Unified Messaging Wiki

Why Identity Commons: - company neutral - wisdom of the crowd - too important not to get this right - systems that control personal data (identity information) is the stickiest of all software.

How do we get to a Common Message?

Best Practices:

Emulate Abraham Lincoln. ref. "Team of Rivals" (Doris Kearns Goodwin) Before making a decision, Lincoln insisted on vigorous debate and discussion. His abiity to tolerate dissent was an enormous asset.

Any individual expert is likely to be wrong. The average of the experts' predictions often outperforms the individuals from whom the average is derived. See: "The Wisdom of Crowds" (James Surowiecki)."If you have impressive academic credentials and/or an impressive amount of experience, you should be alert to the possibility that you could still be profoundly wrong." Foxes approach problems from multiple viewpoints. Hedgehogs are more ideological, draw conclusions from a single overarching theory, and make more mistakes. "The fox knows many things, but the hedgehog knows one big thing" Isaiah Berlin. Overspecialization leads to a community of hedgehogs.

General Principles - vast diverse ecosystem: needs are highly varied, no business or government agency can be trusted with a centralized system -- too much concentration of power, non-competitive environment, stratified system, unable to cope with various new electronic communications mechanisms, fundamental importance of personal data to control citizens, customers, users. - Social interactions, politics, economics, and business depend on trust. data protection is necessary for accountability; and accountability is necessary for trust. Unless law and technology are crafted to respect certain “Properties of Identity”, there is no data protection; and if there is no data protection, there is no accountability; and if there is no accountability, there is no trust. Balancing two different notions: - Identity is personal and cannot be centralized - Centralized systems cannot keep up with change - Walled gardens and data silos are necessary for proprietary companies

- digital media is profoundly different from physical media -- it is infinitely malleable, divisible - identity data must be taken within a greater context.

Identity ecosystem (metasystem) is not a system, but a way of ensuring authorization, accountability, and trust in the digital ecosystem. - the identity ecosystem needs to handle a broad range of security requirements (from light to heavy) - each person (user) has to be involved in decisions within the ecosystem, although they are not always the only decision maker (example of unconsicous in a foreign hospital) risk assessment for hospital to protect itself -- all claims are made by a user. User is defined as anyone to whom personal data (attributes, claims made) are either attributed to (i.e. birthdate, name, location) or privileges granted (HR manager, access to databases, business transactor, authorized member) - ecosystem includes all business databases (controlled by a business, assigned to a transactor) - legal contracts -- liability transfer, deals made between parties, setting up relationship between business entities, between businesses and customers, between government service organizations and citizens. - ease of use -- both for consistent ceremonies (to both set expectations and minimize phishing/pharming) is part of the ecosystem - security (data protection)  is part of the ecosystem: - - setting appropriate security and authorization levels for transaction types - - encompassing both high and low (security) levels appropriate for the transaction (blogging to money transfer) - - enough to make verifying claims made to dynamically assess risk

Definitions: Identity Provider Relying Party Transactor

Digital communication and media trends - - cheaper (move from human-intensive operations to heuristic software, business process routines migrate to automated services -- need to get the automation right -- scheduling, exception handling has to be part of this. - - ubiquitous - - improving heuristics, automated condition and exception handling - - moving toward mutually beneficial relationships between transactors -- B2B (heavy, expensive relationships) moving toward B2C (B2B services priced low enough to provide with all customers)

Market Positioning statements - education for customers making buying, deployment, workflow design along with state of the art as the ecosystem matures - For 2009, positioning statements on each type of element in the identity metasystem. -- What they are (link) -- Their current status -- State of the art for: - security - biometrics - interoperable exchange mechanisms - applicable standards and those in process -

Target Audience: -- Decision makers. (Advice for making good decisions) What they need to know: -- What are they trying to solve -- Their current state of the business -- What the technical, social, legal, trends are, and the factors that govern the rate of change in each

So they can assess: -- What does their business look like in the future -- What should they do now, what should be done later (and why wait/act now) -- What products can address their requirements now and the associated architectural decisions for: --- IT infrastructure --- Business Processes --- Integration with legacy systems --- What to adopt and when to adopt it --- Specific requirements for any system

- risk assessment ratio at all points in a transaction -- who: is asking for access, am I dealing with? -- how accountable am I to ensure I know? - - difficulty to crack - - track record - - probability factors - - - good data - - - timeliness

Business - type - scale

per communication media type - skype - cell - internet -- amount right / errors

Products - what is interoperable and how they fit together

Philosophy - Magna Carta - U.S. Constitution - Seven Laws of Identity - OECD international Principles of Identity

Technology

Best uses:

User-centric

Federated

Enterprise Role Management

Where data should live (and where it shouldn't)

Objective statements on the following: relative to strengths/weakenesses ability to interoperate degree of security spectrum coverage ease of use maturity development environment (tools, etc.) certification legal maturity platform coverage - operating systems - browsers - mobile devices - PCs - Enterprise systems

Problems addressable

Problems addressed

Check off sheet for specific features, relative issues, state of the art

Areas of research and development

= Open ID = - primary uses - position on security scale - major movers - issues - number of users - number of sites -

= SAML = - primary uses - position on security scale - major movers - issues - number of users - number of sites -

= OpenSSO =

= information card = infocard I-card Selector Cardspace Bandit Higgins

= Data Portability =

What works with what

Interoperability levels

Claims
- the first 14 - the universe of 2500 - level of common agreement - work on definitions and schemas

Security
- types - Glossary, Tautology, Ontology

Low risk, high probability of being correct credit score