Download - The Design of Everyday Identity - Pushing String | … · The Design of Everyday Identity ... The design of everyday things: a cautionary tale ... • OpenSSO and The Fedlet: opensso.org

11

The Design of Everyday Identity

Eve MalerPrincipal EngineerSun Microsystems, Inc.

2

The sea change in IdM

• Captive• Homogeneous• Penalizable• Rules-based• Centralized

• Free• Heterogeneous• Persuadable• Capricious• Emergent

3

The design of everyday things:a cautionary tale

“the difference between pleasure and frustration”

“design is an act of communication”

“human-centered design”

4

Identity awareness? Identity wariness

5

The obvious value of differentiated service

6

The “everyday enterprise” looks more and more like the open Internet

7

Building the Participation Age on federated identity

8

What human tendenciesmight inform our approach to identity?

9

New-relationship energy

10

The efficiency imperative

Reactions:• Frustration• Anxiety• Impatience• Annoyance

Strategies:• Avoidance• Lying• Rote behavior

11

The self-revelation imperative

12

Some general lessons we can draw

Make “do the right thing”the easiest thing to do

Try to make what peoplewant to do possible

Respect and balanceall parties' needs

13

The parties

14

Needs, pressures, and tensions

• NRE, efficiency,self-revelation

• Consent,permission

• Community• Liability,

compliance,auditing

• Security,attack surface

• Payment, profit• Ease of use• Privacy,

minimal disclosure• Enjoyment• Flexibility

...

• Privacy vs.self-revelation,efficiency,liability

• Real-timeconsent vs.efficiency

• Ease of use vs.attack surface...

15

What specific lessons might wedraw about identity?

1. Make sign-on as seamless as you can

2. Make a little shared data go a long way

3. Make consent more meaningful

16

The “discovery challenge” in SSO


17

The holy grail of true single sign-on

• Historically, it has required tight coupling between IdPs and RPs


18

With looser coupling comes complexity• How can the RP find the identity data it needs?• Which other needs must be balanced against true single sign-on?


19

What if...• We could take our pick from among many identity-aware

services on the market?> Personal profile, presence, geolocation, payment, buddy list,

calendar, shipping...• They could coordinate in providing

differentiated services on our behalf?> Exposing minimum data about me

to each of the others> Without having met each other before

• Their actions were secure, controlledby policy, and auditable?

• They could function even when I'm offline?


20

Liberty ID-WSF enablesreduced-disclosure ecosystems


21

Real-time attention is a scarce resource


22

• Use the ID-WSF Interaction Service

Additional approaches forhigh-quality consent


• Use CARML / AAPML> Being standardized at

Liberty as ID-Governance• Create and manage

policies under human control> For consent, purpose of

use, data requirements...• Implement and audit

governance and compliance

23

The mutual-respect dilemmain data-sharing relationships


24

New directions: Vendor Relationship Management (VRM)


• Explicitly about empowering users

• Seminal use case: how can you propagate a change of address to all your online partners in a way that works for you (and them), withoutlock-in?

• ID-WSF offers one potential solution

25

What if...


• We could host our own digital data, for sharing only withour chosen online partners, on terms we set?

• We could create the data however we wish – once – thenshare it “in bulk”?

• Partners could grab thefreshest version at any time?

• We could audit usage andcut off “bad partners”?

• We could combine this with existing identities – silo-based, traditionally federated, OpenID – and identity-aware services?

• We could build an ecosystem for this on the very thinnest of standard Web technology layers?

26


• You have a personal data store (e.g. where you keep your blog), in which...

• ...you craft private-use URLs for custom Atom feeds that you offer to vendors when you register...

• ...feeds to which they can subscribe, and from which they can pull data just-in-time...

• ...allowing you to manage – and terminate – data-sharing relationships as you wish

The new new thing: feed-based VRM

27


Does thismodel

empowerparties

moreevenly?

Can itsupport

newsocial

and commercial

data-sharing opportunities?

28

Human beings aren't always “users”

Everyday identity should be human-centered

Employees and citizens are people, too

29

Cast (in order of appearance)

• These slides: www.xmlgrrl.com/blog in the Publications area> Also the IEEE Security and Privacy article on “The Venn of

Identity”, information on ID-WSF, and much much more• Don Norman usability info: jnd.org• OpenSSO and The Fedlet: opensso.org• OpenID@Work initiative: openid.sun.com• Project Concordia: projectconcordia.org• Project VRM: cyber.law.harvard.edu/projectvrm

30

Thanks for yourkind attention!

Eve [email protected]/blog

30