privacy
Stephen Wilson's Babysteps
Identity evolves: Why Federated Identity is easier said than done
"Identity evolves: Why Federated Identity is easier said than done".
See lockstep.com.au/library/identity_authentication/an-ecological-theory-of-digit
I worry that the term "ecosystem" is much overused. If we actually think ecologically about identity and risk, then it looks like we can reach interesting and novel conclusions!
Cheers,
Steve Wilson
Abstract
Stephen Wilson's Babysteps
In defence of silos!
Many federated identity models involve a central authentication broker, intended to break down “silos” that hold individuals’ assertions. In practice these sorts of schemes have proven much harder to launch than expected. Orthodox explanations for this can blame organisations for being too precious about their customers, or for treating security as a competitive differentiator. But my analysis suggests that the total cost of a large number of traditional simple contracts turns out to be likely less than that of a smaller number of much more complex ones.
Stephen Wilson's Babysteps
Is federated identity moving away from decentralisation?
I wonder if the Liberty Alliance has moved away from decentralisation as a central tenet of their work, and thereby possibly watered down its approach to privacy?
PKI and Privacy
While PKI has been feared by many as being inherently privacy invasive (see for example some of Roger Clarke's work), much work has been done to either manage and design PKIs to be safe with regards to privacy (see e.g. Australian Government PKI Privacy Guidelines) or to proactively enhance privacy using PKI technology (e.g. Privacy Positive Aspects).