Knowinga

The OpenID movement has energized the quest for the “right” approach for identity management.
The emphasis on building upon an user centric architecture is spot on, there are many advantages, it is the only way to go. >> later more…
There are still many issues to solve but I want to cover the main one:
Who should take on the role of identity provider?
The user, a company, non profit organization, the government?
I developed some thoughts about this:
Privacy protection and security requirements of identity systems are different across jurisdictions and contexts: The US practice differs from legislation in the Netherlands.
A bank has higher security requirements than a publisher of newsletters.
The proposal is:
Governments should develop legislation to enable the establishing of certified identity providers
Certifed IDP’s should publish all:

• internal procedures; “OpenProc”
• code used to run the identity system; OpenSource”

Certified IDP’s should:

• offer completely transparent services to the user >> later more…

• protect the personal data to any other organizational entity including the Government >> later more…

The development to be hoped for could be that parties operating in different contexts will now be able to work together and federate because there is developed a legal framework which should be of course by default compliant with local legislation.
Example of parties that could federate could be
- publishers
- e-commerce organizations
- health organizations
- financial planners
Will be continued…. There still a lot to cover…