OASIS Symposium – Identity Management Track

My presentation on “Putting citizens at the centre of identity management” is available on my company website.
Fulup Ar Foll, working for SUN and representing the Liberty Alliance here, followed up with an interesting paper on the specific public sector concerns regarding identity management (OASIS symposium site; direct link promised later), and the need to provide citizen-centric solutions. There seems to be a crude US/EU divide here: in the US, people are generally suspicious of federal government but willing to give up and/or “trade” their personal data very freely with the private sector; in the European Union it tends to be the other way around, with people generally suspicious of the private sector and more willing to trust the public sector. This has major implications for the issue of any “standardisation” initiative regarding personal data.
Fulup rightly also highlighted the predominance of very small businesses in the EU, which is a major driver for building on common standards: they simply don’t have the economies of scale to build their own stack, even if they wanted to do.
A big problem in the public sector is that despite a general commitment to use “open standards”, there is little understanding of what those standards might do for them or how they sit with their own eGovernment strategies. This is the attraction of standards like SAML: alongside the actual technical specifications, there is a growing understanding of what the spec offers and how it can be used (together with its limitations, to be fair).
Fulup presented a “use case” regarding electronic voting – a clearly understood issue, both on a policy and a technical level – and another demonstrating the importance of “delegation management” – a user acting on behalf of a company or other authority and not (only) in their own name.
Both user cases demonstrate powerfully the importance of policy and requirements leading the issues about identity provisioning, including being user-centric and Internet-centric.
I was struck by the commanility between the two presentations, despite no prior discussion: there is clearly an issue here than needs to be pushed further. The initiative for a new OASIS technical committee to look at these issues will be discussed hopefully during the week, as a follow up to some initial consultations. Watch this space…

This entry was posted in Data Protection, eIdentity, OASIS. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s