Managing your identity online has been frought with half-baked and abortive solutions for as long as I can remember, with anything beyond a username and password dialog box leading to usability and interoperability issues. It's exciting to see the amount of headway being made on this issue across the industry with initiatives such as OpenID, DIX, SAML, and InfoCard being formalized and implemented.
The question that remains for me is what or who makes a good identity provider? My public identity is an aggregration of my passport, driver's license, credit card and social insurance number, which are issued by the Canadian government, the province of BC, and a credit card company. Should they continue to be the issuers of the online elements of my identity, or should I be able to elect to use a third party identity provider? I've read some discussion about the potential role credit bureaus could play, but do I want my identity tied to an organization that I don't have a direct relationship with and is primarily focused on how well I pay my bills?
In my mind, there are some important criteria that any identity provider must meet:
- Their primary focus should be on the security of my identity;
- They need to operate in a transparent fashion with full disclosure of activities involving my identity;
- They must allow me to be an active participant in managing my identity; and
- They need to guarantee my indentity will be future-proof.
I'm not as concerned about whether there are charges involved or if they are a public or private organization, they just need to focus on building and maintaining my trust with them. Identity management is the ultimate trust game.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.