10.15.2007

Identity Mashups and Gravy . . .

Identity Mashup refers to the problem of properly rendering distributed information controlled by separate entities. Identity only refers to the type of information, and is important as a distinction only insofar as it relates to the access control model (user-centric policy control) and not to the information (user attributes).

For those inclined towards reductionism, the entire Identity Mashup/User-Centric Identity/Privacy/Cardspace/Higgins/SXIP constellation simply concerns access control and its management. That suggests to me at least that we can employ a fundamental understanding of access control theory to the problem. (Why access control and not Identity Management in following blog)

Traditional access control is implemented with a centralized security policy model such that access control policy is centrally administered across the resources protected. User-centric access control turns this model on its head - giving the users or account holders the ability to set access control policy on attributes associated with themselves.

User-Centric access control is related to the privacy problem. Its about a non-system owner (a user) controlling access control policy on data elements specifically delegated to it by the system owner (service). But in the end its all about the enforcement of a policy that says who can get to what when. It not important that the what are attributes about a particular person to the essential technical problem.

There are at least two differences between traditional access control systems and those that are user-centric. The first concerns who controls the governing policy - not the mechanism by which access control is effected. The second is akin to the digital rights management (DRM) problem - how to control access and use of remote information.

Cardspace, Higgins, and OpenID seek to address the first concern, providing the user with mechanisms to specify the information (user attributes) to which the user is willing to grant access. The second is problematic if the system on which the information to be accessed is not directly within the user's control, and its not by definition. The problem is exponentially more complicated if the information is distributed across multiple systems, which likely it is.

The system of which the Mashup is a part, is concerned with accessing potentially distributed sources of user data, and doing so in a manner that user-specified or otherwise distributed policy can be reliably enforced. This is true whether the implementation is an Eclipse Project Higgins Identifier Agent, Micrsoft(R) CardSpace, Higgins' Identifier Attribute Service (IdAS), Facebook, MySpace, or LinkedIn. Its also true whether the content of the mashup is rendered on the browser via Ajax or on LinkedIn as an aggregation of my connections' profiles.

Bob Blakley in his recent Burton blog reiterates his long held position that privacy (user-centric policy management) problems are at their core legal, social, and economic problems. I contend legal, social, or economic solutions are the default when the technical problem is intractable, its solution illusive or incomplete. Even if the enforcement challenge of Identity Mashups can be solved - the DRM aspects of user-centric policy management suggest that technical solutions for Identity 2.0 may suffer a similar fate as those for DRM. Certainly legal recourse is the soup du jour for those whose technologies are insufficient to the access control challenge. Can you spell RIAA?

1 comment:

John Dohm said...

The larger question relates to the last paragraphs: is security (whether it be identification/authorization, access control, or audit) a big enough problem for anyone to solve? Clearly there is money to be made at the edges, and clearly there will be plenty of half-hearted attempts to provide distributed security. But what fun is there in building solutions that aren't really solutions?