Dissecting Consumer Identity

From IIW

Title: Dissecting Consumer Identity, or, Are We Trying to Do Too Much?

Convener: Jim Fenton, Cisco

Notes-taker(s): Eric Sachs


  • Eric Sachs,
  • Skip Beney,
  • Tom Brown,
  • James Mclaughlin,
  • Dave Crocker,
  • Andrew Nash

Technology Discussed/Considered:

Identity management, as broken into:

  • Identifier Management
  • User Authentication
  • Provision of User Attributes

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Problem: Mainstream consumer websites (Amazon, LLBean, etc.) face new problems that enterprise intranets don’t (trust, anonymity, etc.)

Discussion of trust barriers:

  • Relying Party <-> attribute providers
  • Can an IDP in the middle bootstrap finding each other?
  • Can the IDP cache attributes and re-assert them?
  • Can an attribute provider trust the IDP trust the IDP to get the user’s permission to share attributes with a relying party?

What are the most important attributes?

  • Age,
  • name,
  • country,
  • >21 flag, etc.

How is the permission to share information obtained?

  • Policy expressed by user to IDP, or query to user each time information is shared (hint: this can be very tedious and lead to bad decisions)