Track III: Identity Federation & User-centric Identity
Moderator:
User Centric Identity Panel
Identity Federation and User-Centric Identity ? How will it affect Business and IT Infrastructures?
At first glance, it seems that both identity federation and the hot new buzzword topic "user-centric identity" both share the same primary goal of both federation and user-centric identity is to separate and free identity from any one domain to roam as necessary with convenience, privacy and security. But do they really?
"User-centric" carries a fine libertinarian ring and in fact is often used as a political slogan (like the old "information wants to be free". But can users in corporate networks every really "own" their digital identities? HR professionals shudder at the thought, maintaining that various important business and organizational processes would automatically crash if employees were free to withhold personal information whenever they want.
For some, "user-centric" is seen as simply the customer-facing B2C version of identity federation, while "old-fashioned" federation remains strictly B2B.
As governments around the world tighten their reign on digital identity data as a reaction to international terrorism, federation is being offered as a solution to privacy concerns. Here, "user-centric" actually does have a political context, for instance in Germany, where a debate is raging about whether and how law enforcement agencies should be allowed to download pictures and biometric data used to create electronic passports, identity cards and drivers licenses.
The panel will explore the technical and practical issues facing identity federation and user-centricity. We will discuss the impact of open identity and federation models on business and egovernment as well as strategies for generating acceptance and enthusiasm for the federation concept among business, government organizations and the general public.
Portable Identity
You can?t take it with you: Portable Identity and Social Networks
The Panel explores the (unanswered) question of portability for reputations and other personal data in the age of Web 2.0. As online communities proliferate, individuals create potentially valuable networks in multiple systems such as LinkedIn, Xing, or FaceBook, as well as on e-commerce websites like eBay or Amazon. However, none of these networks are interconnected. Why can't I use my eBay rating to get a bank loan? What happens when I graduate from college and want to switch from a student community to a business network? Do we need an "identity exchange format"? Will the operators of the community systems give their competitors access to reputaion data? The discussion about these issues is just beginning.
Telco Panel
Identity Federation Leading Edge - Telco Industry
The telecommunications industry has long been a pioneer of identity federation. Thanks to their huge customer base and their close relationship with their customers, telcos seem predestined to play a major role in implementing the "circle of trust" concept inherent in the Identity Federation model.
The panel will explore the major issues facing telcos as they design and implement federation projects. What are the issues,? Where are the problems? What is possible, what isn't? Which internal and external factors must be overcome? How do customers react? Is privacy an issue? What about regulatory compliance? Is the technology ready? What lies ahead?
Identity Capable Platform
Future Business and Technology Requirements for Client-based Identity Management
The various phases of the client device functionality deliver different benefits to deployers and consumers. Overall, the capability at the device level represents a huge market opportunity for deployers, who can now more easily build identity-based functionality into all different kinds of devices in a standards-based format. From a consumer perspective, the client device functionality is equally as exciting given the personalization, privacy and security measures this functionality can allow them to employ--on any device, with all of the devices interoperable. The Advanced Client Technology, for example, makes clients ‘first class identity citizens’ with controls for privacy and connectivity challenges built into the specifications.
Open Identity
CardSpace, Higgins, Bandit & Co. - Projects & Trends in Open Source Identity Management
User-centric identity is probably the hottest topic in the IAM world today. With Vista, Microsoft has introduced its "OpenCard" personal identity system, but has yet to roll out many of its most important features. On the other hand, the open source community has been busy with its own version of an "open" identity system. One example is "Bandit" and the associated "Higgins" project supported among others by IBM and Novell (www.eclipse.org/higgins).
Both systems aim at giving users control over their own digital identities as they surf the web, but each take a slightly different approach.
Recently, in a development that has astonished many pundits, Microsoft and the Open Source community have reached agreement on a wide range of interoperability issues, raising the prospect of a seamless and open identity system for the entire Internet. However, critical questions must still be asked, such as: Just how far will compatibility go? Is there still danger of a "standards war" breaking out? If so, who will be the winners, who the losers? How long will it take for the various open identity systems to reach critical market mass? And what is the business model behind user-centric identity anyway?