Trying to wrap my head around the concepts introduced by Kim Cameron, Kai Rannenberg and Reinhard Posch in Proposal for a Common Identity Framework

Kim Cameron is blogging about definitions for a common identity framework, explaining the concepts behind the paper.

Their definition for user centric is interesting

User-centric: Structured so as to allow users to conceptualize, enumerate and control their relationships with other parties, including the flow of information.

The work in Feide on consent, consent management and revamping user interfaces falls nicely into this definition. When the goal is to give users control over their relationship and give them tools to conceptualize the existing relations, we ended up with the federation Innsyn. I do not fully understand what is implied by “enumerate relationships”, but assume that this is similar to the consent management. It is interesting to note that user centric solutions can be achieved both on the client and server side of the traditional server-client model for services, but in order to do server side user centric solutions, the user must be given tools on the server side.

Another interesting concept in the paper is that not all assertions are true (but all Cretans are liars?)

It is key to the document that claims are assertions by one subject about another subject that are “in doubt”. This is a fundamental notion since it leads to an understanding that one of the basic services of a multi-party model must be ”Claims Approval”. The simple assumption by systems that assertions are true – in other words the failure to factor out “approval” as a separate service – has lead to conflation and insularity in earlier systems.

Being able to sort out assertions into claims and credentials may help us think clearer about the security needs. In psycology we learn that children will know the difference between true and false at the age of three-four, but in this case the security community has taken a few more years to sort out the issue. I wonder what that says about the maturity of our understanding?