[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, October 29, 2020
 

Identity in the Browser (IDIB) – More Complexity than Meets the Eye

Identity
Author: Mark Dixon
Wednesday, April 1, 2009
3:31 pm

A few days ago, I mentioned that Identity in the Browser (IDIB) was emerging as an interesting Identity Management topic.  After following a somewhat spirited internal email thread on the subject, I compiled a list of twenty issues that should be addressed as this topic is explored:

  1. Can a general approach be defined that would work in all the commercial browsers?
  2. Impact on mobile web, not just desktop/laptop web
  3. Ease of use for broad range of Internet users
  4. Security of authentication process
  5. Phishing resistance
  6. Security of browsers as a focal point for Identiy
  7. How does this support cloud computing
  8. Use of or interaction with standards or emerging standards 9e.g. SAML, OpenID, OAuth)
  9. Hosted vs. client-based Identity selectors
  10. Support for multiple identities or personae
  11. Support for multiple identity providers
  12. Matching what service providers (SP) want with what Identity providers (IP) and attribute providers (AP) can deliver
  13. Accommodating self-registered and organization-registered identities and attributes
  14. Complexity issues with federation (e.g. multiple sessions, timesouts and logouts)
  15. Policy enforcement across multiple organizations and entities
  16. Audit/compliance/governance
  17. Applicability of certificate based authentication
  18. Impact on InfoCard/CardSpace approach
  19. Impact on Higgins approach
  20. Licensing fees for use of specific technologies
I’m sure this list isn’t exhaustive, nor is it even prioritized.  It does illustrate, however, that any new approach must cover much ground if it is to be effective.

It will be interesting to monitor progress as these topics are discussed in more detail.

Technorati Tags: , , , ,

 

2 Responses to “Identity in the Browser (IDIB) – More Complexity than Meets the Eye”

    For an example of Identity in the browser see my post on doing this using foaf+ssl in the iPhone

    http://blogs.sun.com/bblfish/entry/howto_get_a_foaf_ssl

    You can’t get simpler user interface wise.
    As it uses well established open standards, such as TLS and foaf, which have no licencing issues as far as I know, are widely implemented and implementable, a lot of your above problems are dealt with. It works well with OpenId as I mention in another post of mine

    http://blogs.sun.com/bblfish/entry/join_the_foaf_ssl_community

    It is very simple on the client side, though it requires more on the server (and even that can be serviced somewhat).

    It also has the advantage over a number of other such services that it is fully distributed, making it therefore idea for cloud computing services.

    Comment by Henry Story on April 7, 2009 at 2:40 am

    Oops, the first link above is pointing to what is perhaps the more complex piece of what needs to be done – though this could be simplified by adding support for the <keygen> tag to the Safari browser on the iPhone. In any case that needs to be done only once.

    The easy part I wanted to point to is this:

    http://blogs.sun.com/bblfish/entry/one_click_global_sign_on

    Comment by Henry Story on April 7, 2009 at 3:04 am

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.