A more powerful, more general idea than the orthodox separation of primary authentication and secondary authorisations, is that we really exercise a portfolio of separate identities. It is not helpful to insist on there being just one “true” identity which must be necessarily involved in every transaction.
See Babystep 15: Introducing “Identity Plurality”.See also: Forgotten Authentication Blog
Identity silos resist federation
It’s not for nothing we call them “silos”. Identity silos are strong, elegant and protective.
Many federated identity models involve a central authentication broker, intended to break down the much-derided “silos” that hold individuals’ assertions. In practice, breaking down these silos has proven to be much harder than expected. The typical analyses of this challenge overlooks novel legal risks that federation inadvertently introduces.
We argue it may be better to accept that identity silos are often a very good thing.