http://blog.talkingidentity.com/2008/09/does_usercentric_also_mean_use.html An Architect's Quest to make sense of the world of Identity and Access Management Mon, 23 Aug 2010 12:56:09 -0700 http://wordpress.org/?v=2.8.4 hourly 1 http://blog.talkingidentity.com/2008/09/does_usercentric_also_mean_use.html/comment-page-1#comment-105 TCarroll Wed, 03 Sep 2008 15:20:30 +0000 http://talkingidentity.com/blog/?p=128#comment-105 I suppose the extent of the burden on the user really depends on what PII they need to give to each system in order to accomplish their goals. In an on-line shopping scenario, you need to provide real payment credentials, and a real shipping address (or at least some kind of proxys that will get the job done), so there is limited ability for a user to easily keep that kind of transaction completely non-correlatable. On the other hand, many on-line transactions require only proving a) you're not a bot, and b) you are the same person you were last time. Systems based on Information Card technology, such as Microsoft's <a href="http://netfx3.com/content/WindowsCardspaceHome.aspx" rel="nofollow">CardSpace</a>, Parity Communication's <a href="http://www.azigo.com" rel="nofollow">Azigo</a> and Novell's <a href="http://www.bandit-project.org/index.php/Digital_Me" rel="nofollow">Digital Me</a> all include the capablity to automatically generate strong site-specific login credentials from a single Information Card, as well as the ablity to easily create multiple Information Cards to support different personas. Add in a disposable email service, and it becomes very easy for a user to maintain this kind of lightweight on-line account in a completely non-correlatable way. I suppose the extent of the burden on the user really depends on what PII they need to give to each system in order to accomplish their goals. In an on-line shopping scenario, you need to provide real payment credentials, and a real shipping address (or at least some kind of proxys that will get the job done), so there is limited ability for a user to easily keep that kind of transaction completely non-correlatable. On the other hand, many on-line transactions require only proving a) you’re not a bot, and b) you are the same person you were last time. Systems based on Information Card technology, such as Microsoft’s CardSpace, Parity Communication’s Azigo and Novell’s Digital Me all include the capablity to automatically generate strong site-specific login credentials from a single Information Card, as well as the ablity to easily create multiple Information Cards to support different personas. Add in a disposable email service, and it becomes very easy for a user to maintain this kind of lightweight on-line account in a completely non-correlatable way.

]]>