To date, much of the federation work has been done in the b-to-b realm, where strong ROI arguments can be made for federating with partners. But in the b-to-c space user-centric identity systems really shine, since enforcing any kind of technology in a b-to-c environment significantly increases the friction of the transaction. Having an identity system that customers are comfortable using is a big win. What’s more, with users in control of their identity credentials, user-centric identity can save you the hassle of password reset and account management in many cases.
As said before, the big problem facing any federated identity deployment -- b-to-b or b-to-c -- is the time it takes to set up connections with the myriad organizations involved. User-centric solutions provide a quick and easy way to knock these connections out and scale as you go.
“If you have to hit a lab with one of these things, you’ve set an upper bound on how many you can do,” Burton Group’s Neuenschwander says, noting that traditional modes of federation necessitate copious lab testing time before rollout.
Moreover, in numerous scenarios a full-blown federated deployment would be overkill; here, user-centric systems are proving more than worthwhile. For example, you may want to set up partner relationships that have lower-value and, hence, reduced authentication requirements. User-centric technologies can provide a low-cost, low-overhead solution. What's more, they provide sought-after flexibility, allowing the identity system to grow as the business relationship evolves.
In fact, one of the goals of the user-centric technology is to provide an identity metasystem that functions independently of individual applications.
“We need to be able to escalate from low-value to high-value authentication decisions without having to rip out one piece of software and install another,” says Kim Cameron, chief identity architect at Microsoft, and author of the Seven Laws of Identity, a primer for user-centric identity technologies. “Different roles in an application can have authentication regimes of differing strengths and yet retain a consistent user experience.”
Thus, one of the interesting, early uses of user-centric tools is to provide UI elements to existing federations. “These technologies can provide an easier user interface for partner federations that already exist,” Neuenschwander says.
Privacy and security
Perhaps against the grain of suspicion, user-centric technologies hold promise in providing increased privacy and security, simply because of how they are built. CardSpace, for example, enables selective disclosure of user attributes, making it possible to avoid revealing personal details irrelevant to a given transaction. OpenID does not yet offer user-attribute functionality.
Any system that allows users to present a single set of credentials to multiple Web sites, however, runs the risk of user activity on those sites being correlated in some way. With OpenID, for example, the identity provider knows every Web site you show your credentials to. As with other Web technologies, convenience can come at the cost of privacy.