A recent discussion on the ID Workshop group has been about user-centric identity and the corporation. As a part of that discussion Phil Becker pointed out we use the term “user-centric” in multiple contexts and it really means different things in different contexts. Below is my first pass at a potential list of contexts for the term “user-centric”.
I think the list Phil proposed is:
User-centric architecture – is this about the user in the protocol? I don’t think it is intended to be about where the data resides. I am still unclear about how this fleshes out given there seems to be agreement it does not mean the user makes a decision, nor sees every exchange of identity data.
User-centric experience – So is this just CardSpace and OSIS?
User-centric control – I suppose this would be about the user having some say in what attributes of their identity in what context are shared. This could be a user in the middle each time, or include delegation via the likes of an i-broker.
User-centric management – Managers are vague, management is vague (sorry). How is this different from user-centric control, if at all? Is control about flow and management about the maintenance of identity attributes (CRUD)?
User-centric data – Don’t know if Phil proposed this as a category, but I have some trouble with this one. Notice what is not on the list is user-centric identity *ownership*. Is that what we mean here? I am stuck on the idea that I have no ownership of any meaningful identity data. See my previous posts. We might have control, but the only identity attributes anyone else would care about are owned by someone else, at least asserted by others. What you own that is not issued/asserted by others is fantasy.
Mike
