"In defence of silos"
14 Oct 09: A new column on the pitfalls of Federated Identity.
In his latest Online Banking Review column, Stephen mounts a fresh analysis of why identity silos are so hard to break down. They're strong for very good reason! Why don't grain growers rush around trying to break open and re-connect their silos? It's because the risks would be incalculable.
The column argues that we should re-think "identity" and realise that we're really talking about relationships:
"What we call an ‘identity’ in business is really a proxy for a complex relationship between customer and service provider. An account number, for example, stands for the fact that the customer has met a set of requirements and has signed up to terms and conditions governing how they do business with an institution. If that relationship is facilitated by electronic means like a plastic card or one time password (OTP), then there will be a detailed usage agreement, which typically forbids re-use with third parties. These agreements are framed very carefully according to the risk profile of the institution and the type of business it conducts.
"Identity federation entails major changes to these sorts of agreements. In classic federation, it is proposed that existing OTPs, for instance, be used to transact with third parties having no previous relationship with the issuer. With just a moment’s reflection, we can see this is actually a very hard problem. Not only does it mean changing the usage agreement under which the OTP was issued; it means the issuer accepting that their OTPs be used in unanticipated transactions. How can anyone do a risk analysis of that?"