access to MSN sites, and those sites were happily using Passport—to the tune of over a billion interactions per day. However, it did not make sense to most non-MSN sites for Microsoft to be involved in their customer relationships. Nor were users clamoring for a single Microsoft identity service to be aware of all their Internet activities. As a result, Passport failed in its mission of being an identity system for the Internet.

WiKID brings something to the table here – because a single WiKID token client can support with multiple independent servers across multiple parties, there is no need for a single identity provider like Passport. Of course, WiKID can support and greatly increase the security of a federated identity system.

• Tags:
• WiKID,
• Two Factor Authentication

• ← Can the WiKID Server and/or Token be embedded?
• on-the-short-tenure-of-cisos-and-low-frequency →