Identity in the Browser (IDIB) - More Complexity than Meets the Eye

A few days ago, I mentioned that Identity in the Browser (IDIB) was emerging as an interesting Identity Management topic.  After following a somewhat spirited internal email thread on the subject, I compiled a list of twenty issues that should be addressed as this topic is explored:
  1. Can a general approach be defined that would work in all the commercial browsers?
  2. Impact on mobile web, not just desktop/laptop web
  3. Ease of use for broad range of Internet users
  4. Security of authentication process
  5. Phishing resistance
  6. Security of browsers as a focal point for Identiy
  7. How does this support cloud computing
  8. Use of or interaction with standards or emerging standards 9e.g. SAML, OpenID, OAuth)
  9. Hosted vs. client-based Identity selectors
  10. Support for multiple identities or personae
  11. Support for multiple identity providers
  12. Matching what service providers (SP) want with what Identity providers (IP) and attribute providers (AP) can deliver
  13. Accommodating self-registered and organization-registered identities and attributes
  14. Complexity issues with federation (e.g. multiple sessions, timesouts and logouts)
  15. Policy enforcement across multiple organizations and entities
  16. Audit/compliance/governance
  17. Applicability of certificate based authentication
  18. Impact on InfoCard/CardSpace approach
  19. Impact on Higgins approach
  20. Licensing fees for use of specific technologies
I'm sure this list isn't exhaustive, nor is it even prioritized.  It does illustrate, however, that any new approach must cover much ground if it is to be effective.

It will be interesting to monitor progress as these topics are discussed in more detail.


Technorati Tags: , , , ,

Comments:

Post a Comment:
Comments are closed for this entry.
About

Discovering Identity was founded on blogs.sun.com in May 2005 as a means of documenting my exploration of the field of Identity and Access Management. In February, 2010, I switched to hosting the blog at DiscoveringIdentity.com. In March 2012, I began posting Oracle-related information in both places.

Thanks for stopping by.

Please connect with me in cyberspace at LinkedIn or Twitter.


The views expressed on this blog are my own and do not necessarily reflect the views of my employer, Oracle Corporation, or any other person or organization.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today