Saturday, January 22, 2005, 9:06 PM

Federation Won't Mean World Peace

It was just a few years ago that we could begin to carry a GSM phone, move around the world, and make phone calls world-wide. Before the phone companies got their act together and put roaming agreements in place, it was a matter of chance whether you would be able to roam. And there are only five to ten phone companies per country.

So why do I get a sense that the identity management community feels that identity federation (in the form of Liberty Alliance, etc.) will give us global sign-on capabilities?

If Joe Smith logs onto Acme, Inc. (for example) and Acme federates Joe's identity to, say, Emporium Corp; and it turns out that it wasn't really Joe -- it was a cyber-criminal who managed to commit a fraud at Emporium. Who's liable? Well, it depends on the contract between Acme and Emporium. The need for legal contracts at each federation point is the growth-limiting issue for identity federation.

Identity federation technology will enable companies to address identity management issues within the boundaries of the enterprise. It can also help companies that want to work together to do so faster. But it won't cause the world (of server operators) to join hands and present one united experience to the end-user.

Update (May 8, 2005):
Dave Kearns wrote about how the Liberty Alliance is no longer about building circles of trusts for consumers. The article is Time to say good-bye to the Liberty Alliance goal (

0 Comment(s):

Post a Comment

<< Home