I am sitting at the airport waiting for my return flight to Seattle. I spent the last 3 days here in Boston attending the Identity Mashup 06 un-conference. An entertaining and very different experience from the more corporate focused conferences I usually attend such as Catalyst and DIDW. It was much more touchy-feely, focused a bit more on the individual rather than the enterprise – an excellent stimulus to broaden my thinking. It was also amazing to interact with nearly all the great minds in the identity space.
There are many things swirling around in my head, but some have points that seem to be gelling into potentially coherent thoughts.
First I found it curious that after 2 days of conference I don’t recall anyone using the “federation” word. Given the technologies we were discussing this seemed rather peculiar to me. This morning I realized why that might be. As I said above, this conference was more “personal” focused and federation is a rather impersonal techno term. I believe people at the Mashup were using the word “relationship” instead. I would claim “federation” and “relationship” are fundamentally the same thing. I didn’t get universal agreement, but I am going with it for now.
Second item coming together was prompted by a comment from Dick Hardt. During one of the panel discussions he asked “what exactly is the problem we are trying to solve?” – One of my favorite questions. My answer so far is:
- Preventing the theft of identity (my definition is the third item of this post) directly from the user (such as phishing and spoofing)
- Preventing the theft of a user’s identity from some other third party (“Sorry boss, I lost my laptop.”)
- Establishing an environment where the user has trust and surety that they can conduct transactions with confidence (secure e-Commerce)
- Providing the ability for relying parties to make transaction decisions based on authoritative identity attributes (trusted assertions)
- Making all the various identity providers, protocols, etc. invisible to the application developers. (They just want to know who it is and what should I let them do?)
The third item is the definition of identity. A small few still seem to hold the perception identity is “who I am”. The majority of folks are now talking about an identity representing a subject (or subjects) within a context. I agree with this definition but being a programmer at heart I am trying to boil it down to bits and bits. Aren’t we really talking about a collection of data attributes about the subject(s)? As we talked about the “i-Card” Paul Trevithick suggested it also reflected relationships – not quite sure what those “bits” look like yet.
A last thought for now. Higgins – seems like a worldly, multi-lingual virtual directory?
I met many new people at the conference. I left excited about the energy and collaboration developing around the idea of an identity metasystem.
