It seems to me that most off-the-shelf federation software are point-to-pont and if you try to scale it up you get an unmanageable mes(s|h)…

We believe we have significant ideas for the next generation (five to ten year time frame) of identity management services. Before we post our ideas to the main newsgroup at Identity Commons, we would greatly appreciate your input.

In the very near future digital wallets on cell phones enabled by NFC technologies will create a radical transformation in identity management and financial transactions processing. This transformation will provide consumers with secure identities and secure financial transactions.

Whoever controls the infrastructure for secure identities will also control financial transactions.

The Trust Nexus (http://www.thetrustnexus.com) is a startup company located in Austin, TX. We are building the infrastructure for secure identity in the digital age.

The basic question is, how can trust be established in the digital age? If you and I have never met and I come to your website or place of business, how can you be confident that I am who I say that I am? The Trust Nexus answers this basic question regarding the establishment of trust.

We have designed an identity management system, that will eliminate the possibility of identity theft for all participants, protect consumers and financial institutions from fraudulent transactions and solve many of the systemic problems of the current Public Key Infrastructure system, especially the problems of certificate revocation lists (CRLs) and on-line status checking.

Our solution is simple, practical and transparent to the consumer. Consumer acceptance will be rapid and widespread. Our solution protects individual privacy and prevents the establishment of monolithic government control. The essence of our approach is very different from the “Big Brother” approach recently announced by India (http://www.timesonline.co.uk/tol/news/world/asia/article6710764.ece#cid=OTC-RSS&attr=2015164). Rather than creating a centralized directory of private information, we will create a central repository containing a collection of localized decisions which will establish an Institutional Web of Trust.

Compared to a decentralized web of trust which creates a web of individuals with, “the expectation that anyone receiving [a list of signatures] will trust at least one or two of the signatures”, we will create a system where trusted institutions legitimize individual identity. Additionally, the institutional web of trust established by The Trust Nexus will have centralized controller processes that rely greatly on self-management and automation resulting in great efficiencies.

The Trust Nexus does not secure identity by, “making personal data harder to steal”. Rather, identity is secured by self-managing logical inconsistencies within the system, resolving identity conflicts and preventing fraudulent transactions.

As Bruce Schneier, author and security guru, pointed out, “Proposed [identity theft] fixes tend to concentrate on the first issue–making personal data harder to steal–whereas the real problem is the second [preventing fraudulent transactions]. If we’re ever going to manage the risks and effects of electronic impersonation [identity theft], we must concentrate on preventing and detecting fraudulent transactions.” [Solving Identity Theft]

In essence, there are a limited number of institutions worldwide (measured in thousands) that truly matter when it comes to legitimizing identity. Digital wallets on cell phones will enable the efficient association of unique public/private keys to a specific legal identity (legal name and legal address). If there is a non-unique association, an inconsistency arises in the system. If the association is unique and verified by one or more legitimate institutions an individual’s identity is secure (as long as the private key which he/she controls is secure).

We are confident we have a transforming technology and a clear vision of the future. No one has found a conceptual flaw in the system. Please visit our website (http://www.thetrustnexus.com) and let us know what you think.

We look forward to hearing from you soon.

Best regards,

Michael Duffy
CEO / CTO
The Trust Nexus
http://www.thetrustnexus.com

Shibboleth has just been given Single Logout support as a third party contribution. See a demo of how it works: https://wiki.aai.niif.hu/index.php/SLODemo

(Yes, the UI was inspired by SSP implementation.)

I hope it can go to the official branch in a reasonable time.

It is definitely not as if this means the LMS is of high quality or that there is a connection between the usage and the user satisfaction with the LMS…

Simply put I as a “Wave Machine” Administrator would have the ability to attach certifiable claims to all my Wave Users.

A simple Use Case
The Scout Association could launch a “Wave Machine” and two simple Organisational Claims could be verified by the Scout Association Wave Machine, “I am a member of the Scouts Association” and “I am a Scout Leader”. They could also give authority to Scout Leaders to add Scouts as Members of their Troop or Cub Pack (Optionally Local Wave Machine). Thus leading to additional verifiable claims “I am a Cub Scout”, “I am a Boy Scout” or “I am a Venture Scout” and finally “I am a member of the Oxshott Scout Troop”

The British Medical Association could run a Wave Machine that verified the Claim “I am a Doctor” Wave Machines and other websites could use this verification service to increase the trust of the Web!

I believe it is essential that we shift from the current Access Control List mentality toward a Claim based Model.

Thanks for listening!!