Dissecting Consumer Identity
Title: Dissecting Consumer Identity, or, Are We Trying to Do Too Much?
Convener: Jim Fenton, Cisco
Notes-taker(s): Eric Sachs
- Eric Sachs,
- Skip Beney,
- Tom Brown,
- James Mclaughlin,
- Dave Crocker,
- Andrew Nash
Identity management, as broken into:
- Identifier Management
- User Authentication
- Provision of User Attributes
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Problem: Mainstream consumer websites (Amazon, LLBean, etc.) face new problems that enterprise intranets don’t (trust, anonymity, etc.)
Discussion of trust barriers:
- Relying Party <-> attribute providers
- Can an IDP in the middle bootstrap finding each other?
- Can the IDP cache attributes and re-assert them?
- Can an attribute provider trust the IDP trust the IDP to get the user’s permission to share attributes with a relying party?
What are the most important attributes?
- >21 flag, etc.
How is the permission to share information obtained?
- Policy expressed by user to IDP, or query to user each time information is shared (hint: this can be very tedious and lead to bad decisions)