W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

us national id plan - cooping user-centric. impact on webid

From: peter williams <home_pw@msn.com>
Date: Fri, 15 Apr 2011 12:25:50 -0700
Message-ID: <SNT143-ds2156728A8BC9395360FCB092AC0@phx.gbl>
To: <public-xg-webid@w3.org>


"The realization of this vision is the user-centric "Identity Ecosystem"
described in this Strategy"


If you note, the US commerce secretary only conceives of individuals as
consumers (relating to businesses). He sees little point in calling
individuals "individuals", talking unto other individuals in groupware. As a
"commerce" secretary, this seems not unreasonable. He doesn't focus on that
upon which we focus in webid - anything but commerce. He focuses on the
relations between users as consumers/subscribers/businesses.


Now, a few years ago, our design space was characterized by the moniker
"UCI"  - or user-centric identity. What it meant was: self-assertions. And
it was supposed to be protocol independent (being a mode of orchestrated
interactions). You could go to identity commons groups, and folks would
bleat on about its properties with about as much religion as semantic web
folks exhibit. It had its prophets and sponsors, and VC-funded startups. One
had in the openid protocol incarnation, for example, self-assertions from
one's wordpress blog site (actually several million in number), or the
self-assertion of mapped name in the identity delegation of openid that
shielded an relying party site from the "property " of an IDP (such as an
IDP's copyrighted name for its subscriber, to be bound to the local account


If one looks at the "national security" priority expressed (why is a
"national security" priority, meaning military power is now authorized?),
one sees a co-opting of that phrase "user centric". It now doesn't mean any
of the above. It means you choose your vendor (vs a govt. appointed vendor)
- which _sounds_ good, no? That user-selected vendor (and google is the
archetype here) will probably refuse however to process the self-asserted
names and identity mappings, should you do what UCI originally meant.
Similarly, though Microsoft Azure ACS demo will process the openid
assertions from Google (acting as openid OP and conforming to the public
protocol), it will not process my self-asserted wordpress assertions, even
though thoe sites are conforming OPs. I cannot even configure my ACS tenant
to allow my wordpress OP , in additional to Google OP, even if I WANT to in
JUST my tenant. Self-asserted IDPs using openid are JUST NOT ALLOWED, in the
wonderful world of mainstream infrasrucuture, replete with "user centric
choices" that are "ahem" somewhat limited: to Google and Yahoo. Of course, I
can configure ACS to accept a self-asserted ws-fedp IDP!


(Anyone want to build a public openid/wordpress -> Ws-fedp bridge, an ACS
for ACS??)


As webid continues, in its self-assertion orientation, its going to come
under "pressure" to no longer be based on self-assertion principles I bet.
I'll give it 12 months, before folks in formal positions here are doing what
I encountered in openid-land 2 years ago: oh "user centric" now got
re-defined, Peter. We decided to do so, in an, ahem, secret set of meeting
with US govt. Oh you were not invited? Sorry. Woops. We decided
collectively, self-assertion between individuals was not in the "national




Received on Friday, 15 April 2011 19:26:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:44 UTC