IIW2005: Dick Hardt on Identity 2.0


Dick starts with a discussion of the SXIP 1.0 architecture. One of the things I note as I listen to Dick is the nomenclature problem. We have some people calling users "users" and others calling them "principals", some calling the relying party the "membersite", identity providers can be "homesites," and so on. This is hard to keep straight. You need a score card to keep up. I'm not picking on Dick here--he's picked his words and they're as good as anyone else's. The Identity Gang wiki has an identity lexicon that is attempting to "create a minimal set of terms that enable discussion of the technical operations, technical architecture, and user experience of user-centric identity systems."

SXIP 1.0 provides SSO with user control and has been available since February 2004. SXIP has gathered a lot of feedback and used that to derive SXIP 2.0. Some design requirements (with a nod to Kim's seven laws):

  • Relying party must provide reason for a request and give the usages.
  • Personas should be compartmentalized by context (online church group vs. online gambling group)
  • Release data only with user consent.
  • Granular control over release information
  • Users should be able to chose their agent (separate rootsite from homesite in SXIP)
  • Separate transaction for acquiring claim from presenting the claim.
  • Provide identities for public identifiers for anonymous identity transactions.
  • Provide a low barrier to entry. Zero footprint for the user. Name-value pairs for membersite.
  • Interoperate with and use existing standards.
  • Provide a user-consistent experience by ensuring that the user always sees the same agent regardless s of context.

(I didn't catch all of these. Hopefully Dick's slides will be online later.)

These design guidelines have changed SXIP and influenced the 2.0 architecture. In addition, there have been some security improvement based on an IBM security review.