The Authentication Family Tree

Abstract

In the rush to federated identity, we never paused to ask why we have so many identities. And there is no satisfactory explanation so far for the extinction of really good ideas like CardSpace and InfoCards.

The answers may come from biology. Identities evolve; the dreaded identity silos are actually ecological niches in the business risk environment. Digital identities are “memetic”; that is, they are comprised of heritable traits relating to business rules, standards, regulations and technologies.

This talk traced the “phylomemetic” tree of authentication, and provide new insights into the interoperability of identities and attributes.

So what?

My research suggests that we can rigorously map the evolution of ensembles of identity attributes in response to risks in real world business ecosystems. But so what?

The memetic/ecological frame may shed light on why federated identity us harder than it looks. We need better explanations for the failure of so many well meaning initiatives in federated identity, if we are to avoid making the same mistakes.

The memetic analysis may help to further legitimise the ‘Attributes Push’. Interest in Attributes is gaining strength, with the OIX Attributes Exchange Network (AXN) and in the strategies espoused by FIDO Alliance.

And there is a creative suggestion from within NSTIC to look at dispensing with LOAs at least in private sector authentication frameworks. To make that work, we will need fresh understanding of how authentication solutions respond to real risks.