Lockstep

Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

"The IdP is Dead! Hail the Relyingpartyrati"

I was honoured to be a speaker in the Iconoclasts stream on the final day of the Cloud Identity Summit in Napa (#cisNAPA), where I presented my ecological theory of identity.

The quote "The IdP is Dead! Hail the Relyingpartyrati" is from my conclusion (reflecting the inside joke at CIS that something has to die each year). One of my ideas is that because identification is carried out by Relying Parties, it's more correct (and probably liberating) to think of identity as being created by the RP. The best thing for what we call "Identity Providers" today is that they switch to providing more specific Attributes. In fact, the importance of attributes kept recurring throughout the Cloud identity Summit; Andrew Nash for example said at one point that "attributes are at least as interesting if not more so than identities".

To summarise my talk: Federated Identity is easier said than done. A simpler way forward would be for the identerati to drop down a level. Instead of trying to trade in abstract high level identities, we should instead federate concrete component attributes. We don't really need IdPs as such -- we need a marketplace of Attribute Providers from which Relying Parties can get exactly the right information they need to identify their users.

Key ideas from my talk include:

  • identities evolve in response to risk factors in the natural business environment
  • identities appear to be "memetic", composed of heritable traits relating to business rules, standards, technologies and form factors
  • the dreaded identity silos are actually ecological niches; taking an identity from the context in which it evolved and using it in another is akin to taking a salt water fish and dropping it into a fresh water tank
  • if identity is memetic then we should be able to sequence digital identities into their constituent memes, and thence re-engineer them more carefully to mtch desired new applicationas
  • it is an over-simplification to think of a (one dimensional) identity spectrum; instead each RP's "identification" requirements are multi-dimensional, best visualised as a surface.