Laying Down the Law

This morning is the morning of big hitters for those of us in the identity world and we start with Kim Cameron, who starts by defining the word ‘kludge’ and saying it is an ideal way to describe the world of digital identity. We have created an identity system online that is fundamentally difficult to understand for any user – so we can’t really complain when users fail to engage.

Cameron is of course the author of the ‘laws of identity‘. His simple conclusion is that if users will not use the end product the product will fail. This may sound obvious, but the complexity of most software designed to protect users can be described in that way.

It may be strange, but there really is someone from microsoft on stage talking about the need for pluralism of providers. Cameron says that no one organisation can control identity, it is important that multiple organisations are involved to allow users to have contextual separation of their identity.

We often have no idea what identity information we are spilling out. Cameron describes the way in which out bluetooth address can be used and tracked in conferences, in shopping centres and at events to build a profile. Google were recently ‘in trouble’ for collecting wifi data via their street view cars – this caused a furore but may become the norm in the UK as a result of the Digital Economy Act.

Cameron goes on to describe what he calls the ‘claims based model’ and what we in the federation world call minimal disclosure of attributes. An obvious response, but in a world where we literally spill identity information out without thinking about it the minimal disclosure point is important. It is important that providers buy in to this and take responsiblity. This is the ‘need to know’ internet.

So what does all this mean to those of us involved in education and research federations? Lucky for me Ingrid Melve has done a great job of writing this up. Do read her blog piece.