I wonder if the Liberty Alliance has moved away from decentralisation as a central tenet of their work, and thereby possibly watered down its approach to privacy?

At one time, the Liberty Alliance website stated prominently that federated identity allows users to link identity information between accounts without centrally storing personal information. This phrasing has vanished, replaced by a stated vision that is less specific and more oriented towards convenience.  They now say their aim is to “enable a networked world based on open standards where consumers, citizens, businesses and governments can more easily conduct online transactions while protecting the privacy and security of identity information” (see http://www.projectliberty.org/liberty/about).

This seems odd to me. Is there a broad trend towards centralisation in federated identity?  I've been reading a new IdM primer by the OECD, and that document certainly characterises Federated Identity systems as being centrally managed:

With the “federated” model, service providers do not aggregate their account information, but rather stablish a central “identity provider” that keeps track of which user identifiers correspond to the same user.

Reference: Working Party on Information Security and Privacy
THE ROLE OF DIGITAL IDENTITY MANAGEMENT IN THE INTERNET ECONOMY:
A PRIMER FOR POLICYMAKERS
9-10 March 2009

Decentralisation might not be absolutely essential to privacy, but it sure helps, and I don't think it should be abandoned too readily. Yet there would be commercial pressurs at work.  My experience is that the business case for federated identity models is far stronger when a centralised authentication broker is involved, because you can create revenue there. So LibertyAlliance, on behalf of its members, might haremove a presumption of deceve taken a strategic decision to move away from decentralisation? 

Cheers,

Stephen Wilson

Lockstep.