Identity Management hurts

  • Article

Seriously, this stuff is really hard. I work in the Identity Management space and most of my time has focused more on enterprise Idm solutions (things like metadirectories and provisioning). Recently, I have been studying this from a more wholistic internet identity management topic. Much of the discussion has started without me on Blogs like Kim Cameron's Identity Weblog (https://www.identityblog.com).

There are a lot of different aspects to the problem and many of these have been well discussed on Blogs across the internet. Kim Cameron (with the help of the Blogosphere) has created the "Laws of Identity" which help shape the kinds of things we need as a community to solve these problems. This is certainly a head start on the solution.

Why do I say this is hard? Well, I know that this is a technology problem, but the majority of the users are non-techie people. I think about my wife, my kids, my in-laws, and many of my friends who grew up in the internet age. In many cases, people ignore the information put in front of them and click whatever buttons they can to continue the transaction they are working on.

If we put an Infocard in front of them, will they pay attention? will they pick the appropriate identity or just the default (with all the extraneous claims in it)?

If the site they are browsing is a rouge site and the browser warns them, will it matter to them? We have all seen the message about the SSL cert not being trusted. Do you want to continue? Of course I do! Most people do.

If the Metasystem makes things more secure, but 10 times more difficult (for internet commerce), is it really going to work?

How do I use my Infocard when I am not on my personal machine?

The laws of identity talk about this kind of stuff, but solving the problems is still quite hard. It should be fun to watch.